What About pfsense with AX asus router

Asusrouterlover

Regular Contributor
I would like to deploy pfsense with my Asus router for extra protection from trojan and IDS / IPS do I need to do this or Asus Router don't need this setup ?
 

bbunge

Part of the Furniture
I rea
I would like to deploy pfsense with my Asus router for extra protection from trojan and IDS / IPS do I need to do this or Asus Router don't need this setup ?
I really do not feel that pfsense would give you any more security. An Asus router is pretty good the way it is. Install the Merlin firmware and there are a lot more things you can do. You need to ask yourself if it is worth the effort. You also need to stay away from dangerous browsing and networking habits.
 

Asusrouterlover

Regular Contributor
I rea

I really do not feel that pfsense would give you any more security. An Asus router is pretty good the way it is. Install the Merlin firmware and there are a lot more things you can do. You need to ask yourself if it is worth the effort. You also need to stay away from dangerous browsing and networking habits.
thanks for tip
 

coxhaus

Part of the Furniture
If pfsenes' IDS / IPS works both inbound and outbound like Untangle's UTM does then maybe more security as I think ASUS would not. It takes more CPU cycles for outbound scanning.

Let me know if I am wrong.
 

Asusrouterlover

Regular Contributor
If pfsenes' IDS / IPS works both inbound and outbound like Untangle's UTM does then maybe more security as I think ASUS would not. It takes more CPU cycles for outbound scanning.

Let me know if I am wrong.
I am not sure but this process will make it more packet delay ?
 

Tech9

Part of the Furniture
IDS/IPS is not very effective with today's encrypted traffic, unless you run network wide proxy on your firewall and with some associated with it complications. It can be done on pfSense or Untangle firewall, but not on Asus routers. For true Gigabit IDS/IPS x86 multi-core CPU is needed with multi-threaded package like Suricata. Home routers don't have required CPU processing power for this. In addition to Snort/Suricata some DNS/IP filtering (pfBlocker in pfSense) is an option. pfSense needs networking knowledge. Untangle is easier, but not free - $150/y home license. Powerful multi-option router OS or packages may break the network easily. Home routers are much cheaper and more user-friendly option.
 

Starrbuck

Senior Member
I would have no problem using pfSense with an ASUS router, but I'd route with pfSense and just use the ASUS as an access point. No sense in both acting as routers.
 

itpp20

Senior Member
It isn't if you keep thing separate, here netgate(pfsense), managed switch+LA/vlans with asus among others.
A merc may by a nice car but when your driving in the desert a jeep would actually get you somewhere.
Use stuff what its made for, the all in one solutions are mostly not capable doing all in one.
 

coxhaus

Part of the Furniture
IDS/IPS is not very effective with today's encrypted traffic, unless you run network wide proxy on your firewall and with some associated with it complications. It can be done on pfSense or Untangle firewall, but not on Asus routers. For true Gigabit IDS/IPS x86 multi-core CPU is needed with multi-threaded package like Suricata. Home routers don't have required CPU processing power for this. In addition to Snort/Suricata some DNS/IP filtering (pfBlocker in pfSense) is an option. pfSense needs networking knowledge. Untangle is easier, but not free - $150/y home license. Powerful multi-option router OS or packages may break the network easily. Home routers are much cheaper and more user-friendly option.
I got buy with the $50 license as I did not need the advance features for my home use.
 

Starrbuck

Senior Member
Ridiculous waste of money!
 

Tech9

Part of the Furniture
It is cheaper than an ASUS router.

No, it's not. 5y x $50 in fees only = RT-AX86U

You have to calculate the cost of hardware too. Untangle needs x86 appliance. They don't come for free.

Ridiculous waste of money!

Not really, if you want "easy". Firewalla Gold is other option with no license fees and hardware included.
 

coxhaus

Part of the Furniture
No, it's not. 5y x $50 in fees only = RT-AX86U

You have to calculate the cost of hardware too. Untangle needs x86 appliance. They don't come for free.



Not really, if you want "easy". Firewalla Gold is other option with no license fees and hardware included.
The majority of people do not run 1 ASUS router for 5 years. They upgrade more often which is what ASUS wants.

I ran my Untangle on a left-over Xeon server motherboard in my rack. Most of the time I ran it as a UTM device in transparent bridge mode behind my Cisco small business router so I had 2 levels of security to go through to get to my LAN.
You can't use your router for routing as all your traffic will be scanned and slowed down for local LAN traffic. You only want outbound traffic scanned, not local traffic. I used a Cisco layer 3 switch for local LAN traffic. Inbound traffic works normal.
 
Last edited:

Tech9

Part of the Furniture
I ran my Untangle on a left-over Xeon server motherboard in my rack.

How many people have left-over Xeon server in their racks? Most need to purchase hardware to run Untangle. It doesn't come for free.

You can't use your router for routing as all your traffic will be scanned and slowed down for local LAN traffic.

Not clear what are you talking about. My home router is a Netgate firewall, for example. It scans/filters only the traffic I want to be scanned/filtered.
 

coxhaus

Part of the Furniture
How many people have left-over Xeon server in their racks? Most need to purchase hardware to run Untangle. It doesn't come for free.



Not clear what are you talking about. My home router is a Netgate firewall, for example. It scans/filters only the traffic I want to be scanned/filtered.
ASUS and Netgate don't scan outbound traffic. I am not sure pfsense does, but I don't know for sure. When I ran it, it did not scan outbound traffic. Untangle is a higher-level firewall. This would probability be true for all enterprise level firewalls.
 
Last edited:

Tech9

Part of the Furniture
ASUS and Netgate don't scan outbound traffic.

For your information:
TrendMicro AiProtection in Asus routers has Two-Way IPS option. Netgate runs pfSense and you can do whatever you want with it.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top