What's new

What About pfsense with AX asus router

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Asusrouterlover

Regular Contributor
I would like to deploy pfsense with my Asus router for extra protection from trojan and IDS / IPS do I need to do this or Asus Router don't need this setup ?
 
I rea
I would like to deploy pfsense with my Asus router for extra protection from trojan and IDS / IPS do I need to do this or Asus Router don't need this setup ?
I really do not feel that pfsense would give you any more security. An Asus router is pretty good the way it is. Install the Merlin firmware and there are a lot more things you can do. You need to ask yourself if it is worth the effort. You also need to stay away from dangerous browsing and networking habits.
 
I rea

I really do not feel that pfsense would give you any more security. An Asus router is pretty good the way it is. Install the Merlin firmware and there are a lot more things you can do. You need to ask yourself if it is worth the effort. You also need to stay away from dangerous browsing and networking habits.
thanks for tip
 
If pfsenes' IDS / IPS works both inbound and outbound like Untangle's UTM does then maybe more security as I think ASUS would not. It takes more CPU cycles for outbound scanning.

Let me know if I am wrong.
 
If pfsenes' IDS / IPS works both inbound and outbound like Untangle's UTM does then maybe more security as I think ASUS would not. It takes more CPU cycles for outbound scanning.

Let me know if I am wrong.
I am not sure but this process will make it more packet delay ?
 
IDS/IPS is not very effective with today's encrypted traffic, unless you run network wide proxy on your firewall and with some associated with it complications. It can be done on pfSense or Untangle firewall, but not on Asus routers. For true Gigabit IDS/IPS x86 multi-core CPU is needed with multi-threaded package like Suricata. Home routers don't have required CPU processing power for this. In addition to Snort/Suricata some DNS/IP filtering (pfBlocker in pfSense) is an option. pfSense needs networking knowledge. Untangle is easier, but not free - $150/y home license. Powerful multi-option router OS or packages may break the network easily. Home routers are much cheaper and more user-friendly option.
 
I would have no problem using pfSense with an ASUS router, but I'd route with pfSense and just use the ASUS as an access point. No sense in both acting as routers.
 
It isn't if you keep thing separate, here netgate(pfsense), managed switch+LA/vlans with asus among others.
A merc may by a nice car but when your driving in the desert a jeep would actually get you somewhere.
Use stuff what its made for, the all in one solutions are mostly not capable doing all in one.
 
IDS/IPS is not very effective with today's encrypted traffic, unless you run network wide proxy on your firewall and with some associated with it complications. It can be done on pfSense or Untangle firewall, but not on Asus routers. For true Gigabit IDS/IPS x86 multi-core CPU is needed with multi-threaded package like Suricata. Home routers don't have required CPU processing power for this. In addition to Snort/Suricata some DNS/IP filtering (pfBlocker in pfSense) is an option. pfSense needs networking knowledge. Untangle is easier, but not free - $150/y home license. Powerful multi-option router OS or packages may break the network easily. Home routers are much cheaper and more user-friendly option.
I got buy with the $50 license as I did not need the advance features for my home use.
 
No, it's not. 5y x $50 in fees only = RT-AX86U

You have to calculate the cost of hardware too. Untangle needs x86 appliance. They don't come for free.



Not really, if you want "easy". Firewalla Gold is other option with no license fees and hardware included.
The majority of people do not run 1 ASUS router for 5 years. They upgrade more often which is what ASUS wants.

I ran my Untangle on a left-over Xeon server motherboard in my rack. Most of the time I ran it as a UTM device in transparent bridge mode behind my Cisco small business router so I had 2 levels of security to go through to get to my LAN.
You can't use your router for routing as all your traffic will be scanned and slowed down for local LAN traffic. You only want outbound traffic scanned, not local traffic. I used a Cisco layer 3 switch for local LAN traffic. Inbound traffic works normal.
 
Last edited:
I ran my Untangle on a left-over Xeon server motherboard in my rack.

How many people have left-over Xeon server in their racks? Most need to purchase hardware to run Untangle. It doesn't come for free.

You can't use your router for routing as all your traffic will be scanned and slowed down for local LAN traffic.

Not clear what are you talking about. My home router is a Netgate firewall, for example. It scans/filters only the traffic I want to be scanned/filtered.
 
How many people have left-over Xeon server in their racks? Most need to purchase hardware to run Untangle. It doesn't come for free.



Not clear what are you talking about. My home router is a Netgate firewall, for example. It scans/filters only the traffic I want to be scanned/filtered.
ASUS and Netgate don't scan outbound traffic. I am not sure pfsense does, but I don't know for sure. When I ran it, it did not scan outbound traffic. Untangle is a higher-level firewall. This would probability be true for all enterprise level firewalls.
 
Last edited:

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top