Netgate SG-1000 microFirewall

Author Topic: Justifying pfsense for home network  (Read 825 times)

0 Members and 1 Guest are viewing this topic.

Offline djc

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Justifying pfsense for home network
« on: January 01, 2018, 03:14:08 pm »
Hi,

Looking for advice. Currently have a simple set up - standard Airport routers and pi-hole for ad blocking. I've seen quite the number of comments around the net of people standing up pfsense for their home network. I'm trying to understand the benefits of using pfsense at home. Is the firewall better than that on the Airport? I can run the pi-hole or another module in pfsense that does something similar, but am struggling to justify setting up pfsense. I'd likely go with something like the SG-3000 for simplicity and power saving (supports 1gig WAN), but unsure why I'd really want to implement pfsense besides maybe a bit of "shiny new box" syndrome.

Will I see an increase in network security? Would running DNS (unbound) be better than using standard ISP/google DNS? Any increase in security/privacy?

I don't want to say, "Sell me on pfsense" - just looking for use cases where pfsense works well for you in your home and why you went with it. I.e. increased DNS lookup and better DHCP management / client management than standard routers, etc.

Thank you for sharing in advance. :)

Offline Jailer

  • Sr. Member
  • ****
  • Posts: 422
  • Karma: +55/-2
    • View Profile
    • Bored Guy Blog
Re: Justifying pfsense for home network
« Reply #1 on: January 01, 2018, 04:12:21 pm »
When is the last time your router had any kind of update?

Offline kejianshi

  • Hero Member
  • *****
  • Posts: 4971
  • Karma: +199/-43
  • Debugging...
    • View Profile
Re: Justifying pfsense for home network
« Reply #2 on: January 01, 2018, 04:31:25 pm »
If you are the kind of person who asks questions like that then you should switch to pfsense. 

Offline hbauer

  • Jr. Member
  • **
  • Posts: 59
  • Karma: +4/-0
    • View Profile
Re: Justifying pfsense for home network
« Reply #3 on: January 02, 2018, 01:13:07 am »
Stuff that most Home Routers cant do

- Network Segmentation for IOT / VOIP Devices
- Bandwith management for your kids  / guests
- VPN Access

to name my most important features

Offline Harvy66

  • Hero Member
  • *****
  • Posts: 2360
  • Karma: +220/-12
    • View Profile
Re: Justifying pfsense for home network
« Reply #4 on: January 02, 2018, 11:56:58 am »
Decent AQM/QoS management. Not perfect, but enough.

Offline kejianshi

  • Hero Member
  • *****
  • Posts: 4971
  • Karma: +199/-43
  • Debugging...
    • View Profile
Re: Justifying pfsense for home network
« Reply #5 on: January 02, 2018, 12:06:29 pm »
Updated more than once every 10 years...

Offline curtisgrice

  • Jr. Member
  • **
  • Posts: 84
  • Karma: +5/-1
    • View Profile
Re: Justifying pfsense for home network
« Reply #6 on: January 02, 2018, 12:22:19 pm »
SNORT IDS/IPS, proper VLANS and routing, much more flexible NAT (PAT) for segmented internal networks, Built in packet logging, Lots more.

It can be as much as you would ever want for a home router or as simple as plug and play.
Slow code? Sounds like a good reason to buy more hardware!

Offline mrkool

  • Newbie
  • *
  • Posts: 17
  • Karma: +1/-0
    • View Profile
Re: Justifying pfsense for home network
« Reply #7 on: January 02, 2018, 12:33:37 pm »
if I was you I would setup a computer or a vm host based pfsense before investing on a 3000. I was on the same boat 3 weeks ago but I had a Box that I converted to pfsense so the only money I paid was for a Dual port Intel NIC which was 35 bux. I did it because

I am still figuring things out but I went to pfsense
1. I wanted to add snort (but every time I enable this sucker it breaks lots of other stuff) so still have not figured this out yet but with Kids following youtube links to God Knows what I would feel safer if I had more protection than just a firewall and AV
2. I like to tinker around and packages that are available on pfsense will keep me busy for a while :) save me money in the long run
3. I want to better control my home network with lots of IOT in my house
4. I had a dedicated openvpn VM running that I have shutdown and am using pfsense now
5. If you don't like OpenDNS filtering (which I am using) you can setup filtering using the proxy packages and publically available blacklists but I am ok with using openDNS for now
6. I am on Verizon FIOS and didn't like the visibility they had on my network so I needed to replace their router any way and none of SOHO solutions are up to par on features of pfsense (not even close)
7. I use Aruba Campus APs for wireless so didn't need a router with wireless built in.

this is all I can think of for now :)

Offline djc

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: Justifying pfsense for home network
« Reply #8 on: January 03, 2018, 12:11:38 am »
When is the last time your router had any kind of update?

Last month.

Offline djc

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: Justifying pfsense for home network
« Reply #9 on: January 03, 2018, 12:14:48 am »
SNORT IDS/IPS, proper VLANS and routing, much more flexible NAT (PAT) for segmented internal networks, Built in packet logging, Lots more.

It can be as much as you would ever want for a home router or as simple as plug and play.

Ah, VLANS. I have a few Netgear switches that I have been too lazy to set up with VLANS, but it would be wise to put IOT and my solar inverter on an Internet access only VLAN. Good call. Thanks.

Offline djc

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: Justifying pfsense for home network
« Reply #10 on: January 03, 2018, 12:21:24 am »
if I was you I would setup a computer or a vm host based pfsense before investing on a 3000. I was on the same boat 3 weeks ago but I had a Box that I converted to pfsense so the only money I paid was for a Dual port Intel NIC which was 35 bux. I did it because

I am still figuring things out but I went to pfsense
1. I wanted to add snort (but every time I enable this sucker it breaks lots of other stuff) so still have not figured this out yet but with Kids following youtube links to God Knows what I would feel safer if I had more protection than just a firewall and AV
2. I like to tinker around and packages that are available on pfsense will keep me busy for a while :) save me money in the long run
3. I want to better control my home network with lots of IOT in my house
4. I had a dedicated openvpn VM running that I have shutdown and am using pfsense now
5. If you don't like OpenDNS filtering (which I am using) you can setup filtering using the proxy packages and publically available blacklists but I am ok with using openDNS for now
6. I am on Verizon FIOS and didn't like the visibility they had on my network so I needed to replace their router any way and none of SOHO solutions are up to par on features of pfsense (not even close)
7. I use Aruba Campus APs for wireless so didn't need a router with wireless built in.

this is all I can think of for now :)

Good idea. Thanks for the suggestions - and thanks to everyone for their replies and help!


Offline Gertjan

  • Hero Member
  • *****
  • Posts: 2587
  • Karma: +208/-9
    • View Profile
Re: Justifying pfsense for home network
« Reply #11 on: January 03, 2018, 09:02:48 am »
One more :
    Flawless IPv6 support .....