Whats Your Choice for a Router/Firewall OS?

IceDigger

Quasi-regular
Joined
May 11, 2019
Messages
284
Points
43
What OS do you use for your work/home firewall?

Work - ClearOS custom box
Home - Ubiquiti EdgerouterX box (hopefully soon to be a ClearOS custom box
 
Home - pfSense on a dual Atom box that needs an upgrade (this upgrade I've had in the bunker and I just haven't put it together and fired it up).
 
I suggest getting a free/dirt cheap old c2d system and throw clear os on it to try it out. So much easier to use than pfsense and professional support if needed.

Yes they have a free version too :D

 
Last edited:
I suggest getting a free/dirt cheap old c2d system and throw clear os on it to try it out. So much easier to use than pfsense and professional support if needed.

Yes they have a free version too :D


The scope of what it offers seems to be a bit larger than pfSense. A lot of those services I handle with FreeNAS jails or ESXI VMs...
 
I have an Edgerouter POE and a USG. Its a tossup between the two but I have the USG running currently. Mostly because the GUI is really nice and it fits perfectly into my Unifi ecosystem. Its not the most powerful thing, but it handles my symmetrical gigabit internet at full speed.
 
pfsense may have a slightly steep initial learning curve (took me a few days of frustration and reinstalls to finally figure out that setting its IP address to the same one as the existing router it was about to replace was a really stupid move), but the tutorials make it a piece of cake to get a good setup ready for your needs.

ClearOS sounds a little extreme for the home user, I like having a separate box just for the routing/firewall duty vs. the home server.
 
PFSense is what I use at home. They use Meraki as their primary here at work.
 
At the office we use Sonicwall NSA 2650's, and at Home I have a simple Asus RT-AC68P.
 
Was using untangle, but now using some asus routers with merlin firmware and a pi-hole.
 
Been using pfSense, no reason to change. Since they released their book for free, makes it even "easier" to set up.
 
Not very secure there
I feel that I have taken the necessary precautions to include giving the VM direct access to the external NIC which then removes the ESXi virtualization layer to the greatest extent possible. Is it perfect of course not but I don't think it is "insecure" either.
 
The answer is a side channel attack. But to execute that you have to “break into” pfsense, then hope the person running it isn’t running the latest patched version of esxi.

The chances of doing the former are very low, but if you get into pfsense then you have access to the network anyway.

Realistically speaking there is very little reason not to run in a VM.
 
Become a Patron!
Back
Top