@Dashrender said in My Network Journey:

@gjacobse said in My Network Journey:

@black3dynamite said in My Network Journey:

University schools that has a surplus have some useful equipment for lab use.

I’m doing that with a friend and his kid- it’s older UBNT and other gear- but it give a 10yo something to start with.

What have they retired? That would be the only thing that matters on using older machine - the possibility that some newer commands aren't there.

I will be upgrading my UniFi hardware. So I have two APs that I am replacing. the Controller is a VM still.

I also had a project build of a Stand alone Point to Point wireless network for our Club. It's two UBNT M5 units and two EnGenius EAP9550 units One running DHCP, and the other a slave. The idea was that when we did a contest (Field Day) we could be across a 400yard area, and it would be nice to have internet / network for file sharing and such. I built it, it worked - and no one was interested in it. So - I'll be giving it all to him for his kid to learn on - tear up - etc....

@Pete-S said in PFsense hardware ?:

Yes, it makes sense. Ubiquity and pfsense are not really the same thing though. Ubiquity is a router like any consumer Asus or whatever but with a much better OS. Pfsense is a freebsd computer with a web gui. They are good for slightly different things.

You could say the same thing about Cisco or whatever. All router hardware below five figures is kind of the same. Ubiquiti is definitely built better than any consumer gear I've seen, but the basics are the same. I've seen pfSense on the same kind of hardware.

EdgeOS is Vyatta based, though. Purpose built to be a router. pfSense is putting a router on top of something desired for general use. I've never seen a pfSense setup that I'd consider ready for production use. Most I've seen are worse than consumer gear because it's either unsupported consumer gear rebranded, or just old PCs without maintenance.

@aaronstuder said in Port - PFSense WAN goes offline every Hour:

@black3dynamite I am on the latest. It's running on KVM so maybe that's the issue.

For device model, are you using virtio, e1000, or rtl8139?

Just wanted to add @bj to this thread that I think a $100-ish Cloud Router from Mikrotik would blow most hardware away, including Ubiquiti, on pure performance. With the $50 and under models you are still getting 1 million PPS. The new cloud router series really has a crazy amount of power.

This still coming from a pure PPS (packets per second) point of view.

I think the cheapest cloud router has 12 to 16 cores That would only count for the core routers I am more familiar with (12 to 24 now) in the $500 range.

Very poor marketing in the states but very popular with western country WISPS.

Factory Reset, Setup, Disable Hardware Checksum Offloading, Works Prefect.

@Reid-Cooper said in Open source Firewall:

pfSense was really good in the past. But I agree, the days of building your own firewall on an old PC that you have are over.

Right - the cost just isn't worth running your old PC. Power alone will cost more than the cost of an ER-X or ER-L.

@Danp said in Alternatives to Untangle:

What to do with the Dell SC440 server that is currently being used? Scrap it?

Definitely scrap it.

I've built one once... It was a Firewall / Router using straight up Linux, Shorewall, and ClamAV for a 10 meg connection. Our main firewall just went kaput, and the company was not responding to phone calls for support (it's a long story).

Set up Linux on a system with 8 NICs and went to town.

Edit:

It's not hard to build one if you understand the concepts of routing and such... Not for the faint of heart if you have to make one work well enough to be used in production.

@Dashrender said in Pfsense to Meraki Site-Site Ipsec VPN:

At what size network do you normally turn on BGP?

Pretty much any time you have multiple routers & subnets. BGP is to routing what DHCP is to Up addressing (kinda). With static routes every device has to be setup manually with every network which is insane. With BGP and Autonomous system numbers it's automated and less likely to have mistakes.

@marcinozga Thanks, but already tried net.inet.ip.fastforwarding in all combinations with TCP and UDP.

@Dashrender you can find OVA on vyos.net

@scottalanmiller Ha! I meant to say working at the level asking for more responsibilities, in addition to what your current role requires.

@thecreativeone91 said:

Pfsense doesn't do well performance wise virtalized. At least it didn't used to. I think they have a pay for version optimized for VM platforms.

It's just FreeBSD plus drivers, right? It should do as well as FreeBSD does on whatever platform is in question. That FreeBSD doesn't have PV support for Xen is a major drawback to FreeBSD as a platform in general. But it should only be a question of drivers, in general.

Good news since the performance of it in a VM was so-so before. Kinda surprised they are charging for it. I don't see a EULA or anything for it is the Pricing per install or just a one time fee to download then you can use as much as you want?

@Rob-Dunn said:

@thanksaj

Yeah, all my experience has been with Windows DHCP, and you're right, configuring the DNS suffix and other options are easy as pie. On the pfSense/Linux side it's a bit...different...!

I don't have much experience with pfsense. I've played with it a little but never actually set it up and used it. YMMV

@scottalanmiller @coliver I did not have time to set it up yesterday, but I will try and do it today on CentOS 7.

Tonight is my online D&D game so nothing will get done after work hours today!

@IT-ADMIN said:

in the begining i though that app can be blocked by closing some ports numbers, but it seem that almost all of the apps use either 80 or 443, and if close one of these port it is like i closed everything !!!

Yes, normal businesses block all traffic on all ports and only allow 80 and 443 (web ports) via proxies. So any app that used another port would be assumed to be always broken, even in many homes. You need to proxy all traffic, not just some traffic, and you need a proxy that can terminate SSL for the end users are you are wasting your time because basically every site supports SSL today and if you can't filter SSL the proxy is pointless.

@Bill-Kindle said:

@Mike-Ralston It's a router / firewall that you can install on pretty much any old computer with two NIC's.

The one thing you have to worry about for hardware requirements is the supported network cards. It will RUN on anything but you may not be able to use it if your network cards are not supported.

Check out: https://www.pfsense.org/hardware/index.html#compatibility