Pfsense instead SonicWall ?

scottalanmiller

Here are some links of people providing configuration info for it...

https://blog.laslabs.com/2013/06/configure-openvpn-with-x-509-ubiquiti-edgerouter-lite/

http://mediarealm.com.au/articles/2014/03/ubiquiti-edgemax-router-openvpn-client-setup/

https://blog.laslabs.com/2013/08/openvpn-server-configuration-script-ubiquiti-edgerouter-lite/

ANd here are the official docs...

https://help.ubnt.com/hc/en-us/articles/204949694-EdgeMAX-OpenVPN-Site-to-Site

scottalanmiller

@coliver said:

@Breffni-Potter said:

@scottalanmiller said:

Confirmed, Ubiquiti definitely does SSL VPN.

Link for reference Mine are saying they don't

https://community.ubnt.com/t5/EdgeMAX/Possibility-of-adding-web-based-SSL-VPN/td-p/342495

I thought they had OpenVPN included in the recent version?

Last many versions. Since 2013 at least.

scottalanmiller

@Breffni-Potter said:

@scottalanmiller said:

Confirmed, Ubiquiti definitely does SSL VPN.

Link for reference Mine are saying they don't

https://community.ubnt.com/t5/EdgeMAX/Possibility-of-adding-web-based-SSL-VPN/td-p/342495

That link actually points out that they DO have it. That's why people are carefully saying words like "web based" and "clientless". They have non-web, cliented SSL VPN, which is by far the more common. This is asking for something above and beyond SSL VPN.

OpenVPN is the most common SSL VPN on the market and is easily 80% of it.

Deleted74295

0_1452524991895_Ubiquiti VPN.jpg

I stand corrected then

Might end up playing with these boxes at some point.

So VPN is fine, the OP is just missing content filtering.

scottalanmiller

Content Filtering Example with Ubiquiti:

https://help.ubnt.com/hc/en-us/articles/205223340-EdgeMAX-Ad-blocking-content-filtering-using-EdgeRouter

JaredBusch

@scottalanmiller
To most, OpenVPN is a VPN type of its own.

SSL VPN means a VPN accessed by WebGUI to almost all SMB out there.
http://searchsecurity.techtarget.com/definition/SSL-VPN

scottalanmiller

It's pretty rare to find something that the Ubiquiti VyOS doesn't handle. It's the most advanced router software on the market for a reason.

scottalanmiller

@JaredBusch said:

@scottalanmiller
To most, OpenVPN is a VPN type of its own.

SSL VPN means a VPN accessed by WebGUI to almost all SMB out there.
http://searchsecurity.techtarget.com/definition/SSL-VPN

That's a problem when the main product in the category and most uses of it are different than people define it. Very confusing. OpenVPN is just as much SSL VPN as any other type. And even the term clientless isn't correct, it's just a client that is downloaded on demand.

Deleted74295

https://www.ubnt.com/edgemax/edgerouter-pro/

Watch the video, skip ahead to 30 seconds in to watch "Cysco" sales reps being beat up...

scottalanmiller

https://openvpn.net/archive/openvpn-users/2005-05/msg00246.html

JaredBusch

@scottalanmiller said:

@JaredBusch said:

@scottalanmiller
To most, OpenVPN is a VPN type of its own.

SSL VPN means a VPN accessed by WebGUI to almost all SMB out there.
http://searchsecurity.techtarget.com/definition/SSL-VPN

That's a problem when the main product in the category and most uses of it are different than people define it. Very confusing. OpenVPN is just as much SSL VPN as any other type. And even the term clientless isn't correct, it's just a client that is downloaded on demand.

All very true and all very much a method of VPN access I would never desire on my network.

If the person truly needs VPN access, then I will set up a client and make sure the connection is truly secure.

scottalanmiller

That was OpenVPN's take on it. They were like "we aren't making this because we are a security company and that's not secure."

Deleted74295

Bit off topic.

But I wish Ubiquiti would make non POE managed switches

scottalanmiller

@Breffni-Potter said:

Bit off topic.

But I wish Ubiquiti would make non POE managed switches

LOL, again but... they do. And we use them.

Deleted74295

@scottalanmiller said:

@Breffni-Potter said:

Bit off topic.

But I wish Ubiquiti would make non POE managed switches

LOL, again but... they do. And we use them.

....Where? I spent a good 30 minutes on their site trying to find them.

Deleted74295

Oh sigh

https://www.ubnt.com/edgemax/edgeswitch-lite/

scottalanmiller

@Breffni-Potter said:

@scottalanmiller said:

@Breffni-Potter said:

Bit off topic.

But I wish Ubiquiti would make non POE managed switches

LOL, again but... they do. And we use them.

....Where? I spent a good 30 minutes on their site trying to find them.

It's called "Lite" with the PoE isn't there.

https://www.ubnt.com/edgemax/edgeswitch-lite/

iroal

Company, at end, let me buy the Pfsense.

I'm thinking in this model.

https://store.pfsense.org/HIGH-AVAILABILITY-SG-4860-1U-pfSense-Systems-P47.aspx

Any other best option ?

dafyre

@iroal said:

Company, at end, let me buy the Pfsense.

I'm thinking in this model.

https://store.pfsense.org/HIGH-AVAILABILITY-SG-4860-1U-pfSense-Systems-P47.aspx

Any other best option ?

If you have the budget, I'd spring for the $2k HA setup. The more features you enable, the slower the firewall can perform, depending on how much traffic you have.

scottalanmiller

@iroal said:

Company, at end, let me buy the Pfsense.

I'm thinking in this model.

https://store.pfsense.org/HIGH-AVAILABILITY-SG-4860-1U-pfSense-Systems-P47.aspx

Any other best option ?

Answer is going to keep being the same, Ubiquiti is better than pfSense.