It sounds like you want a router with a firewall, deep packet inspection and a nice GUI. Pfsense or Ubiquiti Unifi might be a good fit… or openwrt maybe.
If you have a fast internet connection it can be very expensive to do a SPI firewall with consumer equipment like Ubiquiti. I would suggest a computer running PFsense, if you really need that.
Even then it won’t block outgoing connections, unless you tell it to, and then you’ll have a nightmarish time whitelisting all the various hosts and ports you need to go about your life and even then you can’t filter by process. This is why outgoing filtering is best done client-side.
So it depends on what features you’re most interested in. Do you want pretty graphs? Incoming filtering? Outgoing filtering? Geo blocking? Intrusion detection?
I don’t use glasswire so idk how much of that it offers, but those are things to consider when choosing a firewall.
There is one plugin for PFSense that makes it have some really pretty graphs, can’t remember the name though.
A used Dell R-series server with its multiple NICs is super easy to get PFSense set up on.
If you want something less power hungry, MikroTik seems to have fairly competent firewalls in their routers. RB2011iL-RM 5x Gigabit & 5x Fast Ethernet RB3011UiAS-RM 10x Gigabit and some other whistles
Already have untangle, what i want is GUI to see what’s eating my bandwidth. Could also be helpful for spotting infections on computers customers bring in if it’s some sort of P2P based infection. Mostly thought i’ve some crappy spikes thats killing my traffic.
can’t install a client every PC there’s way too many and too much going on.
i tried googling for an addon on Untangle i may not have used the right keywords.
Interesting read. I didn’t realize pfsense’s sqm implementation was incomplete. That was a while ago though, do you know if it’s on their roadmap? If not, maybe we can bring it up to the opnsense guys. They are eager to implement features that distinguish themselves from pfsense.
I don’t know how complete the Ubiquiti implementation of sqm is (I assume it’s downstream from vyatta), but it’s been set-it-and-forget-it for me, even on highly asymmetric connections (300/20 for instance). That said, sqm can incur a considerable bandwidth cap on Ubiquiti hardware.
actually as far as i know it was only 1 or 2 versions ago, i actually learned about that incomplete implementation from one of the SQM founders, they are still trying to get the word out about SQM. in away it’s still kind of young. still only a handful even support it at all.
Ubiquiti is one of those AND that’s beautiful thing Ubiq but, as you mentioned it’s a bottleneck, that’s JUST SQM not even other stuff like site to site VPN etc etc. …which is why i built with an i3 quad core with 5000 or more passmark score!
That should mean if i wanted should MAYBE have the horse power to run some sort of GW BUT, in theory my experience says it would easier to setup a port mirror on a switch (L2+ / Partial L3) and run something like GW. That’s how they do it with WireShark. Idk if GW it’s self would run that way though. Then the router doesn’t have to do jack squat for extra heavy lifting!
Idk, that’s a really roundabout way to get network analytics. I know you do it for wireshark but that’s usually for a very limited time to diagnose a specific issue (afaik). And in any case it won’t share your bandwidth issue.
Idk if this helps, but on my ubiquiti edgerouters, it allows me to set sqm for only egress. I’ve used this successfully where enabling sqm would cap download bandwidth but is needed for slow upload speeds.
Assuming i’m not misunderstanding, let me paint a picture? Considering glass wire requires an install on each machine it’s kind of SEMI pointless. In a small environment with 4 - 10 desktops it’s probably not hard to track bandwith, hell there are free apps that do simiar with more simplistic graphs though.
An environment like mine with a lab with computers and VMs changing, adding and removing, and other on the same network working on different machines, constantly coming and going. different machines each time.
There is just on way your going to bother with a client. but, such graphs would quickly locate a bandwidth hog, weather it a be an infected machine or a download. It just has to be a static centrally located service/server!
Perhaps there is a way to accomplish this without loading up the router resources, assuming it even does? I.E. the Ubiq Unifi just runs on a VM or cloud key. I know it graphs some things.
OFFTOPIC: Also i saw a Unifi poller software not too long ago, how cool would it be to tie together you Unifi graphs with graphs/data from your other networking devices?
But really, the idea that you need to visually monitor something to manage your bandwidth is not ideal at all. You should have some implementation of QOS or SQM that manages your bandwidth and IDS to tell you if something fishy is going on. Any instance that requires your intervention should involve you getting an alert. You should not have to passively monitoring info graphics.
Ubiquiti Unifi and EdgeOS are both tied to their hardware so you can’t virtualize it or anything. However, VyOS is FOSS and shares the same upstream as Ubiquiti routers (or maybe is the upstream since I believe original Vyatta is dead). Might be worth checking out to see if they have a complete SQM implementation.
I have the unifi software running on a windows server VM with a few other apps, works well enough.
I can agree with that with in most normal instances. Just keep in mind this a network shared with some PC Techs, so this isn’t a normal home network or lab. I have seen before infected computers do weird stuff evne so far to infect some routers on the same network. but, it took a while to trouble shoot! This is by NO means for managing anything just a quick “dummy check” or “dummy light” like when your check engine light blinks before catastrophic failure.
HOWEVER more so that than that it would also be more so for some of the “Dummys” the network is being shared with since they lack any real networking skills.
aaaaahhhh the net work’s slow!
“WHAT THE HELL IS GOING ON!? RED ALERT”
I got a paper clip i’m going to factory reset every single device on the rack to factory settings hold
…huh… half the IP addresses disappeared a while ago, wonder if the router out there needs power-cycled.
“HEY MAN YOU’RE BACK!” “There was a network outage today but, we fixed it”
Yeah half the ip addresses disappeared
I used the paper clip to factory reset everything, i think it helped
You mean EVERYTHING? Including those routers set to “AP ONLY MODE”
YEAH!
“OH YEAH! I forgot to tell you that part”
Ooohhhhh Boy, no wonder the TeamSpeak and file Servers have been down all day with half the other IPs missing.
So I figure a nice graph could show them a bandwidth hog or high Ping from the ISP. the same for my self, did i leave some Linux ISOs seeding a month ago with no band with limit?
I’m open to suggestions but, when techs have customer machines coming and going don’t see any other simple solution for quick checks to quickly discern a simple versus advanced issue? if it were a static environment sure! I am all ears though for any suggestions. i still have yet to deep dive in to untangle add ons.
EDIT: DO’H!!! I read too fast you mentioned IDS! That’s not bad idea either! Something like Snort isn’t a half bad idea either.
The Unifi controller, sure… are you already running Unifi hardware (router, switches, APs)?
Idk, Unifi will definitely show you bandwidth usage per client/protocol if that’s all you need, but again SQM should alleviate a lot of that… In addition to SQM and IDS, it sounds like what you really need is a lock on your network rack.
1 Ubiq AP Only, the rest is mixed brand. that’s good point though perhaps Untangle already has some built in graphs. (i’m stilling waiting on a new modem form ISP before i can roll out untangle.)