So a bit of background on myself.... I enjoy doing all sorts of tinkering with hardware and software side of things, and I'm still trying to figure out networking in different ways. I typically work best with hands on, but I know that's not really possible without having a home lab, which unfortunately I can't really afford right now, hence the post/question I have.
Is it worth it to have pfSense and an EdgeRouter X, or just one or the other? I'm asking, because everyone talks about how great pfSense is, but I don't know if it's exactly necessary, especially since I don't do a whole lot on the network involving anything nasty penetrating it. Now, please take it easy on me if possible, just due to the fact that I am really wanting to get more into networking, and would like to have this kind of gear for home, or possibly at work (pertaining to permission that is....) Also, to restate earlier I do not do anything intensive, and my internet connection at home is: 100/10 (around there for the upload can't remember currently) and at work it's basically half. So, TL;DR variant:
Use-Case Scenarios for EdgeRouter X
Use-Case Scenarios for pfSense
I'm sure I'll get "Don't buy hardware like there, just do it yourself, you don't need that", I completely understand, I just want to understand this stuff more, and trying to read topics, I just am not getting the answers I'm looking for. If there's any more information or background you need, please just ask, just not sure what you need to know. Anyway, thanks for all the help!
I say go pfsense you will learn so much buy digging in and setting it up to moving on to vlans and firewall rules and etc. edgerouter x you can learn but have heard that they are more tedious for noobs and may slow down your learning depending on time and effort you put in. Someone please chime in that actually uses an edgerouter. If you want a ready to go pfsense appliance to start using than buy one from pfsense. There little sg-1000 is 149 and should handle your connection fine but may not handle vpn and the other services if you start digging deeper down the road. Their next oen is around 300 and would be great but don't know your budget. If you have an old pc around than get a dual intel Gb nic from ebay for twenty bucks and install it to a usb drive or hard drive and have fun. Me and @Dexter_Kane and multitude of others are here to help with any questions you may have.
@sanfordvdev Okay that's sounding pretty good, that'll probably be a better route for me to go then, I guess I only thought of the EdgeRouter, because I was seeing everything being maintained from similar consoles (Unifi APs, etc.) One of the other things I was thinking of as well, is to have a device that is small like the EdgeRouter (I'm willing to put hundreds of hours into learning whatever I get, because that's how I work), and with relative low power-draw. Currently I don't pay for utilities (perks of my current apt.), but that probably won't always be true, and I don't want to have an older Dell (which is a system I can snag form work, perks of recycling) that will eventually cause my power bill to raise, if that makes any sense. My budget is slightly non-existent right now, but basically I can work some things around and afford probably up to the ~$300 range; not sure if that changes anything either.... Thanks for your answer though, brings me a little closer to making a decision!
Old dell wont eat up too much power running pfsense unless we looking at some ancient servers. Jump in and report back what you think. There is another thread here that has some good info on cheap amd boards with integrated cpus that you can get for around 20-40 bucks and then the nic for another twenty. Scrap some old dells and for everything else and voila pfsense rig. Ill make sure I track this thread and like I said get one setup and report back or create a new thread with your problem and reference me and ill do everything I can to help you.
@sanfordvdev Alright here's a question for you, I was trying out pfSense awhile back (read a week or two ago now), and I had it plugged in at work through a hub that I have here. Strangely enough, it knocked out internet to all other devices on the network.... Did running pfSense somehow take over the job of the router (that's top level, this was a level or two lower) or did I mess with a setting somehow? I just figured, I could set it up below a switch and have it only mess with things that were connected straight to it, am I truly missing something? Thanks!
@sanfordvdev I'm not sure if it's a hub or switch honestly, I think it's just a hub... forgive me, still learning networking, I am so out of touch it's embarrassing >.< I changed the IP address before I did anything further, but I couldn't access the internet, so I changed the WAN to be static, and then back to dynamic and that's when everything went down until I unplugged it. I suppose that could've been coincidence though?
yea hard to say without more info. If you find out you have hubs anywhere throw them away and get switches. Hubs are old tech and are terrible. You want switches in your network. Google the difference in the two to learn more.
That series was great, helped me a lot when I started using pfSense and it is very informative, its a shame it stopped but there is going to be at least one more which is good.
@sanfordvdev It looks like what we have setup here is a Netgear JGs524v1; which is unmanaged from the research I did. So I'm not sure if that helps diagnosing that situation, because if it was a fluke, then I don't mind continuing my lab work here at, well work.
Thanks for the video, totally going to be adding that series to my whole Networking area!
@MichaelLindman Well I'm quite glad that there's someone else here who has seen them, that helps me dig into things easier.
With a pfSense deployment, you will realize that you are being attacked every few minutes, but apart from intrusion detection systems, there are a whole host of other useful tools that you can install. If you have an old PC lying around and a couple of NICs, pfSense is also the cheapest possible solution. It is relatively straightforward to set up a basic configuration, but being an enterprise class solution, there is so much there to learn about networking, which you can tackle at your own pace. If you truly enjoy tinkering and you have some suitable hardware to use, don't miss this opportunity.
The EdgerouterX is a brilliant piece of kit and it is ridiculously capable for the price. If you understand some basic networking, it shouldn't prove to be too difficult to configure. The average person probably won't need anything more exotic for a SOHO application, unless you have a high-speed fiber connection.
No matter what you choose, pair it with a couple of UAC AP Lite access points and Bob's your uncle.
As a guess I would say that you had the lan interface connected to your work network rather than the wan interface and either dhcp on pfsense caused other devices on the network to try to connect to pfsense (which didn't have an internet connection) or it shared the same ip as the actual router, either way the result is that devices on your network suddenly had a default gateway which wasn't connected to anything, so no internet.
The GUI is good for basic stuff - but as soon as you want to make more complicated configs you end in the CLI and have to "hack" the config file so your changes are not overwritten by each update or change in the GUI...
Same goes for the USG - ubnt - whom I have my network built around now is great as long as you only need the stuff that is doable from within the GUI but soon after that it's like your on an cisco catalyst and stuff like that - cli - strange commands - huge long commands and than you still have to export the config and reaply it.... *sigh
I am most happy with the unifi stuff - I realy dig the SDN approach - but e.g. the gui does NOT support a search domain for DHCP (what a basic thing to be missing) and trying to add that manually through the backyard (cli) made me softbrick 4 times before giving up and waiting for an update.
If you realy want to thinker and try: pfsense if you want it to just run: edgerouter or if you like software defined networking USG
@sanfordvdev Basically it goes like this: Modem -> Router (which also provides Wifi) -> Switch -> Individual Benches (I work at a PC repair shop)
You're right, and with my neighborhood there are a lot of college students around, so that's why I'd like to switch off of the modem I'm leasing from my ISP, and move onto the separate AP and router (hence pfSense/EdgeRouterX). The PC that I have currently for use is a: Dell Dimension 4700. So beyond that, if it works then I'll try it out, right now, it's hard to justify having something that large in mine and my wife's studio apartment, small area you know....
@Dexter_Kane I'm sure you're right, but what I thought was strange, is that it would effect devices that were on Wifi too, not just through the switch, but maybe I truly don't understand networking like I thought I did... shame shame....
@Th3Z0ne Thanks for the input on the UBN equipment, it's nice to have someone who's truly dove into the hardware/software there, so I'm thinking my decision will be more-so pfSense, I just thought I could maybe have something set-up in my studio for now with UBN, and then move onto pfSense when I have a bigger place to put a larger computer.... XD Am I correct in understanding that I want to purchase the Gateway AND the Unifi AP in that case, or just the AP and call it good?
Thank you guys so much for all of your help, I am so appreciative for this community/forum and all the help you each provide!
If size is an issue (isn't it always, ladies?) then you still have pfSense options. Have a look at this
You can have a space saving solution, support the pfSense project and receive product support, all with one fell swoop! Frankly, there are all sorts of size-conscious options, for the person who wants to run pfSense.
The beauty is that pfSense will run on nearly anything, so if you have an old, discarded PC, you can hop in and play around on the cheap. I have nothing bad to say about Ubiquity products, mind. I have my parents set up with Ubiquity. I can set it and pretty much forget it. You don't need to tinker, hand hold, or reboot it every couple of days. It's good kit.
You can use "the" AP stand allone, ubnt provides a (android) App that lets you set up a single accesspoint without a controller - if you plan on getting the gateway (USG) than you should also plan on having a controller - but the real "fun" with unifi only begins when you commit fully to the ecosystem - AP(s) - switch(es) - gatway + controller (VM or Cloudkey or a raspberry also works) - I soon will get me two unifi switches to replace my aging HP ones and than I am fully in the ecosystem (4APs, 2 switches, 1 gateway, 1 controller) from that point on I can define vlans networks and so on from the controller and it will be deployed to the individual hardware. So one point to control (fail?) them all.
If you have several wireless clients and want to leverage zero handover the controller must be active all time - if that is nothing you need or fancy you can even put the controller onto your workstation and only run it for updates and configuring - the individual configs for APs, switches and GW are stored locally so they can operate once setup.