[ale] So, who do we like for a new 4 port gigabit LAN/WAN Firewall Routers these days?
DJ-Pfulio
DJPfulio at jdpfu.com
Wed Feb 24 14:26:40 EST 2021
> WHO do we like for a well supported reliable gigabit firewall router
> with 1 WAN, 4-6 LAN ports, no WIFI needed?
pfSense/OPNSense - Nerdy people - use a purpose build solution. PCEngines
makes the stuff that Netgate sells. Direct, it is cheaper. Due to COVID,
shipping can be long. Without COVID, I think Phil got it in 3 days. No SW
support. If you need support - skip this solution.
I ran and deployed pfSense for years before switching to OPNSense about
a year ago. Been mostly happy, though the BSD i210 drivers for the APU2
are single CPU and a bottleneck (~650Mbps tops). The Linux i210 drivers
are multi-CPU and not a bottleneck. Lots of flexible addons that probably
shouldn't be used. Routers should do 2 things, IMHO. Route and firewall.
VPNs belong on different hardware. OPNsense has all sorts of supported
modules like a reverse-proxy for web hosting. Just because something CAN
be done, that doesn't make it a smart idea.
Ubiquiti - Less nerdy, but with support and enterprise capabilities.
Ubiquiti routers and switches. Good 1-button patching. I'd go this way
if I needed PoE or integrated wifi controls in a dashboard. GigE isn't any
issue. Don't know about built-in VPN support.
MikroTik - Almost home-user friendly, but still with enterprise stuff. Lots
of how-to guides online, YT videos, some multi-part guides. Good 1-button
patching. GigE isn't any issue. Don't know about built-in VPN support.
Don't think that your router needs 8 ports just because you have 7 devices.
That's what cheap switches are used for. Managed switches are only needed
if you want port control and multiple vlans on the same wire. If you have
a flat network or physically separate by router ports, there's little need
for fancy switches until lots and lots of devices are connected.
A 2-4 -port router with a few $20 8-port switches works find to support
2 LAN subnets.
For a church without a 100% nerd and ZERO wifi needs (anywhere), I'd
push the Mikrotik. If you need wifi anywhere in the building, then Ubiquiti
is the obvious choice.
Both Mikrotik and Ubiquiti have proven their quick support for Linux issues
in their systems. OTOH, BSD networking is famous for not really having those
problems and as the load increases, BSD just gets slower. It doesn't lock up
or crash.
IMHO.
More information about the Ale
mailing list