Old January 14th, 2021, 12:27 AM #1
ToolAA's Avatar
ToolAA ToolAA is offline
Senior Member
 
Join Date: Jun 2016
Location: Ellicott City
Posts: 5,846
ToolAA ToolAA is offline
Senior Member
ToolAA's Avatar
 
Join Date: Jun 2016
Location: Ellicott City
Posts: 5,846
Upgrading Home Network - Need Advice

I have been lagging behind upgrading my home network I've got a Netgear RAX120 which I thought was a pretty good router but the performance seem rather lackluster, especially now with sometimes 3 professionals working from home. It's also not supported by ExpressVPN. I also have some areas of the house with less than ideal wifi coverage that I would like to improve.

I've been doing some research and I'm looking for some feedback from those in the business. My goals would be improvements in security, Speed and VPN capability.

I'm thinking about getting a Netgate SG-3100 These use PFSense and run around $399. I'm just wondering if it's overkill for my home needs.

I will be connecting my Fios Router in Bridge mode to the SG-3100, so I can still keep the channel guide and PPV channels working. (I currently have this setup working with my Netgear router)

I currently have some Cat-5 Cables running to all three floors so I plan on installing a Netgear POE+ Unmanaged switch. I'm looking at the GS305PP which I like because it's only 85w and fanless.

I'll put three POE Wifi-AP's (one on each floor). This should solve my Wifi coverage problems. I was going to go with the Ubiquiti UAP-AC-PRO for the ground floor where most of the traffic resides and maybe two of the UAP-AC-Lite Models for the other floors. I know Ubiquiti makes excellent products but this choice would run me $350. However 3 of the TP-Link Omada AC1350's would only be $150 and the specs look more than good enough.


Where I could really use some feedback is with PFSense. I really have no experience with it and I have no idea how difficult it's going to be for me to figure out and setup. However it seems like once I do learn how to use it, it's going to be the most flexible and robust option. Yes/No???
__________________
Honorable people with a good work ethic and strong character have shaped our communities and nation more so than presidents and congressmen. The crisis of character we see in our political leaders is a symptom of our nation's sickness not the cause for the disease.
ToolAA is offline   Reply With Quote
Old January 14th, 2021, 12:38 AM #2
trickg's Avatar
trickg trickg is offline
Guns 'n Drums
 
Join Date: Jul 2008
Location: Glen Burnie
Posts: 8,991
trickg trickg is offline
Guns 'n Drums
trickg's Avatar
 
Join Date: Jul 2008
Location: Glen Burnie
Posts: 8,991
That sounds like way overkill for a house.
__________________
TrickG
"My name is Gladiator" -- Maximus Decimus Meridius
trickg is offline   Reply With Quote
Old January 14th, 2021, 12:41 AM #3
traveller's Avatar
traveller traveller is offline
The one with two L
 
Join Date: Nov 2010
Location: variable
Posts: 13,177
traveller traveller is offline
The one with two L
traveller's Avatar
 
Join Date: Nov 2010
Location: variable
Posts: 13,177
Quote:
Originally Posted by ToolAA View Post
I currently have some Cat-5 Cables running to all three floors so I plan on installing a Netgear POE+ Unmanaged switch. I'm looking at the GS305PP which I like because it's only 85w and fanless.

I'll put three POE Wifi-AP's (one on each floor). This should solve my Wifi coverage problems. I was going to go with the Ubiquiti UAP-AC-PRO for the ground floor where most of the traffic resides and maybe two of the UAP-AC-Lite Models for the other floors. I know Ubiquiti makes excellent products but this choice would run me $350.
I was sick of dicking around with this stuff and that is what I pretty much did. A cisco PoE switch and 3 AP-Pros, one on each floor. I can peel paint off the walls with the amount of RF power available ;-)
Keep in mind, the lower level Ubiquity APs don't use the IEEE standard PoE. They only work with a proprietary Ubiquity PoE switch. That's why I went with the Pros. IIRC $499 for the 3-pack. This has been rock solid.
traveller is offline   Reply With Quote
Old January 14th, 2021, 12:42 AM #4
trickg's Avatar
trickg trickg is offline
Guns 'n Drums
 
Join Date: Jul 2008
Location: Glen Burnie
Posts: 8,991
trickg trickg is offline
Guns 'n Drums
trickg's Avatar
 
Join Date: Jul 2008
Location: Glen Burnie
Posts: 8,991
Quote:
Originally Posted by traveller View Post
I was sick of dicking around with this stuff and that is what I pretty much did. A cisco PoE switch and 3 AP-Pros, one on each floor. I can peel paint off the walls with the amount of RF power available ;-)
Keep in mind, the lower level Ubiquity APs don't use the IEEE standard PoE. They only work with a proprietary Ubiquity PoE switch. That's why I went with the Pros. IIRC $499 for the 3-pack. This has been rock solid.
Great. Another thread I feel compelled to unsubscribe from.
__________________
TrickG
"My name is Gladiator" -- Maximus Decimus Meridius
trickg is offline   Reply With Quote
Old January 14th, 2021, 12:45 AM #5
ToolAA's Avatar
ToolAA ToolAA is offline
Senior Member
 
Join Date: Jun 2016
Location: Ellicott City
Posts: 5,846
ToolAA ToolAA is offline
Senior Member
ToolAA's Avatar
 
Join Date: Jun 2016
Location: Ellicott City
Posts: 5,846
Quote:
Originally Posted by traveller View Post
I was sick of dicking around with this stuff and that is what I pretty much did. A cisco PoE switch and 3 AP-Pros, one on each floor. I can peel paint off the walls with the amount of RF power available ;-)
Keep in mind, the lower level Ubiquity APs don't use the IEEE standard PoE. They only work with a proprietary Ubiquity PoE switch. That's why I went with the Pros. IIRC $499 for the 3-pack. This has been rock solid.
Very good to know about incompatibility with the Netgear POE switch. My post might have already saved me some money.

What are you using as a router/firewall? A PFSense box? Or something else.
__________________
Honorable people with a good work ethic and strong character have shaped our communities and nation more so than presidents and congressmen. The crisis of character we see in our political leaders is a symptom of our nation's sickness not the cause for the disease.
ToolAA is offline   Reply With Quote
Old January 14th, 2021, 12:46 AM #6
Occam Occam is offline
Recovering Lurker
 
Join Date: Feb 2018
Location: Montgomery County
Posts: 10,632
Occam Occam is offline
Recovering Lurker
 
Join Date: Feb 2018
Location: Montgomery County
Posts: 10,632
For my money, the Ubiquiti mesh products are the good stuff. I've had mixed results with the TP-Link stuff. Have used a lot of their hardware over the years, but the WiFi side of it always seems dodgier than the rest of it. The Ubiquiti stuff is cake to set up, and their phone app not only walks you through it, it can give you a lot of insight into how the mesh nodes are performing, RF- and data-throughput-wise.

PFsense? Well, if you can do all the other stuff I know you can do, you'll have no problems. It's less a matter of how PFsense itself performs and what it's like to administer it ... and more a matter of whether or not the device running it has the head room to install plugin software modules to do specific tricks you might want. Out of the can, it's a lean, mean, well regarded firewall. I use a couple instances of it out at my datacenter, in front of public-facing systems with remote admin features. I wouldn't trust just anything with that responsibility. There are also a billion blogs, forums, videos and whatnot out there to help you do specific things with it.

Is the VPN capability you're looking for all about getting the local network to expose itself to incoming VPN connections while you're out of the house, or are you more interested in multiple in-house users being on multiple OUTBOUND VPN connections, hooked into other networks (say, multiple remote workers, working at home)?
Occam is offline   Reply With Quote
Old January 14th, 2021, 12:47 AM #7
swamplynx swamplynx is offline
Member
 
Join Date: Jul 2014
Location: DC
Posts: 636
swamplynx swamplynx is offline
Member
 
Join Date: Jul 2014
Location: DC
Posts: 636
Since you have wired back haul it is a no brainer to drop APs on every floor. If you have a lot of mobile devices, I’d even look to get some retired enterprise grade Cisco APs off eBay. They support 802.11r/k/v which help with seamless and efficient roaming substantially. If you have a lot of iOS devices, even more so as there are some Apple-Cisco exclusive features their APs have (FastLane). More APs the better always since it is shared airtime, but if you have sticky clients that does you no good (that is where r/k/v come in). Wireless QoS is also important so you can prioritize a Zoom call over whatever bullshit the wife / kids have going on. Most importantly, get everything high bandwidth off the WiFi (Roku, Apple TV, etc. ). Hardwire it.

You are on the right track separating your router from your APs. Personally because I have a lot of home automation my edge priority is redundancy over repudiation, so although I use VPNs extensively for privacy, I just use them on my endpoints. pfSense is cool, but make sure the appliance you use can support the throughput of your internet link through VPN (this will be different from the standard throughput due to encryption overhead).
swamplynx is offline   Reply With Quote
Old January 14th, 2021, 12:51 AM #8
Alan3413's Avatar
Alan3413 Alan3413 is offline
Senior Member
 
Join Date: Mar 2013
Posts: 9,529
Alan3413 Alan3413 is offline
Senior Member
Alan3413's Avatar
 
Join Date: Mar 2013
Posts: 9,529
For $400, you're best off with Ubiquiti's Unifi line of products.

$400 will get you their security gateway, switch, a couple of access points, and a cloud key controller. I'd spring for their controller for better real time control of the setup.

Setup is all gui-based and prolly easier than pfSense
Alan3413 is offline   Reply With Quote
Old January 14th, 2021, 12:52 AM #9
traveller's Avatar
traveller traveller is offline
The one with two L
 
Join Date: Nov 2010
Location: variable
Posts: 13,177
traveller traveller is offline
The one with two L
traveller's Avatar
 
Join Date: Nov 2010
Location: variable
Posts: 13,177
Quote:
Originally Posted by ToolAA View Post
Very good to know about incompatibility with the Netgear POE switch. My post might have already saved me some money.
Check on the specs. My information is from 4 years ago, the AC lite and their midrange AP required either power injector or proprietary PoE. Only the Pro did the industry standard.

Quote:
What are you using as a router/firewall? A PFSense box? Or something else.
Complete overkill for home use. A Sonicwall TZ350 hooked to Fios primary, Comcast for failover and a LTE card for emergencies that knock out both wired connections.
traveller is offline   Reply With Quote
Old January 14th, 2021, 12:57 AM #10
ToolAA's Avatar
ToolAA ToolAA is offline
Senior Member
 
Join Date: Jun 2016
Location: Ellicott City
Posts: 5,846
ToolAA ToolAA is offline
Senior Member
ToolAA's Avatar
 
Join Date: Jun 2016
Location: Ellicott City
Posts: 5,846
Quote:
Originally Posted by Occam View Post
For my money, the Ubiquiti mesh products are the good stuff. I've had mixed results with the TP-Link stuff. Have used a lot of their hardware over the years, but the WiFi side of it always seems dodgier than the rest of it. The Ubiquiti stuff is cake to set up, and their phone app not only walks you through it, it can give you a lot of insight into how the mesh nodes are performing, RF- and data-throughput-wise.

PFsense? Well, if you can do all the other stuff I know you can do, you'll have no problems. It's less a matter of how PFsense itself performs and what it's like to administer it ... and more a matter of whether or not the device running it has the head room to install plugin software modules to do specific tricks you might want. Out of the can, it's a lean, mean, well regarded firewall. I use a couple instances of it out at my datacenter, in front of public-facing systems with remote admin features. I wouldn't trust just anything with that responsibility. There are also a billion blogs, forums, videos and whatnot out there to help you do specific things with it.

Is the VPN capability you're looking for all about getting the local network to expose itself to incoming VPN connections while you're out of the house, or are you more interested in multiple in-house users being on multiple OUTBOUND VPN connections, hooked into other networks (say, multiple remote workers, working at home)?

Thanks man. I like what Iíve read about PF Sense. Are you running it on regular PCís or special purpose HW?

Whatís really most important is just having some a way of routing all of out outbound network through expressVPN for an extra layer of internet security. I have software on my pc, phone and laptop but to cover every freaking connected device in the house would cost probably $25/month. So Iím trying to avoid that cost.
__________________
Honorable people with a good work ethic and strong character have shaped our communities and nation more so than presidents and congressmen. The crisis of character we see in our political leaders is a symptom of our nation's sickness not the cause for the disease.
ToolAA is offline   Reply With Quote
Reply

  Home Page > Forum List > Topics of Interest > Preppers > Cyber / Tech Security


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 09:30 PM.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2021, vBulletin Solutions, Inc.
© 2019, Congregate Media, LP Privacy Policy Terms of Service