Right now I have double Layer-7 UTM's on the home network. ZyXEL USG60 NGFW with Kaspersky UTM, and then a Untangle Appliance in transparent/bridge. ZyXEL is very very busy; (yes, that's almost 10,000 intrusions blocked, and 20,000 viruses stopped) Top 5 Intrusions # Signature ID Signature Name Type Severity Hits 1 1059595 SSL OpenSSL GnuTLS Server Hello Session ID Heap Buffer Overflow Buffer-Overflow severe 8945 2 1059596 SSL OpenSSL GnuTLS Server Hello Session ID Heap Buffer Overflow Buffer-Overflow severe 141 3 1058608 FILE Invalid XML Version Buffer-Overflow severe 80 4 1059598 SSL OpenSSL GnuTLS Server Hello Session ID Heap Buffer Overflow Buffer-Overflow severe 52 5 1056687 EXPLOIT Generic Javascript Obfuscation -5 Web-Attacks severe 35 Top 5 Viruses # Virus Name Hits 1 Trojan-Downloader.Win32.FraudLoad.wxnp 16078 2 Trojan-Ransom.Win32.PornoAsset.gvv 282 3 Hoax.Win32.ArchSMS.owa 108 4 Trojan-Downloader.Win32.Geral.tnc 77 5 Trojan-Downloader.Win32.VB.aa 67 Untangle? Not so busy...
I had tried Untangle before, but since I don't completely own my network, conflicts over what to filter arose. Eventually, we settled it by removing Untangle altogether and never looked back.
anyone have any thoughts on Untangle Firewall? I haven't tried the other yet but using it mostly for the AV, Intrusion Prevention and the Adblocker in transparent mode.
Actually, I'm going to setup one with my own access point. I have a spare machine with the following specs. Old Desktop [15" 1280x1024]: Intel Pentium 4 @ 3 GHz 2 GB SDRAM 80 GB HDD + 160 GB FakeRAID ATI Radeon HD 4670 @ 256 MB What I'm looking for other than meeting hardware requirements (32-bit CPU) are: universal file server, good intrusion prevention, and extensive configuration. Also, how would I go about properly testing one under VirtualBox? Thanks. *Think I am going with ClearOS.
I'm also wondering about hardware requirements. I have an old dual core laptop with an SSD and 3GB ram. It's pretty slow running Windows 7 so would it be strong enough to run a UTM without slowing down my 50mb connection? I don't want to find out it isn't after I have it setup It should be good in terms of power consumption though. The SSD draws a lot less then a spinning drive and of course the screen can be off most of the time. Perhap Mayahana will weigh in?
After setting up for hours, I still have problems with connecting to the file servers and my connection speed is now a quarter of what it was. Therefore, experiment failure.
ClearOS. The speed bottleneck may be the WiFi adapter I was using as an access point. For now, I'm not going to bother with routing all my traffic through there, going with some sort of file/media server.
Does anyone have any experience with SOPHOS UTM Home? At one time I was considering setting up a spare PC and installing SOPHOS UTM Home on it and use it as my Home Network UTM. http://www.sophos.com/en-us/products/free-tools/sophos-utm-home-edition.aspx Thanks in Advance.
Sophos UTM home is very strong.. I think too strong for the home. It blocks so much, and at times refuses to allow traffic you may need. For example my smart TV creates a situation that 'looks' like a DOS/Flood, so no matter what I do Sophos blocked it by default, and I couldn't manually unblock it as this kind of thing is core to the product. Also it will block EVERYTHING non-business.. Steam, Streaming, etc.. It's a chore to manually exclude every possible thing, only to find it blocking something else. Good for business, I'd skip it for home.
That's too lite of a machine for ClearOS.. I found ClearOS to be OK personally but it needs more hardware than they claim. Overall, I find most of these Linux or Distro based Firewalls to be pretty lousy in comparison to things like ZyXEL or Fortinet. Untangle is fine, and works, although not all that impressive in features and power, it does work. Especially in transparent mode. I still MUCH prefer dedicated, vendor locked hardware solutions to these distros - by a huge margin. I like Untangle at least for Adblocking at the network level, it's fine for that.
Thanks for the feedback. Sophos UTM Home would probably work for me since I use my PC's mainly for web browsing with some streaming video (YouTube, etc.). However, my ZyXEL ZyWALL ZWUSG20 Internet Security Firewall has been doing a good job for me in the recent years. I will probably just keep using it.
Lower requirements - untangle. But Untangle needs Snort set to BLOCK, as the overlords at Untangle seem to think IPS isn't needed so they toss one on it, and leave everything off. With it all turned on, it's pretty good! ClamAV on the UTM isn't great, but it catches stuff, Adblock is really nice on Untangle.. Hardware requirments are pretty low. ClearOS, Sophos, they can require a bit of muscle on the hardware depending on what features you enable. IPFire, and Endian are light, but not as good UTM's I hear. pfSense, Untangle, probably your best options. I will admit I dislike these distro UTM's. Compared to real UTM's with real hardware, they fall short in every way. I run Untangle in transparent mode to back up my main UTM.
Yeah, I was thinking about pfSense, but it'll probably be a bottleneck again for little to no gain (since I'm not targeted). Don't feel like reinstalling everything when I just got Puppy Linux working on that thing. It'll probably be a digital photo frame or something like that lol. UTM's are interesting, but I do not see the need for them currently (at least for myself). Thanks for your input.
Any Distro based Firewall won't be a bottleneck running in transparent/bridge mode. Right now there is absolutely no latency increase tossing my network through double UTM's.
Yes, but I believe the antiquated WiFi card and weak hardware will be a bottleneck. Just got a motion-detecting camera set up on it, so I'm good to go.
Agreed. On my home network, I'm running ipfire on a dual core Atom mini-ITX board, w/ Squid proxy (transparent), URL filtering (Shalla's list), Snort IDS (VRT community rules), guardian, clam AV. The CPU loafs. The system is easy to set up, easy to monitor, and seems rock solid. (Point Snort at your red (WAN) interface and see just how nasty it is out there.) I've used pfsense and Astaro/Sophos in the past, and both of those are quite good, but ipfire fits my needs best.
I agree, and people fail to realize how nasty it really is out there, and how you really NEED a UTM these days.. Which apparently ASUS and Bit Defender are now addressing for home users. I will work on an ipfire setup when I get time, I have a couple of low wattage Dell's sitting around here, both have dual core 2.66's and 4GB of ram, overkill.
More than enough. If someone is looking for cheap HW for a UTM look here http://www.aliexpress.com/store/800900
