However, if you really do suggest that I get a pfSense or OPNSense solution, because consumer-grade routers simply aren't secure enough, then I definitely am open to buying a hardware firewall and spending a few days on configuring it. So a few posts seems to suggest that you can get by adequately, by simply running Asuswrt-Merlin and packages like: Skynet, Diversion… if you care to make suggestions? I don't intend to do port forwarding or opening anything in the firewall.Anything else that should be considered "basic security" that is "good enough".Ad-blocking, various IP blacklisting, etc.However, I am rather concerned about applications and IOT devices "phoning" elsewhere from within the network. I am rather apprehensive about spending a huge amount of time on creating good IPS rules. Plus that apparently, they can't scan generally encrypted communications anyway. I would also prefer something better for privacy over AiProtection – like Snort or Suricata – but I'm not sure how those work with VPN encrypted data. I'm currently using Trend Micro AiProtection – but as I understand it, it won't work if I'm going to encrypt all data with OpenVPN on the RT-AX88U. I want to max out 100/100 in total for the devices, which is adequate. I don't have any plans on increasing ISP speeds currently, so I'm cautious whether it's relevant to have a dedicated hardware firewall, even when connecting multiple devices onto the VPN connection simultaneously. I get ~90/90 Mbps from my provider when running OpenVPN on a single computer (haven't tried Merlin OpenVPN performance yet onboard RT-AX88U). Running OpenVPN or Wireguard with a general VPN service provider on the edge device.I would love to hear your opinion on what I should do. However, there are also a number of posts that suggest that the benefits and costs of getting something like pfSense to work well, make it not really worth it for the average consumer, and that you're fine as a typical home user running Asuswrt-Merlin, perhaps with some additional scripts.
I have been considering purchasing a dedicated hardware firewall to run pfSense or OPNSense – based on the advice I've read on this forum. I'm not planning on making network building a "hobby", nor do I want to spend excessive amount of times optimizing security & privacy beyond what could be considered "Pareto efficient". Furthermore, to be perfectly frank, I want to spend as little time as possible on configuring my network. I am relatively new to networks, though I am quite good with computers in general. I'm interested in securing my home network up to some "reasonably sufficient" level. I currently have the ASUS RT-AX88U running vanilla Asuswrt-Merlin install. I'm aware that there probably are some previous discussions on this topic, but if possible I would really appreciate advice geared for my particular interest and skill level.
0 kommentar(er)
