Upgrading Home Network - Need Advice

The #1 community for Gun Owners of the Northeast

Member Benefits:

  • No ad networks!
  • Discuss all aspects of firearm ownership
  • Discuss anti-gun legislation
  • Buy, sell, and trade in the classified section
  • Chat with Local gun shops, ranges, trainers & other businesses
  • Discover free outdoor shooting areas
  • View up to date on firearm-related events
  • Share photos & video with other members
  • ...and so much more!
  • ToolAA

    Ultimate Member
    MDS Supporter
    Jun 17, 2016
    10,499
    God's Country
    I have been lagging behind upgrading my home network I've got a Netgear RAX120 which I thought was a pretty good router but the performance seem rather lackluster, especially now with sometimes 3 professionals working from home. It's also not supported by ExpressVPN. I also have some areas of the house with less than ideal wifi coverage that I would like to improve.

    I've been doing some research and I'm looking for some feedback from those in the business. My goals would be improvements in security, Speed and VPN capability.

    I'm thinking about getting a Netgate SG-3100 These use PFSense and run around $399. I'm just wondering if it's overkill for my home needs.

    I will be connecting my Fios Router in Bridge mode to the SG-3100, so I can still keep the channel guide and PPV channels working. (I currently have this setup working with my Netgear router)

    I currently have some Cat-5 Cables running to all three floors so I plan on installing a Netgear POE+ Unmanaged switch. I'm looking at the GS305PP which I like because it's only 85w and fanless.

    I'll put three POE Wifi-AP's (one on each floor). This should solve my Wifi coverage problems. I was going to go with the Ubiquiti UAP-AC-PRO for the ground floor where most of the traffic resides and maybe two of the UAP-AC-Lite Models for the other floors. I know Ubiquiti makes excellent products but this choice would run me $350. However 3 of the TP-Link Omada AC1350's would only be $150 and the specs look more than good enough.


    Where I could really use some feedback is with PFSense. I really have no experience with it and I have no idea how difficult it's going to be for me to figure out and setup. However it seems like once I do learn how to use it, it's going to be the most flexible and robust option. Yes/No???
     

    traveller

    The one with two L
    Nov 26, 2010
    18,256
    variable
    I currently have some Cat-5 Cables running to all three floors so I plan on installing a Netgear POE+ Unmanaged switch. I'm looking at the GS305PP which I like because it's only 85w and fanless.

    I'll put three POE Wifi-AP's (one on each floor). This should solve my Wifi coverage problems. I was going to go with the Ubiquiti UAP-AC-PRO for the ground floor where most of the traffic resides and maybe two of the UAP-AC-Lite Models for the other floors. I know Ubiquiti makes excellent products but this choice would run me $350.

    I was sick of dicking around with this stuff and that is what I pretty much did. A cisco PoE switch and 3 AP-Pros, one on each floor. I can peel paint off the walls with the amount of RF power available ;-)
    Keep in mind, the lower level Ubiquity APs don't use the IEEE standard PoE. They only work with a proprietary Ubiquity PoE switch. That's why I went with the Pros. IIRC $499 for the 3-pack. This has been rock solid.
     

    trickg

    Guns 'n Drums
    MDS Supporter
    Jul 22, 2008
    14,584
    Glen Burnie
    I was sick of dicking around with this stuff and that is what I pretty much did. A cisco PoE switch and 3 AP-Pros, one on each floor. I can peel paint off the walls with the amount of RF power available ;-)
    Keep in mind, the lower level Ubiquity APs don't use the IEEE standard PoE. They only work with a proprietary Ubiquity PoE switch. That's why I went with the Pros. IIRC $499 for the 3-pack. This has been rock solid.
    Great. Another thread I feel compelled to unsubscribe from.
     

    ToolAA

    Ultimate Member
    MDS Supporter
    Jun 17, 2016
    10,499
    God's Country
    I was sick of dicking around with this stuff and that is what I pretty much did. A cisco PoE switch and 3 AP-Pros, one on each floor. I can peel paint off the walls with the amount of RF power available ;-)
    Keep in mind, the lower level Ubiquity APs don't use the IEEE standard PoE. They only work with a proprietary Ubiquity PoE switch. That's why I went with the Pros. IIRC $499 for the 3-pack. This has been rock solid.

    Very good to know about incompatibility with the Netgear POE switch. My post might have already saved me some money.

    What are you using as a router/firewall? A PFSense box? Or something else.
     

    Occam

    Not Even ONE Indictment
    MDS Supporter
    Feb 24, 2018
    20,230
    Montgomery County
    For my money, the Ubiquiti mesh products are the good stuff. I've had mixed results with the TP-Link stuff. Have used a lot of their hardware over the years, but the WiFi side of it always seems dodgier than the rest of it. The Ubiquiti stuff is cake to set up, and their phone app not only walks you through it, it can give you a lot of insight into how the mesh nodes are performing, RF- and data-throughput-wise.

    PFsense? Well, if you can do all the other stuff I know you can do, you'll have no problems. It's less a matter of how PFsense itself performs and what it's like to administer it ... and more a matter of whether or not the device running it has the head room to install plugin software modules to do specific tricks you might want. Out of the can, it's a lean, mean, well regarded firewall. I use a couple instances of it out at my datacenter, in front of public-facing systems with remote admin features. I wouldn't trust just anything with that responsibility. There are also a billion blogs, forums, videos and whatnot out there to help you do specific things with it.

    Is the VPN capability you're looking for all about getting the local network to expose itself to incoming VPN connections while you're out of the house, or are you more interested in multiple in-house users being on multiple OUTBOUND VPN connections, hooked into other networks (say, multiple remote workers, working at home)?
     

    swamplynx

    Active Member
    MDS Supporter
    Jul 28, 2014
    678
    DC
    Since you have wired back haul it is a no brainer to drop APs on every floor. If you have a lot of mobile devices, I’d even look to get some retired enterprise grade Cisco APs off eBay. They support 802.11r/k/v which help with seamless and efficient roaming substantially. If you have a lot of iOS devices, even more so as there are some Apple-Cisco exclusive features their APs have (FastLane). More APs the better always since it is shared airtime, but if you have sticky clients that does you no good (that is where r/k/v come in). Wireless QoS is also important so you can prioritize a Zoom call over whatever ******** the wife / kids have going on. Most importantly, get everything high bandwidth off the WiFi (Roku, Apple TV, etc. ). Hardwire it.

    You are on the right track separating your router from your APs. Personally because I have a lot of home automation my edge priority is redundancy over repudiation, so although I use VPNs extensively for privacy, I just use them on my endpoints. pfSense is cool, but make sure the appliance you use can support the throughput of your internet link through VPN (this will be different from the standard throughput due to encryption overhead).
     

    Alan3413

    Ultimate Member
    Mar 4, 2013
    16,921
    For $400, you're best off with Ubiquiti's Unifi line of products.

    $400 will get you their security gateway, switch, a couple of access points, and a cloud key controller. I'd spring for their controller for better real time control of the setup.

    Setup is all gui-based and prolly easier than pfSense
     

    traveller

    The one with two L
    Nov 26, 2010
    18,256
    variable
    Very good to know about incompatibility with the Netgear POE switch. My post might have already saved me some money.

    Check on the specs. My information is from 4 years ago, the AC lite and their midrange AP required either power injector or proprietary PoE. Only the Pro did the industry standard.

    What are you using as a router/firewall? A PFSense box? Or something else.

    Complete overkill for home use. A Sonicwall TZ350 hooked to Fios primary, Comcast for failover and a LTE card for emergencies that knock out both wired connections.
     

    ToolAA

    Ultimate Member
    MDS Supporter
    Jun 17, 2016
    10,499
    God's Country
    For my money, the Ubiquiti mesh products are the good stuff. I've had mixed results with the TP-Link stuff. Have used a lot of their hardware over the years, but the WiFi side of it always seems dodgier than the rest of it. The Ubiquiti stuff is cake to set up, and their phone app not only walks you through it, it can give you a lot of insight into how the mesh nodes are performing, RF- and data-throughput-wise.

    PFsense? Well, if you can do all the other stuff I know you can do, you'll have no problems. It's less a matter of how PFsense itself performs and what it's like to administer it ... and more a matter of whether or not the device running it has the head room to install plugin software modules to do specific tricks you might want. Out of the can, it's a lean, mean, well regarded firewall. I use a couple instances of it out at my datacenter, in front of public-facing systems with remote admin features. I wouldn't trust just anything with that responsibility. There are also a billion blogs, forums, videos and whatnot out there to help you do specific things with it.

    Is the VPN capability you're looking for all about getting the local network to expose itself to incoming VPN connections while you're out of the house, or are you more interested in multiple in-house users being on multiple OUTBOUND VPN connections, hooked into other networks (say, multiple remote workers, working at home)?


    Thanks man. I like what I’ve read about PF Sense. Are you running it on regular PC’s or special purpose HW?

    What’s really most important is just having some a way of routing all of out outbound network through expressVPN for an extra layer of internet security. I have software on my pc, phone and laptop but to cover every freaking connected device in the house would cost probably $25/month. So I’m trying to avoid that cost.
     

    ToolAA

    Ultimate Member
    MDS Supporter
    Jun 17, 2016
    10,499
    God's Country
    Check on the specs. My information is from 4 years ago, the AC lite and their midrange AP required either power injector or proprietary PoE. Only the Pro did the industry standard.



    Complete overkill for home use. A Sonicwall TZ350 hooked to Fios primary, Comcast for failover and a LTE card for emergencies that knock out both wired connections.


    Yea the LTE 3rd tier emergency backup puts you into a special class for sure.

    The Sonicwall TZ350 looks like nice hardware. Not much more than the Netgate I linked.
     

    swamplynx

    Active Member
    MDS Supporter
    Jul 28, 2014
    678
    DC
    Check on the specs. My information is from 4 years ago, the AC lite and their midrange AP required either power injector or proprietary PoE. Only the Pro did the industry standard.



    Complete overkill for home use. A Sonicwall TZ350 hooked to Fios primary, Comcast for failover and a LTE card for emergencies that knock out both wired connections.

    How do you like the Sonicwall? I’ve only used them probably over a decade ago in a work environment and wasn’t all that impressed. I’m running Peplink at my edge currently, which overall is a great product and for redundancy, but it really chaps my ass that they don’t have proper IPv6 support.
     

    Occam

    Not Even ONE Indictment
    MDS Supporter
    Feb 24, 2018
    20,230
    Montgomery County
    Thanks man. I like what I’ve read about PF Sense. Are you running it on regular PC’s or special purpose HW?

    In my case, I run it on a couple of modest 1U pizza-box-sized servers. Don't need a lot of big fast drives unless you intend to maybe also use it for a file server or keep huge logs or use it as a web proxy with a gigantic cache. Unlikely scenarios for you.

    I'm running that in a noisy rack in a datacenter that already sounds like a jet engine factory. In a house, a dedicated PC (or sever format, etc) machine is going to probably be bigger, louder, and more electricity hungry than you're going to need or want. As you've seen, there are lots of dedicated little devices that run it, and probably have all the horsepower you need. I just end up with a lot of extra servers around, and don't care about noise, so I just spin PFsense up on servers. One advantage is that the server class hardware has its own remote access facility so I can boot the machine, fiddle with BIOS settings, etc., without dragging my ass out past Dulles. You get to play with it in your house!
     

    adit

    ReMember
    MDS Supporter
    Feb 20, 2013
    19,495
    DE
    I'll say just the opposite of Occam. I have had zero issues with TPLink WIFI AP's. I actually installed another one in Annapolis last night. (EAP245) It replaced a Netgear AP.

    For smaller PoE switches I've always used Netgear. We're now replacing them with TPLinks. We had a lot of problems with the Netgears losing their saved configs, and one model in 2 locations that changes the VLAN ID's. Maddening.

    Still using Netgear for 48 port PoE and 10G switches as they have been problem free.

    PM Melnic here. He replaced his WIFI with TPLink. Last I heard from him he was happy with the cost/performance ratio.


    The 3100 is overkill, but a nice unit. I have one sitting in front of me waiting to be config'd.

    The 1100's (what I'm using now) can overheat - I attach a 25x25x10 USB fan to the side w/silicone, and plug it into the port, runs ice cold. https://www.ebay.com/itm/2-Pieces-U...computer-GDStime-25mm-10mm-WD-B9/254547539418



    FYI, from UI the other day, forgot to post it:

    Dear Customer,

    We recently became aware of unauthorized access to certain of our information technology systems hosted by a third party cloud provider. We have no indication that there has been unauthorized activity with respect to any user’s account.

    We are not currently aware of evidence of access to any databases that host user data, but we cannot be certain that user data has not been exposed. This data may include your name, email address, and the one-way encrypted password to your account (in technical terms, the passwords are hashed and salted). The data may also include your address and phone number if you have provided that to us.

    As a precaution, we encourage you to change your password. We recommend that you also change your password on any website where you use the same user ID or password. Finally, we recommend that you enable two-factor authentication on your Ubiquiti accounts if you have not already done so.

    Change Password
    Enable Two-Factor Authentication

    We apologize for, and deeply regret, any inconvenience this may cause you. We take the security of your information very seriously and appreciate your continued trust.

    Thank you,
    Ubiquiti Team
     

    Boxcab

    MSI EM
    MDS Supporter
    Feb 22, 2007
    7,862
    AA County
    ToolAA, sorry for taking a small detour in your thread, but I think its part of the story...
    <snip>

    I will be connecting my Fios Router in Bridge mode to the SG-3100, so I can still keep the channel guide and PPV channels working. (I currently have this setup working with my Netgear router)

    <snip>

    Is there a good and easy to manage replacement for the Fios hardware? I'd like to rid myself of the monthly fees and any backdoors that Fios has?




    .
     

    bibitor

    Kulak
    MDS Supporter
    Oct 10, 2017
    1,894
    FEMA Region III
    I’m running the Netgate SG-2100.

    For most applications it’s overkill, but I have a wireless bridge from my house to our barn, and I wanted to segregate the networks. My wife and I have employees that use the barn network.

    In the house I’m using an older Netgear router strictly as a WAP, and I have a Pi-hole running as well (highly, highly recommend). Reading through this thread I am reminded that I need to go through and run software updates this weekend. I stay on top of it for our businesses, but I’ve been neglecting my home gear :(
     

    geda

    Active Member
    Dec 24, 2017
    550
    cowcounty
    I am running a very similar setup to what OP is thinking about.

    3 Unifi AC-Pro, which are infact normal .af PoE,other models may not be, but I specifically got these in 2015 because they were real PoE. They are not running ubiquity firmware, they have openwrt. They are on their own dumb PoE switch plugged into a 4 vlan trunk port on my pfsense box. 1 management vlan and 3 vlans for wireless networks. Wireless networks are bridged to their respective vlans. The pfsense box handles all the routing and dhcp. I initially set it up with the APs doing routing, but they were too slow to handle AC speeds. Other than updating the firmware a few times these have been amazing, zero issues.


    Custom Pfsense box - ASRock J3455M board with 8gb of ram, old 60gb ssd, dell branded intel 4x 1g ethernet card from ewaste at work. Mounted in a 2u ebay case(i dont mess with 1u for home use because I dont want any "jet engine fans". This upgraded an older amd e-350 board that quit on me after 6 years. Current setup is 2 years old and has had zero issues.


    Everything else is on a managed cisco switch. The ethernet going from the router to the cable modem goes though a cisco firepower device(free through work) in bump in the wire mode. I could replace the switches and router with the firepower device if I wanted to, but I just use it for monitoring and snort.
     

    ToolAA

    Ultimate Member
    MDS Supporter
    Jun 17, 2016
    10,499
    God's Country
    ToolAA, sorry for taking a small detour in your thread, but I think its part of the story...


    Is there a good and easy to manage replacement for the Fios hardware? I'd like to rid myself of the monthly fees and any backdoors that Fios has?




    .


    If you want to keep their channel guide and have access to OnDemand and multi-room DVR capabilities, you have to keep there crappy router connected to the STB’s. However you can connect the Fios router behind a more secure router/firewall and then turn off all other routing features of the Fios router. This will give you the security you are looking for without losing the Fios TV features. You still have to rent their hardware.
     

    XCheckR

    Ultimate Member
    MDS Supporter
    Mar 20, 2013
    4,197
    HdG
    For $400, you're best off with Ubiquiti's Unifi line of products.

    $400 will get you their security gateway, switch, a couple of access points, and a cloud key controller. I'd spring for their controller for better real time control of the setup.

    Setup is all gui-based and prolly easier than pfSense

    I just upgraded to their stuff. It's pretty friggin awesome.
     

    Traveler

    Lighten up Francis
    Jan 18, 2013
    8,227
    AA County
    There is nothing overkill about PFsense. If you have the technical ability, it is on par with commercial gear, without the cost. It is far more flexible and secure than the stuff you get at Best Buy. I started running it when I got tired of maintaining OpenBSD, and a PF firewall manually. That was about ten years ago.

    You could do far worse. The UI is a breeze for anyone with firewall experience.

    Two of my technical friends finally got on to it a few months ago. They like it as well.
     

    Users who are viewing this thread

    Latest posts

    Forum statistics

    Threads
    274,915
    Messages
    7,258,441
    Members
    33,348
    Latest member
    Eric_Hehl

    Latest threads

    Top Bottom