sophos on mini pc

Hi,

you need 2 NICs, not intel i219 or i225/226 series. About 100gb of disk. The processor will be okay, though getting quite old. The BIOS will need to run in legacy mode.

Ian

thanks so much! i will have to search, read, try and ask again!!

The processor you said is quite old but should work fine on a home network. If you can It will be good good to upgrade to 8GB of RAM, (Only 6GB will be usable)

Is the main purpose for installing Sophos Firewall to block Ads? Or you're going to use all It's security functions?

About the Ads part, the default Advertisement category does block a lot of stuff, but if you want to use custom AdBlock lists you will have to import them manually to the Firewall.

my main goal is to block ads. from all devices! (I know i have to search a lot!) security is a benefit too!
I have to search for a pc doing the job at first! but as i understood, ads will be past when i finally do it!

It won't be a fix all for blocking ads, so expect to be disappointed in that area. You are way better off using ad-blocking at the client machine unfortunately.

uBlock does a great job.   ABP used to be my go-to, but they even allow some ads through their blocking extension even after you say no it the allow. 

I am one to believe that ad blocking should be part of a firewall, and you can make some of it work in UTM or XG, but it won't get everything.

ffs, I'm sick of ads. I just want to block them from everywhere on my network. even if I have to use firewall, apps, blockers, whatever it takes. (I can't use the app on all devices, like my non-android smart TV)

ffs, I'm sick of ads. I just want to block them from everywhere on my network. even if I have to use firewall, apps, blockers, whatever it takes. (I can't use the app on all devices, like my non-android smart TV)

Yeah I use a combination of both client and firewall.  Setting up the firewall is of course lengthy.  Client is just an extension install, heh.

I'd still love to filter Youtube ads personally, but they've embedded them smarter than what the firewall can filter.  Client-side extensions do work well though.

Ads make it so you don't even want to be looking online for anything anymore.  They're just another bloatware item that is being abused both by companies and malicious actors.

Hi Amodin,

it is not just youtube that embeds the ads which frustrating, some get blocked and others don't. Though they are blocked if you click on the embedded ads. Then there are the sites that are classified as business that are really just ads, you need to setup specific policies for them.

My attitude  is I block everything until I find a site that doesn't work then investigate what is required to allow access to it.

Ian

nice idea. ads are EVERYWHERE. not just YT. EVERYWHERE. and i m really sick. don't care if i have to buy a licence for adguard, sophos or anything. but i want to block every ad on my network.

You need to get Pi-Hole up and running!

I just tried this out today, I have it installed on my Proxmox server.  It is specifically designed for this, and it's great. 

Blocking ads is a great idea, but not all sites are happy with that idea and start blocking users because their home security device blocks ads. My wife has two forums which started backing users because of ads. There must have been a rebellion because the ads are still blocked and my wife can access the sites.

Ian

I will really try it tomorrow! I m sick of ads. (and honestly, due to the extreme number of ads, i kinda limit the use of certain aps, like YT).

I might recommend using an external DNS server that does ad-blocking such as Pi-hole or Adguard DNS. This way ads are blocked on all devices as long as the devices are pointing to the external DNS server that Pihole or adguard is running on.

DNS filtering can be bypassed on devices if users change the DNS settings to Google/Cloudflared ect., so this is why it's not a common practice to rely on something like Pi-hole for adblocking since it can be bypassed. 

If you want to avoid the hassle of setting up your own DNS server, then you could just pay for the adguard DNS service and use the AdGuard DNS servers as the DNS forwarders within the firewall settings.

Amodin said:

ou need to get Pi-Hole up and running!

I just tried this out today, I have it installed on my Proxmox server.  It is specifically designed for this, and it's great. 

Congratulations. Are you using unbound, or the built-in forwarders? Or did you point it back to the XG? I'm curious how others have it set up.

I have Pi-Hole set up as my primary DNS, and XG as the secondary.  All of my DNS local hostnames are already built in XG, and I didn't want to do that all over again.  So, all I had to do was use Conditional Forwarding to get my DNS names to work.  I disabled all of the web ads categories I built in XG to let Pi-Hole do all the blocking. 

So far so good, between it and uBlock extension on my clients.  Of course it doesn't block those pain in the butt Youtube embedded ads, but I dont see anything else coming through yet.

Try the adguard extension. You might get better results. It works on Android devices too and gets more reviews than uBlock origin.