This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Best UTM for home use

Looking for some opinions on what people are doing for UTM at home. Trying to figure out what's effective at home without the enterprise costs or administration. I currently use pfsense. Looking for something https://nox.tips/ with better features and reporting.

thanks!



This thread was automatically locked due to age.
Parents
  • One device that is quite popular with the router/firewalls is the Qotom fanless PCs with the Intel I211-AT Gigabit NIC network. These devices are ready to go and require no additional hardware unless you get one barebones. www.amazon.com/.../B01N0H62A1

    Others use embedded SoC motherboards like what you'd get from mini-box.com/Jetwaycomputer.com

    Still others like me are using the UTM home edition with a full size PC with older dual/quad core CPUs that function well as a firewall as long as it is using a "server grade" Intel NIC.

    I run the Sophos UTM with a Sophos access point that integrates right into the firewall and can be setup and administered from within the UTM. Most home users still recommend the Sophos UTM over the XG due to ease of use but the XG is in active development while the UTM's future is uncertain.

    The UTM/XG have what pfsense doesn't and that is a fully functional web filter and antivirus scanning with AVIRA, and a biult-in IPS. Logging is also comprehensive especially on the UTM. The administration guides, at least for the UTM is incredible.

Reply
  • One device that is quite popular with the router/firewalls is the Qotom fanless PCs with the Intel I211-AT Gigabit NIC network. These devices are ready to go and require no additional hardware unless you get one barebones. www.amazon.com/.../B01N0H62A1

    Others use embedded SoC motherboards like what you'd get from mini-box.com/Jetwaycomputer.com

    Still others like me are using the UTM home edition with a full size PC with older dual/quad core CPUs that function well as a firewall as long as it is using a "server grade" Intel NIC.

    I run the Sophos UTM with a Sophos access point that integrates right into the firewall and can be setup and administered from within the UTM. Most home users still recommend the Sophos UTM over the XG due to ease of use but the XG is in active development while the UTM's future is uncertain.

    The UTM/XG have what pfsense doesn't and that is a fully functional web filter and antivirus scanning with AVIRA, and a biult-in IPS. Logging is also comprehensive especially on the UTM. The administration guides, at least for the UTM is incredible.

Children
  • I started out back in 2017 with UTM home on a qotom box with a i5 5250u cpu, 8gb ram. Performance was adequate at best. Took some real optimizing (not all traffic needs full scanning) to get decent performance.  In 2019 upgraded to a proper pc (i5 6600k, 32gb ram). UTM was installed under esxi with the wan nic passed through directly (intel quad port pcie card). There were a few other vm's such as asterisk server (freepbx), small cloud (nextcloud), and a few others. Performance was much better especially the web protection (https scanning). My ISP also changed from ~300 mbps cable to symmetrical gig fiber.

    File server needs grew so upgraded everything to new hardware last year. Ryzen 5800x cpu w/ 64gb ram, now under proxmox. Plenty of capacity for everything for years to come. Got rid of the quad port nic as the board has dual nics embedded. Also no need for the sas card with 8 sata ports. The price is higher electrical draw. This box consumes ~80-90W at idle.

    Re UTM vs XG. If/when UTM goes EOL, I'll be switching to some flavor of pfsense. XG just seems like garbage to me. The UI makes little sense and layout is beyond wasteful with tons of whitespace.  Test it out for yourself.

  • I would try pfsense since it looks like a polished firewall, but I would really miss the web filtering of the UTM. Before Untangle stripped the free version of most of the features I wanted to use their NGfirewall instead. I stayed with Sophos because of it being free and easy enough for a home user to learn and the access points being avaialble.

  • You know, in the 5 years of using utm with web filtering/scanning on, the only hits ever received were false positives. At this point the only filtering in effect is url scanning, not actual content. IPS still enabled.

    I haven't decided which product i'll use yet. I have att fiber and have bypass in place.  Any platform used needs to have wpa_supplicant wired support as that's what handles the 802.1x auth.