Building a home firewall - guide

JHZR2 said:
I ordered one from B&H. Should arrive Tuesday.

Any hints on setting it up? It will take data from my Fios ONT via Ethernet, and feed an ASUS AX-58…
Click to expand...
It's pretty straightforward, if you have any questions, just ask. Do you have a PiHole in your network for DNS filtering? If not, the unit itself does do DNS filtering. You will need to turn your ASUS into an access point, do you know how to do that?
 
JHZR2 said:
I ordered one from B&H. Should arrive Tuesday.

Any hints on setting it up? It will take data from my Fios ONT via Ethernet, and feed an ASUS AX-58…
Click to expand...
you need to put the ax-58 into wap mode.
The CGU setup is about 5min then another 5min to configure and update.
its just a wee baby
1711230611266.jpg


Temp install configuring it and adopting my spare 6-lite wap to it.

I just put the 10GBIT SFP+ ethernet adapters back on and upgraded to gigabit spectrum for 10$ a month more. after this pic.

Also B&H had a lookalike page with the cloud gateway lite.. you got the ultra right?

I paid 129 from unifi. just check every morning at about 5am until its instock
their instock notifier is atrocious and the bots buy them all before you get email.
 
OVERKILL said:
It's pretty straightforward, if you have any questions, just ask. Do you have a PiHole in your network for DNS filtering? If not, the unit itself does do DNS filtering. You will need to turn your ASUS into an access point, do you know how to do that?
Click to expand...
I don’t have anything right now but the ONT and the router. I’d like this unit to do whatever I need security-wise…

I know how to use the Merlin WRT firmware/software interface. So I should be ok with the access point setup.
 
JHZR2 said:
I don’t have anything right now but the ONT and the router. I’d like this unit to do whatever I need security-wise…

I know how to use the Merlin WRT firmware/software interface. So I should be ok with the access point setup.
Click to expand...
Its very simple to setup.. esp if you arent using a unifi wap where you have to create the wifi networks etc.
less than 5min to start up then an online update to the network app, and an offline update to the CGU firmware (about 3-5min)

Recommend using the ui Login and setting up MFA on it. you can also use a local login.
If you run into any trouble feel free to PM me.
 
Rand said:
Also B&H had a lookalike page with the cloud gateway lite.. you got the ultra right?

I paid 129 from unifi. just check every morning at about 5am until its instock
their instock notifier is atrocious and the bots buy them all before you get email.
Click to expand...

Ugh, I feel so dumb.

I was sitting on an airplane, and saw the unit in stock and shipping right away. I ordered it too quick…. Like before the plane took off… It is the lite model…


I don’t see any except at a place called c3aero.

Smh.
 
JHZR2 said:
Ugh, I feel so dumb.

I was sitting on an airplane, and saw the unit in stock and shipping right away. I ordered it too quick…. Like before the plane took off… It is the lite model…


I don’t see any except at a place called c3aero.

Smh.
Click to expand...
Dude, 😟 I fell for that one so hard I think I even linked to it at one point. Blame google. It wasnt until I was ordering one that i figured it out.

BAD ONE

RIGHT ONE:
 
JHZR2 said:
Thanks. Yeah Im on the notification list now…
Click to expand...
Their notification list is worthless.
If you get up early for work check their site it comes back in every few days then sells out to bots.
not sure why they let it.. its like the sneaker bots buying shoes or the graphics card resellers a few years back.

store.ui.com

Cloud Gateway Ultra - Ubiquiti Store

Powerful and compact multi-WAN UniFi Cloud Gateway with a full suite of advanced routing and security features.
store.ui.com store.ui.com
I snagged one a couple days ago and never got the in stock notice before it was out of stock..
but I was working at 300am on thurs.. and boom 4am it was in stock when I was getting a 2min coffee break.

This was the first one when I searched the other day.
1711231983700.jpg
 
Last edited:
Just following up on my personal IPFire setup. I finally got around to re-configuring my home network with the IPFire machine working as firewall and DHCP server. I also disabled all of the services on my TP-Link WIFI router so now it's just WIFI. I used to run this setup for years but stopped when I got rid of my home server rack. This current IPFire installation is on a retired mini-itx form facter PC that used to be used as a home theater PC. It got put away shortly after we got a Chromecast and everyone just started casting content from their laptops and phones.

Hardware:
2010 era fan-less 5w, single core Atom N450 CPU on a mini-itx board
2GB RAM
128GIG SATA SSD
2 Intel 1GB NIC's

The spike in CPU usage shown below was when I installed the ClamAV anti-virus service before I remembered that it can't filter HTTPS traffic so is basically useless. The rest of the time CPU usage is loafing along even with a pre-historic level of processing power.

With only two gigs of ram and five users at home doing their internet things, it's got over 70% free memory. So far, no slow downs and speed tests run at full speed.

1712039019395.jpg


The RAM and CPU usage would go way up if I was going to use OpenVPN and VPN services as this old CPU doesn't have the built in cryptographic services that newer processors have.

2024-04-01 23_10_58-AsPowerBar.jpg
 
Last edited:
Rand said:
Its very simple to setup.. esp if you arent using a unifi wap where you have to create the wifi networks etc.
less than 5min to start up then an online update to the network app, and an offline update to the CGU firmware (about 3-5min)

Recommend using the ui Login and setting up MFA on it. you can also use a local login.
If you run into any trouble feel free to PM me.
Click to expand...
I’m up and running!

Got the gateway, set it up, converted my router to AP.

IMG_5978.jpeg


The only snags I hit were silly things.

The strong password that I let my iPhone make got set twice so they weren’t the same. So I could see everything on the app, but couldn’t get into the ui website. The other odd thing was that when I changed my router to just be an AP, the WPA setting got changed from 2/3 to only 2. And then my MBP wanted to set up the wireless again, I guess as a WPA 2 instead of 3. Once I found the issue and set the wifi AP back to 2/3 then all the stuff started working fine again.

I guess that begs the question of how to find out which items are using WPA3 vs 2. So I can get the most on 3…

Overall the new gear seems to be working fine. It has been speed testing to 300Mbps up and down so that’s good.
 
I've been running OPNsense for a few years now. I have it currently running on an off-lease Dell SFF i5 with 8gb ram which is really "overkill" (hahahaha) for it. Paid $60 for the Dell and $30 for an Intel dual port NIC. Turned my Asus AC-86U into a wireless AP, and it all just works.

OPNsense is a bit intimidating at first, but the cost of it, and being able to run it on ancient cheap hardware makes the extra few dollars a year in hydro a moot point.

Having said that, the Cloud Gateway Ultra looks very interesting for the money and probably the way I would go if I was starting from scratch.
 
You must log in or register to reply here.

Similar threads

F
W10 still activates just fine on dell oem. But why?
Replies
13
Views
923
camrydriver111
T
opnsense firewall build
Replies
6
Views
2K
Rob_Roy
V
Anyone familiar with ProtectIQ ???
Replies
4
Views
287
OVERKILL
OVERKILL
FreeBSD 13.1 - HP ProBook 450
Replies
4
Views
445
OVERKILL
OVERKILL
The Dragon who sold his Camaro: Analyzing custom router implant
2
Replies
23
Views
858
Rand
Back
Top