I am hoping to get some advice on how to configure my network for my business. I am mining bitcoin in a shed behind a family member’s office. We share an internet connection. My family member’s business’ modem has wifi that they use for their business (2 computers, firestick tv device, and a printer). Connected to that modem, I have an ethernet cord running to a power line adapter which has a receiver in another room which has an ethernet cord running from it to my mining shed outside. On the other end of that cord is a linkys router which connects to a regular switch and finally to my bitcoin miners (some mine and some are clients’ miners) as well as a laptop, security system with a couple cameras, and an eth miner which is just an open frame computer.
My needs include putting a firewall somewhere in this system that can allow me to create limited VPN access for my clients (access only the ips of their specific miners) and a failover to LTE due to once to twice a month interruptions to my main isp for a couple hours at a time. The firewall needs to be able to have about 75 clients or more, 70 miners, 5 other misc clients.
My thought is that I should put the firewall in my bitcoin mining shed which is connected to the isp modem through some powerline adapters (I’m working on a way to take the powerline adapters out of the system). There will be a couple computers that my family member uses for their work which will not be behind the firewall. I thought about getting a 4G modem to put in the mining shed to use as a failover so that way I can have internet access when the main isp goes down in my mining shed, as well as continued access to my security system when the power goes out (via an UPS). I just need help figuring out which hardware I need as well as how exactly to set it up to give my clients VPN access. Anyone have recommendations on type of firewall? Also, any suggestions on a 4G modems that can handle 75 clients?
Sorry for the long post.
I would get a couple of switches and create different VLANs/subnets for each group of miners that need to be isolated. I would then establish a trunk from the switches to the firewall and setup sub-interfaces for each VLAN and make them the default gateway. This will allow you to create policy and limit access between customers.
The cheapest solution I can think of would be a used Cisco ASA firewall with some used Cisco Catalyst switches which would likely be around $500. If I was doing it right, I would go with either a Palo Alto or Fortinet firewall (with security services licensing).
There is a 4G solution that I have heard others speak of that is really cheap. @LTS_Tom might know which one that I am talking about. You should be able to set that up as a failover on the firewall.
I appreciate the reply.
I was thinking about a firewalla, but I suppose especially in a forum like this that would not be recommended. I looked into some fortinet and Palo Alto firewalls as I do want to do it the correct way. There are 100 models that I saw for the fortinet firewalls. PA400 seemed reasonable but I would say that is the top of my proposed budget. Please, any recommendations would be appreciated on exact models one would recommend. I’m obviously going to have to hire help to set up the vlans and limited access to them but I would like to at least have the hardware when I do hire help as it will likely be “virtual help”. I’m very inexperienced with networking as you can probably deduce. Thanks in advance
I would go with the Palo Alto 220 or a Fortinet 60F. You have a small client count so those should be fine. I’ll be glad to help you set it up too.
Great. Thank you. What brought me to this page originally was watching a lawrence systems youtube tutorial on how to set up a pfsense firewall which made me think the netgate pfsense firewalls may be a good option. I went to the youtuber’s website which had this forum on it.
Question though, I just looked at the PA-220 and one listing said recommended clients 1-10. And the Fortinet 60F recommended users as 11-25. Do you think that this is wrong? Bitcoin miners do not require very much throughput at all but there will be significantly more “clients” than the recommended number on each of those firewalls. Each of those recommendations came from firewalls.com. Please let me know if that is wrong.
The netgate 3100 says “unlimited users” and is $400. After watching the tutorial on the youtube channel, I feel as though I can get through how to set one up, probably with a little help but mostly by myself. It also offers failover as well as load balancing (some of the miners require restart when they lose internet connection for over 30 or so seconds). I do want to know if you/everyone thinks this is a good option or if I should go with one of the proprietary firewalls like the two brands mentioned.
I’m also still looking for a good LTE modem if anyone knows of one.
pfSense is a good option and I use the virtual instance of them regularly. However, if I need a physical firewall with the same feature set I go with the Cisco ASAs since they are less than $100. The learning curve is steep though so maybe the $400 for a Netgate is money well spent.
If you want the best security, PA or Fortinet is the way to go IMO. Regarding the client count that firewalls.com recommends, it seems pretty low to me. I’ve put over 100 systems behind both of those without issues. Sizing when dealing with IPSec VPN tunnels is usually the limiting factor for throughput.