I am looking to get a new router. I run a home network with a server for Plex. The server can be running 6 streams at once both local and remote. I have several IoT devices that I want to run on a seperate lan. I also have IP tv. I will also use a VPN for network traffic. Now the trick is I also want to run snort or suricata. I do have fiber in my are and run gigabit up and down.
What I don’t know is two things.
Does ubiquiti have a version of snort and will it work on a unifi router and still max out my internet.
Second I found this online but am not sure if it is overkill and am worried about how much power it will us vs a normal router.
To get gig performance with the USG you would need to get the XG ($2500 US), see here. The USG does use Suricata for IPS/IDS.
Not sure how hard it is to get this across the boarder. I’m running a Xeon E5-2609v2. From testing across vlans it should be able to do gig with Suricata. You could always do something with more cores or get two of the 2609s if you wanted to be on the safe side. On average load I’m pulling in the low 40W range.
@bratz Go with the pf-sense solution it will give you much more flexibility and options for growth. Having headroom is not a bad thing just be sure to have enough RAM, state tables and block lists for pf-Blocker, Snort rules.
Ubiquiti has an IPS/IDS solution and was referenced by @mouseskowitz above.
In my opinion, the router you referenced from ebay.ca is more than enough and quite honestly overkill for a home network running pfSense. That’s the kind of routing horsepower for a mid-sized enterprise environment. Regardless of what you choose for your future router, keep in mind you want a CPU that supports the AES-NI Crypto if you decide on pfSense. Hope this helps! Good Luck!
@Duane do you have a recommendation for a router that will still support gigabit speeds with IPS enabled? the reason i chose that is some of the netgear, kansung boxes are just as much money but a fraction of the performance. any guidance would be greatly appreciate as i have been researching this for a while.
This has proved to be a great appliance if you want to run pfSense. Netgate offers the SG-3100 for about $350 USD.
If you browse over to Tom’s LTS YouTube channel, he does a great review on their product.
I recently helped a friend deploy this appliance for his home and routes at nearly gigabit with Snort and pfBlocker using iPerf. He also has 4 VLANs dedicated for IOT devices, personal cloud server, guest WiFi and OpenVPN for an iPhone.
