I am a big fan of home network security. As the father of three kids and the one in charge of the network at home, I am constantly worried about online safety. Over the years I have tried many different security solutions and am now running Sophos XG at home. Sophos is one piece of my home setup, and you can see more of my setup here.
A few years back, I got tired of the constant reboots I was having to do to my consumer router. It seemed that if I didn’t reboot it every few days to a week, it would cause my network to become laggy. I had the problem in varying forms and severity across several routers. I decided to switch to Ubiquiti equipment, and ran that up until this year. I used an EdgeRouter Lite as my main router and a UniFi UAP-LR as my access point. This was a great combination for many years. I also used Open DNS as a content filter for many years to help the inside to outside security.
Although the EdgeRouter was a great router/firewall and OpenDNS a great filter, I really wanted the filter on the local network. The more network between my users and the equipment protecting them, the more vulnerable the protection is. With OpenDNS, there was a lot of network in between, most of which was out of my control. I read about hardware/software firewalls like pfSense, Sophos and Untangle and was really interested in using them as a solution. After looking into the available options, I wound up choosing Sophos XG as my firewall. There really isn’t a well defined reason I chose it, as all three options are really solid.
Having picked up an old Dell Poweredge 1950 III a few years back, I wanted to stay with rack mount type equipment for my network stuff. I wound up grabbing a Roswell brand 2U case and a Lenovo ThinkCentre with a core i5-2500 3.3GHz processor and 4GB of ram. I pulled the hardware out of the ThinkCentre and put it in the 2U case. 4GB is the Sophos home user (free for home users) RAM cap, so the ThinkCentre’s hardware worked out perfectly.
Once configured, I have a pretty robust bit of security all contained right here at home. Although my past Ubiquiti AP was awesome, I wanted the extra control and features available to the firewall that come from using a Sophos AP. I am using a Sophos AP55C 802.11 a/b/g/n/ac and a Sophos AP30 802.11 b/g/n to run three SSIDS. The first SSID is WPA2 enterprise encrypted, RADIUS authenticated using the wonderful software, FreeRADIUS. The second SSID is for my dumb devices that can’t authenticate via RADIUS. It is WPA2 encrypted and whitelist MAC address filtered. The third and final SSID is completely open! *GASP* Ok, it isn’t exactly open. It is configured as a hotspot and requires a randomly generated, time expiring voucher key to access. It is also isolated from the rest of the network on its own VLAN/subnet.
All in all, I am pretty happy with my current setup. I have good security, good filtering, all while still getting full internet speed from my provider. I am sure that in time, something new will come along and I will change it all again. Hopefully, that isn’t anytime soon!