You NEED a firewall

Been in IT for years but still so much I don't know as I don't tinker enough. Being a gamer I've got stuck on that more so good to see this series.

TheStevenWhiting

I'm enjoying the series. I've been thinking of migrating all my services off of truenas scale into something like this and this has been a big help in pushing me in that direction. Thank you.
.

recyclawps

Just found this channel and I love it’s you’re dabbling with exactly the same equipment and softwares that I’ve been planning on looking deeper into. Quick question, which software are you using to make your network diagram?

JoerBrando

I have used ESET on 3 PCs for a number of years to do basically what I see as the main options on the Sophos config page (Computer protection, Internet protection, Network protection, Security tools).
A Mikrotik router does the Firewall duties.

However ESET also extends into my Outlook email accounts for SPAM and Malware detection.
I'm wondering if you rely on Sophos in your virtualised Firewall(s) to also filter/protect all your family email traffic.

If so, I can drop my ESET subscription - another argument for a Server based network 😃

Many thanks for your excellent material and great delivery style - so easy on the ear.

Dreamwoodinternational

Hello again Jim, thanks for the awesome content. I backed up in the series to this point....as you suggested. I really like the extra protection that a sophos home version would provide...but I'm entrenched in my current Ubiquiti ERX and unifi switches already, having just set up my vlans etc to my liking...global firewall rules in place...no open ports yet. Can I skip the sophos portion of this series and revisit later? I have just two Docker containers running now on top of Ubuntu server, portainer and home assistant. Seems like so much to learn and configure!!?? I'm a beginner obviously, want to make sure there isn't a gotcha moment in the next few steps in the journey. I would have to purchase the dual nics for my two intended Proxmox nodes, currently blank...(My starter setup is on a Intel atom PC, which I will migrate over once the two used PCs I found online are prepped.... (Dell and Lenovo towers, both I7/6700, 32gb ram). Thanks so much for your work and previous reply to another question. Southern California Air Force veteran, retired.

Ret_af_vet_

WOW this really helped me! I'd love to see more of your videos!!!

JasonEala

Appreciate your clear explanations of so many concepts.

My Mikrotik RB4011 has nice Firewall functions, but I'm looking forward to picking up more info from this series.

Currently have Pi-Hole (recursive) and ADS B (aircraft tracking) running on separate Pi's, but I'm thinking of rolling those functions into the Proxmox world.
Then I could deploy the Pi's with monitors around the house to display weather station data etc.
Maybe keep a Pi as the redundant DNS server.

Enjoyed your network diagram - I did mine using Mindjet MindManager (a mind mapping prog.) - makes it easy to see VLANs off the Mikrotik CRS328 switch ports.

Dreamwoodinternational

@jims-garage

Great channel. Maybe it would be possible to create a video on how to connect the unifi firewall with wazuh (siem) as additional protection, as well as how to configure the firewall for the server with unifi.

jobapp

Hi Jim,
wonderful series of videos here! Thank you so much.
In a different video you said that you are behind CGNAT ISP (which is what my situation is, actually): Is this fact left aside to reduce complexity from 16:50 min and onwards?
I was assuming I would have to rent a VPS Server to make services available to my friends - said I don't have them in my headscale/tailscale network.
I would gladly see you explain this point to a total beginner like myself. :-)
Best regards!

nicoscherer

Jim, it's so interesting you suggested an i350, and that is the one I am using. You know what? I am using the four ports in a single lagg in Pfsense and in those ports I have vlans for everything in my network, INCLUDING the WAN!!! actually, the WAN is connected to a different switch to a port with the same VLAN as the one I have designed for the WAN in pfsense. You don't need two NICs for a firewall if you use an L2 switch. My switch, and the i350 have a much better throughoutput than the other choice of Nic in my Pfsense

carlosgarcia

Hi Jim,

Could you explain how you have dmz services on VLAN 5 separated from VLAN 4?
Do you have them running on seperate docker VM/LXC or are you using a specific docker network ?

Really enjoying your videos

JUGZJUNIOR

Hey Jim, first, tnx for this important and interesting video!
Second, I was wandering how do u mange to make the IOT vLan and the HomeAssistant (homelab) vLan talk to each other, I have in my homelab an omada controller, and when I tried to define rules I got into some trouble, because in one hand I want my HA to be able to talk to let say my nuki but I don't want my nuki to be able to talk to my homelab, tnx!

yairabc

What's your take on firewalla? I've been deciding between pfsense and firewalla and I am leaning more towards firewalla as just using pfsense would be too much of an undertaking and unfortunately I dont have that much time to spend on it right now.

dyukoth

I consider purchasing an Intel i350-T4 to upgrade the Proxmox rig. Would you recommend getting a 4 port NIC to best follow the videos going forward?

snowpoked

Can you do more videos about how to configure Sophos XG instead of just building it and leaving it there.

Popcorncandy