Home network update – Meraki to Netgate

I avoid frequent changes to my home network. My stated goal is to design and install a reliable, secure network and keep it updated, but otherwise leave it alone. About five years ago, I took advantage of a Cisco program for free Meraki software for completing a professional certification class and exam. Now the program has expired, and I needed to replace the MX64 security appliance.

Moving from a commercial security device to a consumer product, I wanted to get something simple, but flexible. I’ve always been interested in open-source products, and considered ‘rolling my own’ firewall, but finding cost effective, silent (fanless) computer with multiple gig Ethernet ports in the current (Nov 2022) market was a challenge. Also, there’s still a huge supply chain issue that I expect through 2023 and I don’t want to buy from China. Not a nationalist issue, but I don’t trust security appliances from China (https://www.dhs.gov/news/2020/12/22/dhs-warns-american-businesses-about-data-services-and-equipment-firms-linked-chinese).

Selection Process

Super simple – I looked at consumer products and found they weren’t flexible enough for my use, some products were discontinued, others are on back order. I wanted to spend under $300 and narrowed the search to Ubiquiti Networks and Netgate (pfSense). Ubiquiti availability was an issue, and Netgate was less expensive, so I went with the entry level Netgate 1100.

Although the GUI lagged during the installation, subsequent configuration changes and overall performance of the device has been good. I’ve updated the default configuration by disabling IPv6, not using VPN or packet inspection, using PiHole on a spare Raspberry Pi instead of using Netgate services.

I would call this a ‘prosumer’ product – you can’t install and use this product without reading the manual and understanding the basics of TCP/IP networking. However, it’s much more flexible than the average consumer product and using pfSense open-source software provides greater security and longer support life (IMHO).

Performance

Performance is equivalent to the Meraki MX64. We have >20 devices on our home network including three Roku devices streaming 1080p (not 4K). If you plan to implement low level security, ad blocking, and other features, consider the 2100 model.

Recommendation

• Pros
  • Good security appliance for home networks with under 500 Mbps Internet service
  • Simple installation and silent operation
  • Better security and longevity than consumer products at this price point.
  • Performance is good
• Cons
  • Install is not just “click next” – you need to read the manual!
  • Lots of online chatter about performance issues using third party packages

Home Network

Netgate running statistics

Internet speed
Comcast – 300 Mbps download, 12 Mbps upload