ONT >> Firewalla Gold >> UDM Pro??? (Ready to buy FWG)
Hello,
I have a UDM Pro. Instead of sending it back (due to its shortfalls), I've decided to enhance its security. Specifically, I want a VPN server and robust firewall to exist between the UDM Pro and my FiOS ONT. So, like this...
ONT >> Firewalla Gold >> UDM Pro
My reasoning is simple:
-
No commercial VPN is compatible with the UDM Pro.
-
The native L2TP VPN (via OpenVPN) is not the epitome of security (no IPSec, etc.)
-
I want the UDM Pro get its IP Address passed to it from the ONT through the Firewalla
-
I don't want to buy any more hardware.
I'm in school, now (Full Stack Software Development). I'm also studying for the Network + examination. I just want a really safe, fast network for my home office.
I'd also like to hear from Firewalla; I'm about to make my purchase at their site, provided this (admittedly elementary) topology will work.
Sonicwall is sure they can take care of me; I'm sure, too, given the money they're asking for.
Any help would be greatly appreciated.
Thanks so much!
-
Thanks for the quick response.
I'm very new to this. I got into it because Spectrum played so many games with my family's cybersecurity and network integrity, that I decided to learn networking. To do this, I purposely bought hardware that compelled me to learn more.
My answers, therefore, come from a limited knowledge base.
1. I want to use the UDM Pro as another network; I want the Firewalla to provide security/encryption for the UDM Pro.
2. My devices will be connected to the UDM Pro.
3. Yes, I plan to use VLAN'S.
More...
- I presently have the FiOS ONT and UDM Pro; beyond the UDMP, I can only afford ONE more appliance :-)
- The ONT is connected to the UDM Pro WAN (DHCP).
- I will either get a Protectli, Firewalla, or Sonicwall appliance to sit between the ONT and UDMP to protect the UDMP.
- I want encryption and security from the Firewalla (or whatever device) to pass through the UDMP to all devices.
- I favor Firewalla for its price point, form factor, overall capabilities, impressive documentation architecture, and simple implementation.
- Since IPsec is important, If I buy the Firewalla, I will be very happy to utilize its third-party VPN capabilities until you guys implement Wireguard.
My wife and I lost our jobs due to COVID-19. We're both in a Full Stack Software Development program at Loyola. We just need our setup to protect what we have, and otherwise enable us to keep learning.
If you had my equipment and use case, what topology would you create?
In the end, I just want "authentication, integrity, confidentiality, encryption, and nonrepudiation" (I have to tell myself this when I get overwhelmed as a newbie). The least expensive, least convoluted topology with the fewest potential points of failure are ideal, given my lack of knowledge.
Thanks again for the quick response. And congratulations on your very impressive product suite.
I hope to hear from you, soon!
All the Best,
Yiz
-
Reading from what you have, maybe you can think of the solution this way. In the world of connected things, the connected thing is very important, so the goal is to keep the monitoring as close to the things as possible. This means you want security near your things.
These are two theoretical suggestions,
1. [ISP]<--->[Gold]<-->[UDMP]<--->Devices
Here you will need to turn UDMP into bridge mode, and the Gold in router mode will be able to see all the devices through the UDMP. (I have no idea if the UDMP can put into bridge mode.).
2. [ISP]<--->UDMP<--->[Gold]
<---> Devices
Here you can put UDMP in router mode, Gold in Simple mode (we have not fully verified that gold will work with UDMP in simple mode), can suck traffic from the UDMP, and monitor it that way.
This is based on the fact that you must to include the UDMP in the solution ...
Please sign in to leave a comment.
Comments
4 comments