Posted in Gadgets, Hardware, Networking, Security

New FireWall replaces PiHole & Providers Router

   Published Date: January 27, 2024  Leave a Comment on New FireWall replaces PiHole & Providers Router
ISP Router

I’ve recently updated my internet stack, which is now as follows:

  1. 2000Mbps Fibre to the Premises (Symmetric 2Gbps Up & Down)
  2. Providers Modem providing 2.5GB Fibre to RJ45 Ethernet Socket
  3. My New Firewall (Replacing my provider’s firewall, keeping my network safe from prying eyes)
  4. 3 x Ubiquiti 6 Enterprise APs (meshed)

(Sorry, I won’t give the make and model of perimeter security equipment, as that would be silly)

The new firewall has some exciting features.

  1. 2.5Gbps Throughput
  2. Adblocking
  3. Porn Blocking (including image recognition)
  4. Social Media Blocking (You can limit the time or amount of time-limit a user can spend scrolling social media)
  5. Movie Blocking (You can also limit the time or amount of time-limit a user can spend watching movies)
  6. VPN Blocking
  7. Intruder Detection & Intruder Prevention
  8. DNS over HTTPS (including interception of manually configured DNS server traffic and forcing the use of its own)
  9. DoHS blocking to stop you from using your own DNS servers from inside the network, even if attempting to use DNS over HTTPS
  10. NTP intercept. The firewall answers any calls to external NTP servers, so everything remains in sync but is not influenced by outside sources.
  11. WireGuard VPN & Open VPN Server & Client
  12. DHCP with Dynamic/Static Allocation and reverse DNS name updated (great for logs)
  13. Local DNS Overrides (great for stopping my NAS drive traffic from traversing to the outside of my firewall.
  14. Deep packet inspection, logging & alerting
  15. Smarting Queuing & QoS (Quality of Service)
  16. New ethernet or WiFi connections to the network are blocked from the internet and isolated from most services (quarantined) until they are tagged with what they are (correctly identified) and moved to the relevant group, where the correct policies and rules get applied to the device.
  17. Local DNS zones & DNS Override (Split Horizon DNS)

But why do this?

Most non-technical people are unaware that your ISP can log into the router they provide and, from there, see your entire network.

If you have open file shares, which I wouldn’t recommend if you have WiFi, then, should they want to, they can read your files and generally nose around your network.

When you have your own firewall, they are held away on the external side of your firewall/router.

When the router intercepts DNS and performs its own DNS over HTTPS, it also gives the ISP much less insight into what you are doing with your internet connection.

 

Author: Andrew

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.