Ubiquiti USG-PRO-4
-
@coliver said:
@FATeknollogee said:
@coliver said:
@FATeknollogee said:
For folks that use this as an "edge" device, what else do you have downstream for "UTM" (using this term loosely) or "protection"?
What features are you looking for? There are tons of options for website filtering and proxy services.
AV protection / Content filtering
Squid Proxy, Websense, DansGuardian. Run these on their own VM and you can tune them to meet your performance requirements, this is much harder when running a UTM as you are limited by the hardware and artificial vendor limitations.
Add SSDs, aggressive caches, lots of memory and for less cost than a UTM you can accelerate a lot of the web content to GigE speeds, too!
-
I'm not sure about AV protection. You will catch most of that with a Squid Proxy/content filter, not sure how you would go about it without impacting the speed of traffic.
-
@scottalanmiller said:
@coliver said:
@FATeknollogee said:
@coliver said:
@FATeknollogee said:
For folks that use this as an "edge" device, what else do you have downstream for "UTM" (using this term loosely) or "protection"?
What features are you looking for? There are tons of options for website filtering and proxy services.
AV protection / Content filtering
Squid Proxy, Websense, DansGuardian. Run these on their own VM and you can tune them to meet your performance requirements, this is much harder when running a UTM as you are limited by the hardware and artificial vendor limitations.
Add SSDs, aggressive caches, lots of memory and for less cost than a UTM you can accelerate a lot of the web content to GigE speeds, too!
How much of that is disk sensitive? My guess is that the processor and memory would be doing 99% of the work. Or does it do a lookup to disk whenever a request comes in?
-
@coliver said:
I'm not sure about AV protection. You will catch most of that with a Squid Proxy/content filter, not sure how you would go about it without impacting the speed of traffic.
That's why UTMs can't really do it. You need incredibly CPU horsepower and enough RAM to never have to go to storage. Generally you need a lot of threads, fast CPU speeds and many GB of RAM. Most UTM are like 1GB, but realistically you need more like 4GB - 8GB.
-
@scottalanmiller said:
@coliver said:
I'm not sure about AV protection. You will catch most of that with a Squid Proxy/content filter, not sure how you would go about it without impacting the speed of traffic.
That's why UTMs can't really do it. You need incredibly CPU horsepower and enough RAM to never have to go to storage. Generally you need a lot of threads, fast CPU speeds and many GB of RAM. Most UTM are like 1GB, but realistically you need more like 4GB - 8GB.
Are there in-line virus scanners? Something you route traffic through and it does the work? I've never seen one outside of a UTM.
-
@coliver said:
Are there in-line virus scanners? Something you route traffic through and it does the work? I've never seen one outside of a UTM.
Pretty much all UTM makers make UTM for starter businesses and dedicated scanning for serious ones
Even Netgear makes UTM only for tiny companies and STM for larger ones. -
@scottalanmiller said:
@coliver said:
Are there in-line virus scanners? Something you route traffic through and it does the work? I've never seen one outside of a UTM.
Pretty much all UTM makers make UTM for starter businesses and dedicated scanning for serious ones
Even Netgear makes UTM only for tiny companies and STM for larger ones.Ah, ok. It looks like Netgear is getting out of that industry but cool none-the-less.
-
@coliver said:
Ah, ok. It looks like Netgear is getting out of that industry but cool none-the-less.
Pretty much every one is. It's kind of a scam business. Now that 20Mb/s and faster connections are standard, the ability to make a good UTM is pretty much unrealistic.
-
@coliver said:
@scottalanmiller said:
@coliver said:
I'm not sure about AV protection. You will catch most of that with a Squid Proxy/content filter, not sure how you would go about it without impacting the speed of traffic.
That's why UTMs can't really do it. You need incredibly CPU horsepower and enough RAM to never have to go to storage. Generally you need a lot of threads, fast CPU speeds and many GB of RAM. Most UTM are like 1GB, but realistically you need more like 4GB - 8GB.
Are there in-line virus scanners? Something you route traffic through and it does the work? I've never seen one outside of a UTM.
A proxy device would be this, I would assume. you can make it transparent by setting it as the default gateway for your network, and it is set to simply forward on all good things to the real edge device.
-
@Dashrender said:
@coliver said:
@scottalanmiller said:
@coliver said:
I'm not sure about AV protection. You will catch most of that with a Squid Proxy/content filter, not sure how you would go about it without impacting the speed of traffic.
That's why UTMs can't really do it. You need incredibly CPU horsepower and enough RAM to never have to go to storage. Generally you need a lot of threads, fast CPU speeds and many GB of RAM. Most UTM are like 1GB, but realistically you need more like 4GB - 8GB.
Are there in-line virus scanners? Something you route traffic through and it does the work? I've never seen one outside of a UTM.
A proxy device would be this, I would assume. you can make it transparent by setting it as the default gateway for your network, and it is set to simply forward on all good things to the real edge device.
Right, I just didn't think it could do inline virus scanning. I know it can do URL filtering.
-
@Dashrender said:
@coliver said:
@scottalanmiller said:
@coliver said:
I'm not sure about AV protection. You will catch most of that with a Squid Proxy/content filter, not sure how you would go about it without impacting the speed of traffic.
That's why UTMs can't really do it. You need incredibly CPU horsepower and enough RAM to never have to go to storage. Generally you need a lot of threads, fast CPU speeds and many GB of RAM. Most UTM are like 1GB, but realistically you need more like 4GB - 8GB.
Are there in-line virus scanners? Something you route traffic through and it does the work? I've never seen one outside of a UTM.
A proxy device would be this, I would assume. you can make it transparent by setting it as the default gateway for your network, and it is set to simply forward on all good things to the real edge device.
Do you know of any that do AV, though?
-
@scottalanmiller said:
@Dashrender said:
@coliver said:
@scottalanmiller said:
@coliver said:
I'm not sure about AV protection. You will catch most of that with a Squid Proxy/content filter, not sure how you would go about it without impacting the speed of traffic.
That's why UTMs can't really do it. You need incredibly CPU horsepower and enough RAM to never have to go to storage. Generally you need a lot of threads, fast CPU speeds and many GB of RAM. Most UTM are like 1GB, but realistically you need more like 4GB - 8GB.
Are there in-line virus scanners? Something you route traffic through and it does the work? I've never seen one outside of a UTM.
A proxy device would be this, I would assume. you can make it transparent by setting it as the default gateway for your network, and it is set to simply forward on all good things to the real edge device.
Do you know of any that do AV, though?
@Dashrender sent me this in a PM. http://louwrentius.com/setting-up-a-squid-proxy-with-clamav-anti-virus-using-c-icap.html
It looks like you can do it with all open source tools.
-
@scottalanmiller said:
@Dashrender said:
@coliver said:
@scottalanmiller said:
@coliver said:
I'm not sure about AV protection. You will catch most of that with a Squid Proxy/content filter, not sure how you would go about it without impacting the speed of traffic.
That's why UTMs can't really do it. You need incredibly CPU horsepower and enough RAM to never have to go to storage. Generally you need a lot of threads, fast CPU speeds and many GB of RAM. Most UTM are like 1GB, but realistically you need more like 4GB - 8GB.
Are there in-line virus scanners? Something you route traffic through and it does the work? I've never seen one outside of a UTM.
A proxy device would be this, I would assume. you can make it transparent by setting it as the default gateway for your network, and it is set to simply forward on all good things to the real edge device.
Do you know of any that do AV, though?
I just did a quick Google search and found http://louwrentius.com/setting-up-a-squid-proxy-with-clamav-anti-virus-using-c-icap.html
It talks about using Squid and Clam AV.
-
I had been looking for something like that but had not managed to find it.
-
@scottalanmiller said:
I had been looking for something like that but had not managed to find it.
LOL - yeah typing in random stuff to google sometimes gives better results..
I typed squid AV scanning and that was the first or second link.
-
@scottalanmiller said:
I had been looking for something like that but had not managed to find it.
So had I. This is actually a pretty well done how-to as well. I may run through that this weekend at some point.
-
http://squidclamav.darold.net/
Looks pretty interesting.
-
@scottalanmiller said:
http://squidclamav.darold.net/
Looks pretty interesting.
Now you need to build in a HTTPS proxy to really have it be meaningful long term.
-
Or do what I do and just have good AV on the desktop
Steaming scanning is a nice extra, but I'd like to see some numbers on it being beneficial. It's purely scanning that happens twice, other than there being two different scanners hitting the same data, it feels like a lot of effort for no gain. -
I've never understood how viruii got around AV products on machines running them. It's my understanding this is somehow possible because of other unpatched flaws in the OS, even though the AV knows about the virus, the virus can still get in through the OS flaw, then using that flaw disable the AV, and pwn the machine.
Do I understand that incorrectly?
