Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

maflynn

macrumors Haswell
Original poster
May 3, 2009
73,682
43,706
Anyone using a Protectli Vault ?
I'm considering adding this to my home network. I had a raspberry pi, as a hardware DNS, and firewall, but it actually caused too many issues.

In all honesty, I wonder if the Protectli would be overkill and/or I'm being paranoid. I do take my privacy and security serious. I use a VPN on my desktop, and my work laptop has my work's VPN.

On one hand, I feel that having this will protect me against a lot of potential threats, it will allow my to isolate my smart tv on its own network (smart tvs tend to be less secure) and have the ability to have a superior firewall to dial in my protection across the entire network instead of a machine at a time. On the other hand, my little old home network is one of many on my street, I don't really do anything that would cause an increase in risk, i.e., my computing habits are tame.


 
  • Like
Reactions: keithop

bobcomer

macrumors 601
May 18, 2015
4,949
3,693
It's overkill for what I want, but if you really want a good edge firewall/router, you can't go wrong with a Watchguard Firebox. They've been doing that a LONG time and it's what I use at work. The Firebox NV5 isn't much more than this product. Love their VPN server the most!
 

elvisimprsntr

macrumors 65816
Jul 17, 2013
1,032
1,534
Florida

I use a Protectli Vault as a https://pfsense.org firewall, ids/ips, vpn server, and stratum 1 GPS NTP server.

99b7ac1cdeaf1d717b40691703acd41d.jpg



You can easily virtualize pfsense or pick up a used Qotom for less than $50 on evilBay. Less than the cost to get started with a RPi.

 
Last edited:
  • Like
Reactions: protectli

keithop

macrumors 6502a
Jul 22, 2002
684
906
Anyone using a Protectli Vault ?
I'm considering adding this to my home network. I had a raspberry pi, as a hardware DNS, and firewall, but it actually caused too many issues.

In all honesty, I wonder if the Protectli would be overkill and/or I'm being paranoid. I do take my privacy and security serious. I use a VPN on my desktop, and my work laptop has my work's VPN.

I got a cheap copycat box from aliexpress which has been working brilliant for a few years now running pfsense... definitely overkill for my network but nice to use and play with
 

maflynn

macrumors Haswell
Original poster
May 3, 2009
73,682
43,706
So I picked up a Protecli VP2410 – 4x 1G Port - bare bones model. It comes with 8GB of eMMC memory already on board, I believe I have a sodimm that will work lying around. I also picked up a M.2 Sata ssd from amazon. I found a 100 dollar gift card in cleaning out my desk and this weekend was the tax free weekend here in Mass.
1692005957733.png

I've been debating using this more so lately due to how Google is trying to squash ad blockers and generally want to manage the traffic coming in and out of the house. Plus I think it will be fun to learn

The stuff is coming from Amazon, and not due in till later this week. I'll update the thread as progress is made
 

maflynn

macrumors Haswell
Original poster
May 3, 2009
73,682
43,706
Just a quick update that isn't an update, the barebones protectli came, as did the SSD, but the SSD is NVMe, not SATA. So Amazon's awsome search list of M2. SATA SSDs intermixed NVMe and Sata drives. I was choosing between a western Digital Blue, Green and Black SSD. I opted for the Black, which was the only NVMe one, the other two were SATA.

Soooo, the new SSD is arriving this weekend, but the protectli looks good. I was able to fire it up though without the right storage, there's not much I could do.
 

dumastudetto

macrumors 603
Aug 28, 2013
5,286
7,740
Los Angeles, USA
Just a quick update that isn't an update, the barebones protectli came, as did the SSD, but the SSD is NVMe, not SATA. So Amazon's awsome search list of M2. SATA SSDs intermixed NVMe and Sata drives. I was choosing between a western Digital Blue, Green and Black SSD. I opted for the Black, which was the only NVMe one, the other two were SATA.

Soooo, the new SSD is arriving this weekend, but the protectli looks good. I was able to fire it up though without the right storage, there's not much I could do.

Did you consider an AirPort Extreme?
 

maflynn

macrumors Haswell
Original poster
May 3, 2009
73,682
43,706
Did you consider an AirPort Extreme?
hahahahahaha

Seriously?

You have to be trolling

Watch the first video by Naomi, and it will provide details on why most consumer wifi routers are inherently insecure. Now compound that with a discontinued product that will received absolutely zero security updates. Plus as routers go, it's very inflexible not allowing consumers to fully configure it.

The protectli running PFSENSE allows you to create vlans, so you can segment connected devices, i.e., not have smart devices, or iOTs on your main network. Create indepth an flexible firewall rules, including having blacklists of known malware sites. You can add on to PFSENSE to import lists of known adware sites - to block them. You can install a VPN, so your entire network, including smart devices can be on the VPN.

its better to have a your wifi set up as an access point and your firewall on another, so you can easily upgrade your wifi as standards and technology changes.

Finally, why in the world would I select a router that is slower then what is currently available?
 
Last edited:
  • Like
Reactions: LeeW

dumastudetto

macrumors 603
Aug 28, 2013
5,286
7,740
Los Angeles, USA
hahahahahaha

Seriously?

You have to be trolling

Watch the first video by Naomi, and it will provide details on why most consumer wifi routers are inherently insecure. Now compound that with a discontinued product that will received absolutely zero security updates. Plus as routers go, it's very inflexible not allowing consumers to fully configure it.

The protectli running PFSENSE allows you to create vlans, so you can segment connected devices, i.e., not have smart devices, or iOTs on your main network. Create indepth an flexible firewall rules, including having blacklists of known malware sites. You can add on to PFSENSE to import lists of known adware sites - to block them. You can install a VPN, so your entire network, including smart devices can be on the VPN.

its better to have a your wifi set up as an access point and your firewall on another, so you can easily upgrade your wifi as standards and technology changes.

Finally, why in the world would I select a router that is slower then what is currently available?

AirPort Extreme is rock solid in terms of performance and security. Apple recently released 5.9.1 firmware so it's still being kept more secure with updates. While some of the technology inside AirPort Extreme is a little aged, this is more than made up for by the seamless integration across all Apple products and services.

The videos mainly focus on ISP supplied kit and low-grade OEMs. Apple offers best-in-class security and support across all its devices.
 

maflynn

macrumors Haswell
Original poster
May 3, 2009
73,682
43,706
AirPort Extreme is rock solid in terms of performance and security
I gotta disagree with you on that. Its a discontinued product, and from what I googled its on 7.8.1 which appears to be from 2019. If you have any information thta shows something newer then 4 years ago, please provide it.

Also it offers a simple firewall, nothing that I can fully setup and use, so its not getting updates (AFAIK), and there's little configuration ability for the router, thus making it harder to manage my network and keep harmful sites from my network

1692361556987.png


Thirdly, its only 802.11n where as there are newer faster standards, including what I currently have.

Again in what world would it be a good idea to buy a router that the manufacturer discontinued in 2018, the last update occurred in 2019, it uses a slower wireless standard, and its firewall is significantly weaker then what I have with the PFSENSE?
 

protectli

macrumors newbie
Aug 18, 2023
3
1
@maflynn, we don't think it's overkill, but we're a bit biased 😂 .
Let us know how your deployment goes. We're here (rather, at protectli.com/support) if you need anything!
 
  • Love
Reactions: maflynn

maflynn

macrumors Haswell
Original poster
May 3, 2009
73,682
43,706
Update #1
Installing PFSENSE was easy as pie, I made the mistake of using The first video as my step by step guide, and I missed a crucial step, i.e., putting in the DNS servers. I reran the setup wizard and that walked me through everything I needed.

I set my mesh network to AP mode and connected the Vault to my cable modem, and the mesh to the vault. Everything worked great for about an hour. Then I lost internet via wifi. I could access the pfsense via the ip address, so wifi itself was working just connectivity to the internet. I pulled the vault out of the network, changed my mesh network back to normal (off of Access Point mode) and I'll retry again later today. Internet was a bit wonky even w/o the vault, and things clamed down after I rebooted my cable modem, and Orbi mesh network.

Later today, I'll re-insert the vault back into the network, reconfigure the Orbi to AP mode, set both the Orbi base station and the satellite to use static IPs, then reboot everything, the cable modem, the vault, Orbis and I'll retest
 

maflynn

macrumors Haswell
Original poster
May 3, 2009
73,682
43,706
Update #2
I reworked my Orbi wifi, and in PFSENSE I assigned both the base station and Satellite static IPs. The Wifi dropping disappeared and the network definitely looks more stable.

I'm not going to be making any further changes for a little while as I want to confirm stability and no issues. Once I'm satisfied, I'll be looking to setup my firewall and look into adding a layer of ad blocking, either by lists or plugins into PFsense (or both).
 

diamond.g

macrumors G4
Mar 20, 2007
11,210
2,504
OBX
I am interested in seeing how this works out for you. I am currently all in on Unifi gear but it is interesting to see other options.
 

maflynn

macrumors Haswell
Original poster
May 3, 2009
73,682
43,706
I am interested in seeing how this works out for you. I am currently all in on Unifi gear but it is interesting to see other options.
I'm doing really well with it.
I have PFSENSE up and running, things are stable. I have one network setup and I have pfblockerng installed and running. I only have the default blocker lists but I'm noticing many web pages are loading faster and once that I had to whitelist in Adblocker plus are no longer showing

It appears my Orbi mesh network can see vlan tags and be configured for vlans. So while that is setup as a AP, I think I might create a vlan for my smart Tvs, and apple tv to isolate them off my main network.

I'm letting things settle down and just ensure there's no issues with the changes I've instituted over the past few days.

I will say while a tad pricey, I do find the hardware to be excellent, and the performance of the vault to be great. One downside is the fact that storage is using the SATA interface - seems rather odd in this day and age. Its getting harder and harder to find M.2 Sata, though the vault does comes with all the accoutrements needed to install a 2" sata ssd.
 

keithop

macrumors 6502a
Jul 22, 2002
684
906
I'm doing really well with it.
I have PFSENSE up and running, things are stable. I have one network setup and I have pfblockerng installed and running. I only have the default blocker lists but I'm noticing many web pages are loading faster and once that I had to whitelist in Adblocker plus are no longer showing

I really rate pfsense. I'm constantly amazed by how good it is!

Great graphs and network visibility, firewalling, addons to do stuff like monitoring my UPS and with something like a protectli, so much power!
 
  • Like
Reactions: maflynn
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.