Recent changes
May 3, 2020
Device priority
Primary device
Operating system
Sign-in account
Sign in with Microsoft ID
Log-in security
    • Account password
    • Windows Hello PIN
Account permissions
Administrator account
Security updates
Automatically allow security and feature updates
Windows UAC
Always notify
Malware samples
No - Malware samples are not purposely downloaded
Real-time Malware protection
Windows Defender
Firewall protection
Microsoft Defender Firewall
RTP configuration
Standard
Periodic scanners
Windows Defender
VPN and Privacy
UBlock Origin for Edge Chromium
Browser(s) and Add-ons
UBlock Origin for Edge Chromium
Maintenance tools
Windows Builld-in
Photos and Files backup
None since all Data is on my HiDrive (Cloud) GDPR / DSVGO compliant Provider
File backup schedule
No photo or file backups
Backup and rollback
Not needed since all relevant Data is on HiDrive
Backup schedule
None
Activity usage
  1. Computer games
  2. Financial and sensitive documents
  3. Generic web browsing
  4. Streaming audio and video content from the Internet
Computer hardware
CPU: I7 8700K (RAM OC)
RAM: 16 GB DDR4 3200MHz
MB: Asus Maximus Hero XI Z390
SOUND: Asus Essance STX II
GPU: Asus GeForce RTX 2070 Super Advanced
SSD: Samsung Nvme 960Evo 500GB
PSU: Seasonic Prime PX850

valvaris

Level 4
Verified
Hello to all,

what is going on?

This is something I wanted to share a long time and tested some Firewall Options out there (Software and Hardware). My Goal was to have a advanced system with Layered Defense and Control.

What are you talking about?

To explain every detail this will take some time but to make a long story short. The combination of what you have and how you use it makes a great difference.

On my Part I wanted to have Control on multiple layers on what - when and were things communicate - From my Network

What did you do come to the point m8?

My Network is a follows:

PC / IoT / WiFi -------> Switch -----> Firewall (Eth1) -----> ISP
TV / Android TV -------> Firewall (Eth2) -----> ISP

First we need IP Ranges
Network 1 (Eth1)
Code:
Address:   192.168.200.110/28
Netmask:   255.255.255.240 
Network:   192.168.200.96/28  
Broadcast: 192.168.200.111   
HostMin:   192.168.200.97       
HostMax:   192.168.200.110 
Hosts/Net: 14

Network 2 (Eth2)
Code:
Address:   192.168.200.200 /29
Netmask:   255.255.255.248
Network:   192.168.200.200/29
Broadcast: 192.168.200.207
HostMin:   192.168.200.201
HostMax:   192.168.200.206
Hosts/Net: 6

As a Firewall solution I use Untangle to Manage my Network and UBNT for my WiFi.

For the Firewall there is allot to mention:
SSL Inspection
WebContent Filter
Application Filter
Virus Blocker with SmartIQ (Cloud) and Bitdefender Engine (with MIME Type)
Layer 7 Firewall for GEOLocation Blocking and granular Firewall Rules
Adblocker
Layer 3 Firewall standard SPF with Default Deny Policy
Intrusion Prevention System

Example Layer 7 - Layer 3 Rule-set:
1590864770846.png


Why did you choose Untangle?

For me it was easier to use then a Sophos XG Home Edition because of the SSL Inspection Rules plus performance wise I have lots more bandwidth then the Sophos.

On my Hardware with a J2900 4GB DDR3 RAM and 32GB SSD I can use 700 Mbit/s to 850 Mbit/s with Untangle on a Sophos XG with the version 18 Software it was just 500 Mbit/s - 700 Mbit/s

The License I use is a HomePro. ;)

What about the PC then?

My Software Firewall on the PC is Glasswire Elite with the Firewall Option "Ask to Connect" with VirusTotal API "On". Windows Defender is for my needs more then enough and am very happy with it.

Wait Wait Wait what about the IoT and WiFi Devices ooohhh and do not forget the TV?

This is something I am very proud of.... BLOCK IT ALL! I only allow standard Port Communication HTTP NTP HTTPS on the direction toward the Internet (ISP). All my Apps seem to function as intended. (IPhone) Ups and the ApplePush Rule. ^^

So what about Backup?

For me none is needed:
GameSaves are on Steam
Windows Settings are on the Cloud
Browser Fav. & Settings are on the Cloud
My Private Data is on HiDrive
And a New Install of Windows 10 is done in under 10 Mins.

Thats all... :D

Best regards
Val.
 

Vitali Ortzi

Level 20
Verified
Hello to all,

what is going on?

This is something I wanted to share a long time and tested some Firewall Options out there (Software and Hardware). My Goal was to have a advanced system with Layered Defense and Control.

What are you talking about?

To explain every detail this will take some time but to make a long story short. The combination of what you have and how you use it makes a great difference.

On my Part I wanted to have Control on multiple layers on what - when and were things communicate - From my Network

What did you do come to the point m8?

My Network is a follows:

PC / IoT / WiFi -------> Switch -----> Firewall (Eth1) -----> ISP
TV / Android TV -------> Firewall (Eth2) -----> ISP

First we need IP Ranges
Network 1 (Eth1)
Code:
Address:   192.168.200.110/28
Netmask:   255.255.255.240
Network:   192.168.200.96/28
Broadcast: 192.168.200.111 
HostMin:   192.168.200.97     
HostMax:   192.168.200.110
Hosts/Net: 14

Network 2 (Eth2)
Code:
Address:   192.168.200.200 /29
Netmask:   255.255.255.248
Network:   192.168.200.200/29
Broadcast: 192.168.200.207
HostMin:   192.168.200.201
HostMax:   192.168.200.206
Hosts/Net: 6

As a Firewall solution I use Untangle to Manage my Network and UBNT for my WiFi.

For the Firewall there is allot to mention:
SSL Inspection
WebContent Filter
Application Filter
Virus Blocker with SmartIQ (Cloud) and Bitdefender Engine (with MIME Type)
Layer 7 Firewall for GEOLocation Blocking and granular Firewall Rules
Adblocker
Layer 3 Firewall standard SPF with Default Deny Policy
Intrusion Prevention System

Example Layer 7 - Layer 3 Rule-set:
View attachment 241573

Why did you choose Untangle?

For me it was easier to use then a Sophos XG Home Edition because of the SSL Inspection Rules plus performance wise I have lots more bandwidth then the Sophos.

On my Hardware with a J2900 4GB DDR3 RAM and 32GB SSD I can use 700 Mbit/s to 850 Mbit/s with Untangle on a Sophos XG with the version 18 Software it was just 500 Mbit/s - 700 Mbit/s

The License I use is a HomePro. ;)

What about the PC then?

My Software Firewall on the PC is Glasswire Elite with the Firewall Option "Ask to Connect" with VirusTotal API "On". Windows Defender is for my needs more then enough and am very happy with it.

Wait Wait Wait what about the IoT and WiFi Devices ooohhh and do not forget the TV?

This is something I am very proud of.... BLOCK IT ALL! I only allow standard Port Communication HTTP NTP HTTPS on the direction toward the Internet (ISP). All my Apps seem to function as intended. (IPhone) Ups and the ApplePush Rule. ^^

So what about Backup?

For me none is needed:
GameSaves are on Steam
Windows Settings are on the Cloud
Browser Fav. & Settings are on the Cloud
My Private Data is on HiDrive
And a New Install of Windows 10 is done in under 10 Mins.

Thats all... :D

Best regards
Val.
Nice Config.
But what version of Enterprise is your system?
 
Top