Friday, November 11, 2016

Firewall Upgrade




I covered the initial build of the current and I would call Gen3 Firewall yesterday in this post.

But in fact this was complete some weeks ago.

One irritation I would call it is that some of the Networking in our house was still being routed and firewall at sub Optimal speeds.

In fact using a USB 2.0 - GigaBit Ethernet converter.  This has a maximum thruput of about 25 MBytes per second, this being limited by the USB 2 connection.


No problem I thought I'd invest in a USB 3 to Gigabit Ethernet adapter.    Trouble is that under Linux Mint 18 Sarah, and my Asrock motherboard this provided no significantly better thruput.  Only about 35MBytes per second.  And not using the above USB 3 adapter which did not work well, I used either USB2 or other USB 3 dongles.

(Oh and because this is Switzerland the local shop, Digitec will not accept the adapter back for full refund.  So I am stuck with it and have wasted money.  Hmmm. Switzerland).





The Answer is to buy a 2 Port, Gigabit Ethernet Card to replace the current single port that is installed. So I get another wired, really 100MB/sec capable port.

Again since I'm living in Switzerland, land of the expensive and also often pricey Electronics vendor I had to search, buy and then wait 2 weeks for an adapter from Hong Kong


You may recall I'va already gushed about how items from HK or China are very inexpensive, cut out the middle man, and are sales from the Manufacturer or close to Manufacture directly.  I prefer to give them some profit rather than a chain of waffling middle men.




So here is the Adapter.



And here is the Internet Speed you will receive at home should you become a trusted member of the household.  (This is the restricted Home LAN speed of course, not our main Server connection :-) )



Remind me the Networks Please
I'll share the basic Network design setup without too many of the details that could in principle lay us more open to hacking.  Something we take very seriously. So we have:


Secure
A secured wired only network.   All computers in this network are expected to run Anti Virus and Firewall Software.  Additionally a Boundary Firewall is configured to let traffic out from secure to anywhere, and also deny any other network inbound access

Network Speed 1Gb/sec but also some computers use Aggregation to 400MB/sec.
Routing speed thru firewall: > 80MB/sec
Internet Access Speed > 40MB/sec

HouseHold
For general Home Use.   Wired and Wireless routers on this network.   All Computers are expected to run Firewall and all sit behind a Boundary Firewall.  This network can't access secure but can access NAS and Internet resources


Network Speed 1Gb/sec but also some computers use Aggregation
Routing speed thru firewall: > 80MB/sec
Internet Access Speed  <= 40MB/sec


DMZ
Webservers plural live in the DMZ
This is behind the Boundary Firewall

The DMZ network is a target for malicious network packets if they are not dropped, but wished to be 'played' with.



Guest / Straight
Protected by the ISP Internet Box which contains a firewall only. This is a very fast Windows AC network allowing Guests the fastest Internet access

Internet Acces Speed > 50MB/sec wireless


Summary
The already fast Home setup is now upgraded to provide 80MB/sec routing support for our trusted home devices.  A 2 port Ethernet card did the job.