So some of you may be aware that I have quiet an extensive home network and lab. One of the items in said network was an old Sophos XG85 which had expired licences. This was not good as I could no longer protect my daughter and segregate my guest network effectively as without a licence this unit is pretty useless.
I did try the route of the official XG home installation on this device however it failed and clearly Sophos have locked that option out. I do however retain a Sophos XG Virtual Appliance in my DataCentre Lab.
I have now decided to go the route of PSSense on my home firewall and OpenDNS with SafeSearch setup using the DNS Fwder on the PFSENSE firewall.
This seems to work very very well.
The best part is I can still use this obsolete hardware and make it work. 🙂
The biggest change was that I wanted a simple way to route my daughter through this firewall. But just some info of how this little PFSense device is setup.
Currently the DNS resolvers that are used by the PFSense are the Cisco Umbrellas (Open DNS) Servers. I have setup the DNS server side as I want them to be. Then from there I have setup DNS fwding on the PFSense which allows me to inject host entries into the chain. So basically anything that goes through this device is fully search engine safe and has DNS filtering.
I know sure there are ways to get around this but not when your dad is full time firewall , networking and server engineer. I have forced the routing to take this route even if she overides with manual IP’s etc.
She connects to the same wifi network as us and breaks out over a different gateway due to Mangle rules etc that I have setup as well as DNS forced from her IP addresses to use OPENDNS.
Despite her being on the same pool and network, her DHCP Gateway and DNS differs from all the other users. The pure power of Mikrotik devices at play. 🙂
I have tested this thoroughly and at least now I no longer need to have a seperate SSID and wifi AP for her to be safe in her browsing.
Till next time. Take care all.
Some pictures of how the home network is coming on…..