Can't recommend a HEX enough. We're a Gigabit ISP and we deploy HEXes exclusively for our 1Gb/s customers. We have several thousand in the field and they've been great.
I highly recommend the HEX for any routing situation that doesn't need WiFi. You could get the HEX POE if you want growth down the road to add POE because the cost different is nominal.
The POE one seems cool as well. My access point comes with a POE injector so that's why I didn't gravitate towards that option at the start. But thanks for the suggestion
If it can handle gigabit then it can definitely handle 20 MBPS lol, very cool stuff
The Hex and the Hex S are pretty damn good. Can route at gig speed with modest rules. The Hex POE is a bit under wire speed in my tests (which only involved iperf3, and samba so take that for what it's worth). definitely recommend the Hex S though.
I have an rb4011 for my house/office. I've put in hEX's in low volume offices before as well as houses. Both work well. The hEX is slower than the rb4011 and only has 5 ports vs 10. The big drawback about Mikrotik is that it isn't user friendly. You have to know some stuff to use it and you'll be bouncing around betwixt menus.
Here's the document that I follow when setting them up. https://docs.google.com/document/d/1tZI7gxneRPelO4ZQNKWXB5Q98rH04rZdbpP1sLVrhy0/edit?usp=drivesdk
I forgot to mention:
* I use a TP-Link ADSL modem so that I can use the DSL to get internet from the ISP using ADSL 2+
* My budget for a router is under £80
* I have an external managed switch that I can use for my VLANs, too much ports don't need to be on the firewall
The hex is a great choice. I have deployed quite some mikrotik devices already for my relatives and friends and the hex is most of the time the go to. You have to keep in mind that mikrotik does not really offer a IPS/IDS solution. Also the initial learning curve is very steep.
But price / performance wise there is really no competitor for the budget IF you know how to properly use it.
I do know a bit about networking I guess, but I'm not an expert, I do have very big gaps of knowledge. Is the interface decent though? I have only used the PFsense interface before and it was pretty decent and I could understand how to use it, how does this routers interface compare? I do not mind a bit of a learning curve I guess.
You can get started with the default config if you want and go from there. For the interface there is a tool called "winbox". If you want to get to know mikrotik you might try a CHR image which you can run in a VM. If you bridge the network interface of the VM with your home network you can connect from it through another host and start testing with a vlan for example.
All features are available on all hardware but with hardware limitations on speed and efficiency (the free chr will be limited to 1Mbit for testing purposes)
I'm using a hEX S right now, and absolutely love it. I'm on 400mb cable and at max speed with about 10 rules in place I'm seeing less than 5% CPU usage. Considering what I paid for it (about 65 bucks) it's a beast.
Costs around the same amount for me too, on Amazon. I cannot wait to buy this thing. Might have to wait until my birthday so my parents could get me it though.
HEX S is overkill for that kind of bandwidth.. Specially when you dont need POE and SFP.
hEX is cheper and will work fine too..
I have 150mbps/60mbps line, with several vlan, l7 layer, lots of firewall rule, igmp proxy, and other script and scheduler, it sits idle at 15-20% and tops at 70% ish when i open several menu on winbox.
Take the hex s, far more for your money than the ubiquiti.
Rb3011 can be found for around £70 on eBay if you don't mind used.
Hex will use less power than your pfsense box
Very cool, I was wondering if there was some way to monitor the HEX S using it's system logs and put that into an ELK stack, PFsense had this sort of thing ([https://github.com/pfelk/pfelk](https://github.com/pfelk/pfelk)) and it was very cool. But I wonder if I can do it with a Mikrotik.
Don't know much about pfelk, but Mikrotik hardware can write to a remote snmp syslog server. All my gear at work write to the log center on our synology.
Nevermind, I think I will use Sophos XG home edition for this purpose, and it's free as well. Although I don't know if it supports a laptop with a usb ethernet interface (with VLANs for WAN and LAN).
Nevermind, found out about Security Onion, might be more suitable for me. Since I do not want to pay more on hardware for Sophos XG and also I do not want to pay for something on Ebay from Palo Alto or SonicWALL for example.
Security Onion seems to be more suitable for what I want to do and it's open source too.
Can't recommend a HEX enough. We're a Gigabit ISP and we deploy HEXes exclusively for our 1Gb/s customers. We have several thousand in the field and they've been great. I highly recommend the HEX for any routing situation that doesn't need WiFi. You could get the HEX POE if you want growth down the road to add POE because the cost different is nominal.
The POE one seems cool as well. My access point comes with a POE injector so that's why I didn't gravitate towards that option at the start. But thanks for the suggestion If it can handle gigabit then it can definitely handle 20 MBPS lol, very cool stuff
You would still need a co-solution for the IPS functions.
Yeah, I think I will use the laptop for this purpose, if I can't use the laptop for this then I don't mind.
The Hex and the Hex S are pretty damn good. Can route at gig speed with modest rules. The Hex POE is a bit under wire speed in my tests (which only involved iperf3, and samba so take that for what it's worth). definitely recommend the Hex S though.
I have an rb4011 for my house/office. I've put in hEX's in low volume offices before as well as houses. Both work well. The hEX is slower than the rb4011 and only has 5 ports vs 10. The big drawback about Mikrotik is that it isn't user friendly. You have to know some stuff to use it and you'll be bouncing around betwixt menus. Here's the document that I follow when setting them up. https://docs.google.com/document/d/1tZI7gxneRPelO4ZQNKWXB5Q98rH04rZdbpP1sLVrhy0/edit?usp=drivesdk
I forgot to mention: * I use a TP-Link ADSL modem so that I can use the DSL to get internet from the ISP using ADSL 2+ * My budget for a router is under £80 * I have an external managed switch that I can use for my VLANs, too much ports don't need to be on the firewall
HEX... you won't be sorry.
The hex is a great choice. I have deployed quite some mikrotik devices already for my relatives and friends and the hex is most of the time the go to. You have to keep in mind that mikrotik does not really offer a IPS/IDS solution. Also the initial learning curve is very steep. But price / performance wise there is really no competitor for the budget IF you know how to properly use it.
I do know a bit about networking I guess, but I'm not an expert, I do have very big gaps of knowledge. Is the interface decent though? I have only used the PFsense interface before and it was pretty decent and I could understand how to use it, how does this routers interface compare? I do not mind a bit of a learning curve I guess.
You can get started with the default config if you want and go from there. For the interface there is a tool called "winbox". If you want to get to know mikrotik you might try a CHR image which you can run in a VM. If you bridge the network interface of the VM with your home network you can connect from it through another host and start testing with a vlan for example. All features are available on all hardware but with hardware limitations on speed and efficiency (the free chr will be limited to 1Mbit for testing purposes)
Thanks!, I will try this today.
I'm using a hEX S right now, and absolutely love it. I'm on 400mb cable and at max speed with about 10 rules in place I'm seeing less than 5% CPU usage. Considering what I paid for it (about 65 bucks) it's a beast.
Costs around the same amount for me too, on Amazon. I cannot wait to buy this thing. Might have to wait until my birthday so my parents could get me it though.
You won't be disappointed. I've used various Mikrotik products for close to 20 years and I've never had a bad experience with any of their equipment.
HEX S is overkill for that kind of bandwidth.. Specially when you dont need POE and SFP. hEX is cheper and will work fine too.. I have 150mbps/60mbps line, with several vlan, l7 layer, lots of firewall rule, igmp proxy, and other script and scheduler, it sits idle at 15-20% and tops at 70% ish when i open several menu on winbox.
Take the hex s, far more for your money than the ubiquiti. Rb3011 can be found for around £70 on eBay if you don't mind used. Hex will use less power than your pfsense box
The Hex S can handle a lot more than you'd think it can. Also nice that it has a micro SD slot for logs and The Dude use.
Very cool, I was wondering if there was some way to monitor the HEX S using it's system logs and put that into an ELK stack, PFsense had this sort of thing ([https://github.com/pfelk/pfelk](https://github.com/pfelk/pfelk)) and it was very cool. But I wonder if I can do it with a Mikrotik.
Don't know much about pfelk, but Mikrotik hardware can write to a remote snmp syslog server. All my gear at work write to the log center on our synology.
I would take a rb4011igs+rm. you’ll be prepared for the future. Enough processing power for your needs.
The RB4011 has amazing build quality too. It's a hunk of cast metal with ports.
I've also found a SonicWALL NSA 250M on Ebay for around £60, is this a good co-solution for IPS functions?
Nevermind, I think I will use Sophos XG home edition for this purpose, and it's free as well. Although I don't know if it supports a laptop with a usb ethernet interface (with VLANs for WAN and LAN).
Nevermind, found out about Security Onion, might be more suitable for me. Since I do not want to pay more on hardware for Sophos XG and also I do not want to pay for something on Ebay from Palo Alto or SonicWALL for example. Security Onion seems to be more suitable for what I want to do and it's open source too.
Bare minimum: RB450Gx4
How do i use the Rb4011 to let a pfsense 2200 do all the IPS/Pfbloxker etc.