pfSense Hardware Recommendations

[thomas-hn]

Hello,

in the future I would like to use pfSense as Router/Firewall and, therefore, I'm looking for a powerful and energy-efficient hardware.

My requirements are:

• Usage of pfSense (or OPNsense)
• the case shall be a server-case for 19 inch racks
• my current Internet connection is 100/40 MBit/s, but I want to have the option for future GBit FTTH
• having the option for using Snort/Suricata
• having the option for using a DNS filter
• using HAproxy
• maximum of around 6-8 simultaneous VPN connections via IPsec/OpenVPN (IPsec for Windows notebooks, OpenVPN to use HTTPS to bypass some networks which try to block VPN)
• Support for AES-NI
• IPMI
• The system shall be used for the next >=10 years (so it should have some power reserves)

The hardware I'm tending to at the moment:

• SuperMicro A2SDi-4C-HLN4F
  • CPU: Intel Atom C3558, 4 Cores
  • 4x GBit-LAN, Intel C3000 SoC
• Case: SuperChassis 505-203B
• 8 GB RAM ECC
• SSD: Samsung EVO

My questions:

• How secure are SuperMicro boards? In 2018 there where found some Chinese spy-chips on SuperMicro-Boards.
• Do you have concerns regarding compatibility of my setup with pfSense? Are there any known bugs/issues?
• Do you recommend any other components?
• pfSense appliances are often found with i3, i5, Celeron or Xeon CPUs.
  • Would those CPUs provide a huge benefit over my "Intel Atom C3558, 4 Cores"?
  • Do you have any experiences regarding power consumption of such more powerful CPUs? (the Intel Atom C3558 has TDP 16W)
  • Do you recommend another CPU which provides more power at a comparable power consumption?
• Do you have some experience about the other pfSense systems which are often used?
  • APU 2E4/4D4 (compared to this my proposed system should be more powerful)
  • IPU662 with i5-6200U (Skylake Dual Core (4 Threads) 2.3 GHz, Turbo Boost bis zu 2.8 GHz, 15W TDP)
  • Celeron J3160 (4 Cores, 1.6GHz)
  • other i3, i5, Celeron, Xeon systems?
• My proposed board uses Intel C3000 SoC network controllers. Are they compatible to pfSense? Are they better/worse/comparable to widely-used Intel controllers like i210/i211?

Thanks a lot in advance,

Thomas

 

[Ericloewe]

In 2018 there where found some Chinese spy-chips on SuperMicro-Boards.

No, there weren't. All there was were claims of a ludicrously expensive intelligence operation that was theoretically possible, with a large conspiracy, to achieve a goal that could be done far more easily by compromising the firmware directly, which is not a hard task. With no evidence, of course.

 

[Tigersharke]

I realize that this was posted in 'Off-Topic' however, I would strongly recommend looking at the appropriate external forums for conclusive and precise answers to your questions.

• pfsense
• OPNsense

I favor OPNsense and would recommend it, it has regular updates and a welcoming community with helpful involved devs. OPNsense is based upon HardenedBSD which is a security-enhanced version of FreeBSD.

UPDATE: Sorry for not initially indicating those were external forums.

 

[thomas-hn]

I realize that this was posted in 'Off-Topic' however, I would strongly recommend looking at the appropriate forums for conclusive and precise answers to your questions.

@Tigersharke could you please move the thread to one of thoe forums?

 

[Ericloewe]

We do not control either of those, you would have to post there yourself.