- Joined
- Feb 15, 2014
- Messages
- 20,194
So 20 years of use for a processor aren't enough for some people? I mean, it's from an age when marketing it as the Pentium !!!, with exclamation marks standing in for Roman numeral Is, was seen as a good idea.
-
Important Announcement for the TrueNAS Community.
The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums
PFSense / Home Router - Hardware Suggestions
- Thread starter D-Tijori
- Start date
-
- Tags
- firewall home router pfsense vpn
- Status
VPN = Yes. If not immediately then most definitely in the near future. Its getting nasty out there (or it was always nasty, we just hear more about it now).
Would be unwise to make a system without it going forward. Future proofing is high on the list.
Jailer
Not strong, but bad
- Joined
- Sep 12, 2014
- Messages
- 4,977
Ok then don't even consider the APU2C4 I sugegsted, VPN performance just isn't there with it. The build in your OP is more appropriate.
- Joined
- May 28, 2011
- Messages
- 10,994
You know, we were discussing a complete computer for one supper price, the HP ML10 and it costs $199. You can't beat this deal. The one pitfall is the video output is a Display Port connection which means that if you do not have this type of connection, you would need to buy an adapter which would cost you anywhere from $6 to $20 depending on where you buy one. I'm not sure if the ML10 has the adapter so you could either buy one up front or wait to see if it comes with one. You would also need to purchase a single or dual port NIC card so this would be an additional cost. But in total you would have a functional system for less money than the Supermicro one you have listed now. Also, I'm not trying to talk you out of the supermicro system, it looks pretty nice, I'm only offering up options since you asked for them.
Also, an option to using a different piece of software is Sophos. I'll be honest, it's a pain to setup if you want all the bells and whistles but if you want the basics, it's not terrible. It's also free and patern updates are checked as frequently as every 15 minutes. It's also a set and forget if you like. It also has built in Endpoint protection meaning that it can cover your computers and technically you don't need a firewall nor antivirus software on your computer, but I still run paid software on my computers. Again, just another option and I'm attaching a screen shot, you will note that I do not use all the features.
Also, an option to using a different piece of software is Sophos. I'll be honest, it's a pain to setup if you want all the bells and whistles but if you want the basics, it's not terrible. It's also free and patern updates are checked as frequently as every 15 minutes. It's also a set and forget if you like. It also has built in Endpoint protection meaning that it can cover your computers and technically you don't need a firewall nor antivirus software on your computer, but I still run paid software on my computers. Again, just another option and I'm attaching a screen shot, you will note that I do not use all the features.
- Joined
- Feb 15, 2014
- Messages
- 20,194
Meh, DisplayPort is the future and unequivocally the best PC-oriented AV interface. Except for the locking cables - they're frequently a pain in the ass to access the unlocking latch.
But I fully endorse a future where miniDisplayPort and DisplayPort over USB Type C are as ubiquitous as HDMI (which does have an advantage for longer runs).
Jailer
Not strong, but bad
- Joined
- Sep 12, 2014
- Messages
- 4,977
I had that in the back of my mind when asking. Going back and looking at the OP's stated goal of Gbit when available I will have to agree this might be the best option. Add an additional NIC and it's all set.
Now we are talking. Of course, a full tower, even a minature one, is still full tower as against that little Silverstone cabinet. I did think about just buying a refurbished slim tower server from Amazon originally. But given the security of data in question, chickening out a bit (do tell me its all ok, go on then). The Silverstone motherboard is the killer in terms of $'s. But the form factor and its capabilities (ECC, IPMI, Enterprise grade) is what is getting me sort of excited.
By the way, thanks for getting me even more confused with SOPHOS. Now, its not just the bloody hardware but the software too to think about. :)
But, many thanks chaps. This is really helpful.
Last edited:
m0nkey_
MVP
- Joined
- Oct 27, 2015
- Messages
- 2,739
I'm waiting for this.. https://www.netgate.com/blog/lord-vader-your-firewall-is-ready.html
- Joined
- May 28, 2011
- Messages
- 10,994
Interesting. But the CPU Specs link didn't work just a few moments ago. Just wanted to know if it support AES or not since this sounds like it will be required in a few years.
Anytime.
m0nkey_
MVP
- Joined
- Oct 27, 2015
- Messages
- 2,739
It has CESA crypto offload, which is ARMs equivalent to Intel's AES-NI. So yes, this will work on pfSense 2.5.
Roughly, how many hours/days of hands-on time to dial in SOPHOS UTM? Any downsides you have seen vis-a-vis PFSense?
Also see you are running it on VM. Any additional complications as aganist running on dedicated hardware?
Vader indeed. Cost? Launch timeline? Should be concerned about relying on unproven hardware?
Update: Just saw this - https://www.reddit.com/r/PFSENSE/co..._pfsense_on_r1_dual_core_arm/#bottom-comments
More Update - Free 1 year gold subs with any Netgate appliance.
https://www.pfsense.org/our-services/gold-membership.html
Last edited:
m0nkey_
MVP
- Joined
- Oct 27, 2015
- Messages
- 2,739
Nothing on cost yet. I suspect it'll be around $400USD. The quoted launch is Q3-2017. I'm already saving up for it.
Jailer
Not strong, but bad
- Joined
- Sep 12, 2014
- Messages
- 4,977
Not any more. They recently changed their support options and no longer offer a free Gold subscription. The Gold subscription and support are substantially more now.
- Joined
- May 28, 2011
- Messages
- 10,994
It took a lot of research to get it up an running with all the protection I want, the firewall is not very forgiving either. I'd say you are talking about maybe a few hours to get it setup the first time to be operational with some traffic filtering. PFSense would take about the same amount of time. Keep in mind that this is just a basic setup, not all the protection features. Added features will take longer to understand and then setup. I have very little time running PFSense so I can't speak to some of the add-on packages that you would need to install to make fairly equal systems.
I run Sophos on a VM becasue the AMD hardware would not run Sophos on bare metal. ESXi allowed me to use old hardware. When it comes to using ESXi there are bound to be complications, one such complication is updating ESXi itself. I prefer to download the files and do the update online and I can do that for my main system however for the ESXi for the Sophos, well you need to stop the VM to do the upgrade and then I have no internet. There is a way to download the updates first if I wanted to but I just temporarily connect my backup router and perform the upgrade over the internet. Its quick and painless but it does leave my system vulnerable for the 10 minutes I'm using the backup router. And I would not recommend ESXi or any other VM platform for running primary applications like this unless the user fully understood what the limitations were. I originaly ran the firewall also off of my main ESXi machine but if I entered maintenece mode, then the entire house lost internet and I had a wife, daughter, and father all telling me the internet is down.
So, if I could run Sophos of dedicated hardware that I presently have, I would.
To summarize... I think more people on this forum use PFSense so you might find more setup help here. The Sophos forum is very helpful and they have always come through for me but they are not always speedy in providing an answer, it could take a few hours. Both are good products and both have similar hardware requirements in order to provide the same type of protection. Sophos has a license which expires but it's a free renewal for home users. I think of this as good marketing strategy, get the IT guys to use it at home and they may get the work place to purchase it. Either product will require some work on how to setup the product, Sophos is not the easiest and I can't speak for PFSense yet, just not enough time using it yet.
My recomendation is to try PFSense first and if you want to try Sophos UTM, give that one a shot.
m0nkey_
MVP
- Joined
- Oct 27, 2015
- Messages
- 2,739
https://twitter.com/pfsense/status/870756177239461888
Every appliance purchase from the pfSense store comes with 1 year gold membership.
I got a sg1000 a couple months back and got the free subscription.
Sent from my iPhone using Tapatalk
- Joined
- May 28, 2011
- Messages
- 10,994
What I don't understand is what this service brings to the table even when it's free for the first year when the last line on the page states:
I don't get it.
However it would be good to find out more about the small 2 port model, I see it comes in two versions for CPU speed. I'd like to know if the $100 difference is worth it. Eh, someone will figure that out.
Jailer
Not strong, but bad
- Joined
- Sep 12, 2014
- Messages
- 4,977
Gold yes, support no. Limited value IMHO unless you just want to support the project.
I finally read something that I can agree with you about, Sophos UTM9, baremetal.
I find Sophos menu system to be easy to use. Power does introduce some complexity. One does need to think and learn.
Depends on you and how many features you need to turn on. Do you need hand holding or are you a self starter? Once UTM9 is setup it runs on it's own. Then the odd update that only takes a few minutes.
Best on dedicated hardware, and that is based on usage requirements.
- Status
Similar threads
- Locked
