PFSense / Home Router - Hardware Suggestions

Status
Not open for further replies.

D-Tijori

Dabbler
Joined
Apr 19, 2017
Messages
40
Hello chaps,

While I understand there are many threads where this precise subject has been tackled, I would like a more up-to-date list of suggestion(s). Also, this is perhaps not the best forum to ask this but the other forum is a bit of a mess (sometimes, incoherent mess) and I am a little short on time.

In no way a networking pro, or even intermediate. Probably more like amature. Given this, if you are suggesting something, do please make sure to explain the rationale if the suggestion contains advance networking terms.

Criteria:
Use - Protection of home network: Firewall, possible VPN (future proof capability). Once the initial dial-in period is done, would ideally like to 'fit it, forget it' (in terms of hardware). Open to consistent learning of how to properly utilize PFSesne and its features. Would just like general sense of peace knowing home network and its security in is good hands.
Cost: =<550 all in (including taxes)
Network Bandwidth: Should be able to handle 1Gbe speeds (or at least have the capability to do so as and when it become resonable for homes connections)
No. of Devices: Ability to handle 25 devices (mixture of desktops, laptops, mobile phones, tablets, other smart devices)

Would appreciate some manner of organized suggestions if possible (for comparision sake).

Update: The following configuration is based on some research. Comments/opinions solicited.
Motherboard: Supermicro Mini ITX A1SRI-2558F-O Quad Core DDR3 1333 MHz Motherboard and CPU Combo
RAM: Kingston Technology ValueRAM 8GB 1600MHz DDR3L PC3-12800 ECC CL11 1.35V SODIMM Notebook Memory KVR16LSE11/8
SSD: SanDisk SSD PLUS 120GB Solid State Drive (SDSSDA-120G-G26) [Newest Version]
PSU: SilverStone Technology 300W SFX Form Factor 80 PLUS BRONZE Power Supply with +12V single rail, Active PFC (ST30SF)
Cabinet: Silverstone 0.8mm Steel Body Tek Acrylic Front Panel for Mini-ITX Media Center/HTPC Case Cases ML05B
 
Last edited:

melloa

Wizard
Joined
May 22, 2016
Messages
1,749

DrKK

FreeNAS Generalissimo
Joined
Oct 15, 2013
Messages
3,630
Not sure folks here can help. Try: https://www.pfsense.org/
I think, sir, the gentleman's statement is that the pfSense forums are anarchy, and he is pressed for time.

I have some questions. $550 in what country? What I can get for $550 in the US is a lot better than what someone can get for $550 in Sweden or India.
 

SweetAndLow

Sweet'NASty
Joined
Nov 6, 2013
Messages
6,421
Check out the pfsense store. I think the sg-2440 might fit the requirements you want. I bet it can do gigabit Nat.

Sent from my Nexus 5X using Tapatalk
 

D-Tijori

Dabbler
Joined
Apr 19, 2017
Messages
40
I have some questions. $550 in what country? What I can get for $550 in the US is a lot better than what someone can get for $550 in Sweden or India.
That would be US$. Should have been more clear about it.
Check out the pfsense store. I think the sg-2440 might fit the requirements you want. I bet it can do gigabit Nat.

Sent from my Nexus 5X using Tapatalk
Would like to build something myself is what the idea was to begin with. But, if the conclusion is its not worth the bother then will look into a readymade solution.
 

melloa

Wizard
Joined
May 22, 2016
Messages
1,749
I think, sir, the gentleman's statement is that the pfSense forums are anarchy, and he is pressed for time.

I didn't see that in his post and must say that to get my pfSense running I used an used desktop with two NICs and system requirements for that firewall isn't that hard.
 

melloa

Wizard
Joined
May 22, 2016
Messages
1,749
Would like to build something myself is what the idea was to begin with.

See mine:

System pfSense
Serial: 21363a95-4556-11e7-b956-001b21a65ee0
Netgate Unique ID: c07c8fd34ce6537c493e
BIOS Vendor: American Megatrends Inc.
Version: 0804
Release Date: 01/06/2014



CPU usage

9%



Memory usage

18% of 12123 MiB


So it runs virtually on anything - mine is a desktop - and, even though you stated that the forum I've directed you to is not good, I did a simple google search and found: https://www.pfsense.org/hardware/#requirements
 

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,974
Would like to build something myself is what the idea was to begin with.
How fast is your connection and what if any packages do you plan on running?
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,456
I think the sg-2440 might fit the requirements you want.
It likely will, it's right at the $550 mark, and it's now up to a 32 GB SSD onboard (compared to the 4 GB it had when I bought mine). Very low power, fanless, silent, compact. It's 64-bit, so pfSense 2.4 will run on it, and it supports AES-NI, so 2.5 should as well. And four NICs, so I can go dual-WAN or whatever. But it's expensive.

It's frustrating, though, that a year ago, they sold the box (admittedly, with the 4 GB storage), without the pre-installed pfSense or Gold support, for $200 less. Now, it's $550 with or without the pfSense install/support.

If you don't need the tiny, silent machine, you can do a lot better building your own, or better yet buying used.
 

tvsjr

Guru
Joined
Aug 29, 2015
Messages
959
How fast is your connection and what if any packages do you plan on running?
Exactly. NATing a gigabit of traffic isn't that hard. If you intend to run IPS, Squid, etc., that will dramatically change the picture.

I handle a 200/20 circuit with about 10 internal zones, full IPS, Squid, etc. on a 4-core VM with 8GB RAM.
 

D-Tijori

Dabbler
Joined
Apr 19, 2017
Messages
40
How fast is your connection and what if any packages do you plan on running?

It likely will, it's right at the $550 mark, and it's now up to a 32 GB SSD onboard (compared to the 4 GB it had when I bought mine). Very low power, fanless, silent, compact. It's 64-bit, so pfSense 2.4 will run on it, and it supports AES-NI, so 2.5 should as well. And four NICs, so I can go dual-WAN or whatever. But it's expensive.

It's frustrating, though, that a year ago, they sold the box (admittedly, with the 4 GB storage), without the pre-installed pfSense or Gold support, for $200 less. Now, it's $550 with or without the pfSense install/support.

If you don't need the tiny, silent machine, you can do a lot better building your own, or better yet buying used.

Up/Down: 150Mbps/10Mbps.

There is definitely a lot bigger margin of profit and hence the preference to build one. Idea is to have as smaller footprint/noise as possible. However, would prefer bigger (relatively) cabinet with a bit more noise/heat but much better hardware and hence performance for less $'s. Have updated my original post with a potential system.

Apart from base PFsense, would like the capability to run Suricata/Squid. And any other complimentary (future) package which would enable rock stable home network with better security.

Just to be clear: Have no old desktop/laptop lying around to recycle parts. Hence, looking to build a dedicated system.
 
Last edited:

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,974
Any plans for VPN? It matters.

That system you specced out will easily handle your connection and more. If you have no VPN plans you might consider a APU2C4 from pcengines. I have one and it cost $152 delivered to my door.
 

BigDave

FreeNAS Enthusiast
Joined
Oct 6, 2013
Messages
2,479
I purchased a Jetway JBC150F9N-2930-B 1U appliance with the ADE4INLANG daughter
board option for my pfSense box (<$400).

I'm using a Micron M550 64GB mSATA SSD for
the boot device. I added this SSD and 4GB RAM for my pfSense server.
Check out the details here.
FYI, I don't run any packages on pfSense so YMMV
 
Last edited:

tvsjr

Guru
Joined
Aug 29, 2015
Messages
959
Any plans for VPN? It matters.

That system you specced out will easily handle your connection and more. If you have no VPN plans you might consider a APU2C4 from pcengines. I have one and it cost $152 delivered to my door.
Good point. If you're planning to do VPN, pfSense can be configured to leverage AES-NI. You have to turn the support on and ensure you run a crypto algorithm that's supported, but it makes a big difference. Not all of the embedded systems out there will have AES-NI support.
 

Ericloewe

Server Wrangler
Moderator
Joined
Feb 15, 2014
Messages
20,175
They're going to start requiring AES-NI, aren't they?
 

tvsjr

Guru
Joined
Aug 29, 2015
Messages
959
Hmm, haven't heard about that. I don't participate in that community heavily, just run the program. In my world it lives on VMs on one of three dual E5-2670 vSphere nodes, so AES-NI is always available and I haven't given much consideration to the lack thereof.
 

jlentz3

Dabbler
Joined
Feb 6, 2017
Messages
26
If you want the easy answer buy a netgate. Next step is to look up and copy the netgates.

The sg1000 was a bit disappointing when I got it for my home net. I built some i3 supermicro barebones at work and it's much nicer.


Sent from my iPhone using Tapatalk
 

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,974

Ericloewe

Server Wrangler
Moderator
Joined
Feb 15, 2014
Messages
20,175
Two years out? I guess that's not as long as it sounds for a router...
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,456
Two years out? I guess that's not as long as it sounds for a router...
It's soon enough to have a bunch of people running around with their hair on fire. At least one is upset that he won't be able to use a Pentium /// any more.
 
Status
Not open for further replies.
Top