Time to leave pfSense or Build HW myself?
-
Hi.
Having had 1Gbe Fiber for a while now, and been waiting for Netgate to release a proper appliance for that linetype, I’m about to give up.
Why is there no news from netgate about upcoming appliances to “handle” the VERY important mid tier market: 1Gbe lines in private homes (Few users, high bandwidth, low power consumption).I’m running a SG-2100 now which is a great box, but it does not handle more than -600Mbps (without any traffic monitoring packages - with them its more like 300Mbps)
The SG-3100 which can handle this usecase has been a terrible disaster the last year and is now EOS - soon to be EOL because it’s a 32bit ARM CPU. I’m not going there…
The SG-5100 was a good candidate but is also EOS and probably soon EOL. Wonder if EOL will cause it not to recieve new pfSense+ versions going forward even though the hardware can run it?
The SG-6100 is a very nice box, but also very expensive and fairly powerhungry device for a home 1Gbe line.
The jump in Netgate lineup between SG-2100 and SG-6100 is MASSIVE, and there is no news indicating when - if ever - they will fill it.
I’m thinking there is a large market for a low power ARM device with 2x the CPU performance of SG-3100 and with 3 discrete NIC’s one of which is a dual identity SFP/RJ45. Perhaps one of the NIC’s could be connected to a 4 port builtin switch.So what to do? Change firewall provider and go with another vendor appliance, or attempt to build myself the midtier device Netgate does not provide?
-
If you need something now, there is no point waiting.
netgate has announced a software only appliance license, but it is still in the works.
For home use a x86 based solution is fine
A sff pc with dual intel nics is a good candidate.
You can always consider virtualization.
Running at gbit wire speeds and doing things on the packets isnt exactly low power too. -
There are no plans to stop supporting either the 3100 or 5100 as far as I know. We still build and test images for devices far older than that.
The 5100 will likely be a viable platform for many years even after that. You can still install the current pfSense version on the FW-7541.The 6100 is not really that power hungry in normal use. The provided PSU is capable of supplying it's maximum consumption but, for example, one I have here shows ~15W and it has an SSD and modem and wifi cards.
Unfortunately supply chain issues are affecting everyone.
Steve
-
@stephenw10 said in Time to leave pfSense or Build HW myself?:
There are no plans to stop supporting either the 3100 or 5100 as far as I know. We still build and test images for devices far older than that.
The 5100 will likely be a viable platform for many years even after that. You can still install the current pfSense version on the FW-7541.The 6100 is not really that power hungry in normal use. The provided PSU is capable of supplying it's maximum consumption but, for example, one I have here shows ~15W and it has an SSD and modem and wifi cards.
Unfortunately supply chain issues are affecting everyone.
Steve
Yes I understand that 5100 will still be going strong for years, but will it continue to recieve pfSense+, or will I be forced to use CE version?
Love the no fuss of using the official appliances :-)
-
@stephenw10 said in Time to leave pfSense or Build HW myself?:
You can still install the current pfSense version on the FW-7541.
@keyser said in Time to leave pfSense or Build HW myself?:
will it continue to recieve pfSense+, or will I be forced to use CE version?
My understanding is:
-
pfsense+ installs on Netgate supplied hardware.
-
pfsense CE installs on amd64 based hardware
-
in the near future subscriptions to install pfsense+ on amd64 based hardware will be available
So imo being required to install pfsense CE on a 5100 is not how Netgate had treated customers in the past so is unlikely to be the case in the future.
-
-
What about an ASUS RTAX88U to handle the 1gbit link?
And maybe use the Merlin upgraded WRT??
-
@keyser said in Time to leave pfSense or Build HW myself?:
will it continue to recieve pfSense+, or will I be forced to use CE version?
It will continue to see pfSense+ updates.
-
@stephenw10 said in Time to leave pfSense or Build HW myself?:
@keyser said in Time to leave pfSense or Build HW myself?:
will it continue to recieve pfSense+, or will I be forced to use CE version?
It will continue to see pfSense+ updates.
Thats good to know. Thats good to know.
While I understand you can’t say for how Long, do you perhaps a ballpark figure? One year, several years, or perhaps until that CPU/NIC/Memory combo is No longer supported in freeBSD? -
Hmm, hard to predict! We had to stop supporting 32bit x86 CPUs as the burden of developing an testing became too great. That meant the ALIX box could no longer be used but it's 128/256MB or RAM had limited it's use before that.
The hardware in the 5100 is all pretty standard. It's hard to imagine when a 64bit x86 CPU or igb/ix would no longer be supported. Or that 4GB is insufficient.
Steve
-
@stephenw10 Hmmm, decided to support the project and bought a SG-6100 even though it’s overkill for my needs.
I the hardware quality is good it should last me a long long time with those capabilities and speed.
-
I dont get why people dont look at refurbed hardware....
Its cheap and can easily push what you need...
-
@cool_corona said in Time to leave pfSense or Build HW myself?:
I dont get why people dont look at refurbed hardware....
Its cheap and can easily push what you need...
Well, the software doesn’t develop itself even though it is Opensource. So we all have to support the project in any way we can. I much prefer to purchase “overpriced” hardware that is well and truely supported - and will last me many years - rather than donating or sign up for support I don’t need.
Besides, refurbed hardware is not always unproblematic, and finding power efficient legacy hardware can be rather difficult.Last but not least - Here in Denmark the year/year powercost of a 4 year old i5 SFF desktop PC is about the same as the cost of the PC itself. So getting something in the 10w range is important (10w a year = 50-55$ a year).
-
@keyser I have 1Gbps fiber at home too, and agree that there's a gap to be filled. Right now I'm using a 6100 and while I agree that it's a bit pricey for a home router, when you spread it out over the likely 5+ year lifespan of the device it really doesn't matter that much.
A 4100 is coming "real soon now" and will likely be that goldilocks device you've been waiting for. I'm sure it would have been here by now if it weren't for the supply chain nonsense.
