Hardware advice
-
Hi,
I would like to build a firewall for my home. I read some articles and i think you need the following information to help me.
- Internet connection 500/500
- Low power consumption
- 8 VLAN's in my home
- VPN server behind the firewall on my Synology
- 12 devices using the internet
I read the sizing calculator on the website and it states i need an octa-core but i don't think this is low power.
Looking forward to your reply
Thanks
-
I would like to build a firewall for my home. I read some articles and i think you need the following information to help me.
Would nice to know first the total budget to help you more or better.
- Internet connection 500/500
APU1D4 or APU2C4 as a bundle for ~250 €
Jetway NF9HG-2930 + RAM + PSU + Case + mSATA ~350 €
Supermicro C2558/C2758 from amazon/newegg
SG-2240/SG-4860 from pfSense store- Low power consumption
- 8 VLAN's in my home
Please read above or take an Layer3 Switch for that action if line rate or wire speed is
the main goal to archive for your. A D-Link DGS-1510 or Cisco SG300 will be the best option
in your case if later a 10 GBiT/s upgrade will be able to realize with your Synology NAS I would
prefer the DGS-1510 Switch, if not necessary or able to realize I would go with the SG300. The
smallest Switch from the Cisco SG300 series will be the SG300-10 available with PoE or as a plain
Switch.- VPN server behind the firewall on my Synology
- 12 devices using the internet
Nearly every device that fits the case 1 (500/500 MBit/s)
I read the sizing calculator on the website and it states i need an octa-core but i don't think this is low power.
Every Intel Core i3 system can also be matching well to this case.
-
- VPN server behind the firewall on my Synology
So your pfSense install does not have to encrypt/decrypt the traffic (Sinology does that for you).
Unless you want to change that it's just routing/firewalling a 500/500 connection.How much traffic between VLANs do you expect? This has to be routed by pfSense (or an L3 switch, if line speed is mandatory). Future development (like DPDK etc.) will do wonders in the future but that's still down the road. It's in development, which means not even testing (as of August 2016).
-
"Internet connection 500/500"
So what are you using now that handles this speed? Isp device? What device?
Why would you vpn to your nas? Why would you not just vpn to pfsense?
What is budget, what do you consider low power consumption? 10 watts, 50 watts?
-
Wow,
Lots of replies, thank you for that. I'll try to answer them all.
BlueKobold:
Budget depends on price, quality and need. At the moment i have no idea what i'm facing. I do have some spare hardware so maybe i could re-use some of that.
Currently i use a Netgear GS748T managed switch for my VLAN's but my current router (Fritzbox 7490) does not support VLAN tagging.
I do have a spare Intel I3 2120 CPU free so this could be an option.Jahonix:
I would prefer to have my VPN handled by PFSense. That would be great. Currently i'm using OpenVPN on a Synology box but this machine is not always running.
My VLAN traffic is mostly for the guest WiFi, streaming media and a download station so i think about 150Mbps.johnpoz
I have a Fritzbox 7490 but this device does not support VLAn tagging. It does have 1 guest port for just internet.
Budget depends on quality and puropse and usage. Low power means as low as possible without concession or degration of service.
It's for a home environment (me and my wife).Other questions.
How much memory shoudl i be using if i also want to use VPN options and reverse proxy?
Do i need extra NIC's (besides 2)Thank you very much
-
Currently i use a Netgear GS748T managed switch for my VLAN's
Please have a look for a Cisco SG-300 or D-Link DGS-1510 that are Layer3 Switches and they
are routing the VLANs without the need of a router with neraly wire speed!but my current router (Fritzbox 7490) does not support VLAN tagging.
Together with an Layer3 Switch you might be able to run your FB 7490 and let the Layer3
Switch do the entire VLAN routing and you don´t need really the pfSense.I do have a spare Intel I3 2120 CPU free so this could be an option.
Any desktop CPU over 2,0GHz and higher might be a really nice candidate to get enough
speed for your action.How much memory shoudl i be using if i also want to use VPN options and reverse proxy?
Do i need extra NIC's (besides 2)- 2 GB for the base system without other packets should be right
- 4 GB together with Snort installed and VPN tasks
- 8 GB together with Squid, Snort and VPN tasks or Captive Portal might be a good amount of RAM.