Recommendations for setup-and-forget "firewall only" nettop
-
First off I am a new user, so please forgive me if there is something wrong with my question/post.
I am looking for a "setup-and-forget" firewall nettop for home use only. Planning to use common home related to packages. Will probably use OpenVPN, IPSec in future.
I am looking for a really small, fanless, and efficient fully assembld and ready to use nettop. This system wold be ideal - http://utilite-computer.com/web/utilite-models - Utilite Pro.
I have looked at
http://store.netgate.com/Netgate-FW-525B-P1919C83.aspx - Netgate FW-525B - cons Atom D525, not power efficient, large and expensive
http://www.amazon.com/Intel-D2500-Fanless-Mini-ITX-D2500CCE/dp/B008KB5YCK - cons Atom D2500, large
http://www.amazon.com/Nexgen-Appliances-NG-MINI-Untangle-Appliance/dp/tech-data/B00F3QCGMG - expensive, though has better processorwhat I am looking for in terms of tech specs
- power efficient and modern processor, preferably with 64 bit support
- at least 2 GB ethernet NICs, preferably Intel
- really small form factor
- around $300 or less
I am not looking for doing any video playback/transcoding/encoding/decoding, no games etc on this machine.
Thank you.
-
What bandwidth is your WAN?
That first box you linked to has an ARM CPU, pfSense only supports x86 hardware currently.
The D525 is not high power consumption though the N2800 is better.
Steve
-
WAN bandwidth is ~25 Mbps.
Yes, I know that the first box has ARM CPU but I wanted to refer to it for the sake of comparing dimensions and power utilization. Although I know none of these Atom CPU based machines are going to match (low) power of ARM based ones.
I could've bought the first box - Netgate FW-525B - even if its comparatively large in size but I feel like its pricey. I wouldn't want to spend more than $300 for that.
I understand that cost of the extra NICs, Wifi and other ports add up. I wish they didn't have so many ports and priced the system lower.
Does pfSense support x86 hardware only, not even x86-64/x64/AMD64?
-
Why not a cheap netgear router and just skip the troubles related to you purchase? Your bandwith is nothing and if you want to set and forget, then a SOHO router will be fine.
PfSense needs maintenance and thats not what youre after.
-
Thanks for the suggestion Supermule, but -
a) I want to learn and use pfSense, for personal hobby/passion reasons
b) I want to use a real firewall that provides IPSec and OpenVPN - eventually
c) While SOHO routers do provide basic security, they are not as secure, they don't generally get security updates, and decent ones are expensive
d) I have Netgear WNDR3400 router that does the job but it keeps dropping connection after a week or so of uptime. I paid around $150 for it. I can go for a basic router and get switch and make WNDR3400 as access point only but if I have to go through so many hoops why not get a real firewall h/w then. DD WRT has issues with the router so I didn't try it. -
Thanks for the suggestion Supermule, but -
a) I want to learn and use pfSense, for personal hobby/passion reasonsI understand. Its a nice piece of kit.
b) I want to use a real firewall that provides IPSec and OpenVPN - eventually
IPSec is common in small routers and nothing to handle on a home network/LAN. Especially with your expected use of it.
c) While SOHO routers do provide basic security, they are not as secure, they don't generally get security updates, and decent ones are expensive
If you enable automatic firmware download then it will. They are patched frequently and new firmware can be updated on the firmware page.
d) I have Netgear WNDR3400 router that does the job but it keeps dropping connection after a week or so of uptime. I paid around $150 for it. I can go for a basic router and get switch and make WNDR3400 as access point only but if I have to go through so many hoops why not get a real firewall h/w then. DD WRT has issues with the router so I didn't try it.
I had a Netgear CG3000 and it did the same. When using my home network connection it dropped all packages when loading the connection and I changed it to a Cisco router. Same problem. Its not your router, but a problem at your ISP.
-
I wish they didn't have so many ports
Possibly the first person to say that ;)
Does pfSense support x86 hardware only, not even x86-64/x64/AMD64?
Sorry, yes there's a 64bit version. I should said X86 with 64bit extensions. Technically I think X86 includes both 32 and 64bit architectures but I think it also includes 16bit and you won't get pfSense to run on that! ;)
So you're looking for really very small and only two interfaces?
For only 25Mbps have you considered an Alix? Or a box based on that such as:
http://store.netgate.com/ALIX2D3-2D13-Kit-Blue-Unassembled-P173C82.aspx
Those are very low power, like ~5W.Steve
-
But does 2.1 run on those? I seem to recall mount errors on those?
-
On the Alix board? Yes. The upgrade process is proving troublesome for some as far as I can see from the forum. I would expect it to be one of the most tested platforms since Netgate are distributing them and JimP runs one at home.
Personally I find the low ram and low processing power too restrictive but if total power consumption is a high priority it's hard to beat.Steve
-
Thanks Brian and Steve, for your replies and suggestions.
Steve, the ALIX 2D3-2D13 kit looks OK but, as you said, it does seem low on RAM and processing power.
I'll think about it and may go for that one.
Thanks again.
-
If you do make sure it will do everything you want first.
You could wait for the new Alix board which will likely be somewhere in between the old Alix and an Atom in terms of both performance and power consumption:
http://forum.pfsense.org/index.php/topic,59555.0.html
Of course it's untested right now but it will likely have a large pfSense user base in time. ;)Steve
-
Also, the less packages you install and the more simple you make it, the more you can "forget it" and trust its just working.