Returning user needs a new pfSense box!

bluepr0

Hello!

It's been a while since I stop using pfSense. Back in the day I got it installed on a Mac mini but in 2016 sold it and went back to the dark side. Anyway I'm looking to buy a new box!

My hardware needs will be:

• Route a 500/500 fiber connection but to make it future-proof ideally I want the full gigabit.
• Low power
• Very Low noise or fan-less
• Enough to have WAN/LAN and an OPT1 interfaces

On the software side:

• Handle the web ui of pfSense with ease, quick menus, fast loading, etc
• pfBlockerNG
• Future-proof for new pfSense versions (AES-NI support)

Budget

• Ideally around 150-250€

I've been looking around to buy a Netgate hardware but I'm living in Spain and the resellers' website I checked they don't offer the lower-tier models or they are at super expensive prices.

Options I guess they could work are these Mini-Pc with different CPUs like Atom E3845 or 3865U. I'm a bit lost here on what would be best but I believe all of these should have plenty of power for my needs.

Is there any more options I'm missing? Any recommendations?

Thanks a lot!

stephenw10

The SG-5100 meets that.
The SG-3100 meets that at 500Mbps an comes very close to full Gigabit.
Not for €250 though.

Steve

bluepr0

@stephenw10 thanks a lot for your reply! I've checked but both of these go way too much over my budget, sadly. Just as a constructive critique would be great to get a performance chart on the Netgate shop for each device, like the max routing speed, the OpenVPN speeds, adding Suricata, etc. I think that could make people's life easier when trying to pick a device right for them

Anyway! I found 2 boxes that seems to be quite interesting and I was wondering what do you people think about it based on my needs? I'm not entirely sure which one I should pick up:

Qotom Q355G4:

• Intel Core i5-5200U Processor, dual core,3M Cache,2.2GHz up to 2.7GHz, Intel HD Graphics 5500.
• 4 LAN Ports
• 4GB RAM
• 32GB SSD
  Price 237€ including shipping

or

Qotom Q530G6:

• Q530G6:Intel 6th Gen Core i3-6100U Skylake Dual Core, 3 M Cache, 2,3 GHz.HD Intel 520
• 6 LAN Ports
• 4GB] RAM
• 32GB SSD
  Price 226€ including shipping

Looking at the ark.intel.com comparison (see https://ark.intel.com/content/www/us/en/ark/compare.html?productIds=88180,85212) the i3 is newer and got more memory bandwidth as it uses DDR4 so looks like the better choice... or am I getting blind by numbers and should consider something else?

stephenw10

Mmm, I can't really advise you there.

Qotom have long been in our bad books for trademark abuse.

Steve

bluepr0

@stephenw10 oh wow, why is that?

stephenw10

Why did they abuse our trademark? To sell more hardware without contributing in any way to the project I would guess.

I can't advise you to buy from them as it directly conflicts with Netgate's interests and they pay me so I can eat!

I rather see you buy a second hand Watchguard box really. But I have weakness in that area.

I'm sure someone else can let you know if either of those would be suitable, there are many people running them.

Steve

bluepr0

@stephenw10 oh I didn't know, I don't feel comfortable buying from such a company now. Will see what else is around, thanks!

bluepr0

@stephenw10 that being said, if I would be interested in the SG-3100 where I could get numbers regarding routing speeds without anything installed, with OpenVPN, with Suricata, etc, etc?

stephenw10

On the SG-3100 I have here which is configure in quite a complex way I see close to Gigabit with firewall+NAT using iperf3. >900Mbps. ~100Mbps OpenVPN and ~300Mbps IPSec using AES-128+SHA1.
Numbers can vary wildly using Snort/Suricata depending on what rules you have loaded and the detection tuning. However with a fairly default Suricata install on WAN I see 750-800Mbps.

Those are all tests with iperf3 so TCP with 1500B packets.

Steve

bluepr0

@stephenw10 Thanks a lot!

bluepr0

@stephenw10 so I really wanted to buy Netgate product but the price in Spain is just insane honestly. Got a quote from one of the resellers: 500€ + Shipping (around 520€) for the SG-3100

That's more or less around 600$ for a product that costs 349$ in the official online store.

I will really need to look up for other options sadly :(

stephenw10

Well we appreciate you trying to go that route even if it eventually proved impossible.

Steve

jahonix

@bluepr0 said in Returning user needs a new pfSense box!:

Got a quote from one of the resellers: 500€ + Shipping (around 520€) for the SG-3100

Don't know where you looked ... but since we're all EU you could easily order from https://www.voleatech.de/de/produkt/sg-3100/ for:
€ 415,31 (€ 349,00 excl. 19% VAT)
Shipping to Spain shouldn't add too much to that, € 20 - 30 maybe, unless you need UPS Express morning delivery.

If you (your company) has a valid EU-VAT-ID you get it for € 349,00 + s&h which seems fair.

bluepr0

@jahonix thanks for the info! That's WAY more reasonable... I'm looking at virtualization now so might put this on hold for now.

Rico

I can also recommend voleatech, ordered 8 Netgate devices so far (more coming soon) and everything was smooth.

-Rico

bluepr0

Hello!

I thought I should update this thread on what I've finally settled after trying a few different routes.

• First I tried to go the official way, which ended up being super expensive if you live in Spain. There's some more accesible options on Germany through Voleatech but still quite a bit with the power you get. Don't get me wrong, this would be the perfect option if this was a mission critical equipment, but this is just for my home network.

• Then I tried going the virtualisation route but I found some problems and/or limitations with KVM when trying to route gigabit speeds. I'm currently on 500/500 but pretty sure in a few years from now we will have 1000/1000 as my ISP has been almost duplicating speed between 2-3 years. Not so future-proof. Also was a bit of a pain in the ass if I had to do stuff on the server that my internet will be also off.

• And finally arrived to what I think it will be the perfect solution, yes you guessed it: bare-metal installation. I had lying around a cheap PC I built last year for my crypto miner project: Asus prime z270-p + Intel G4400 + 4gb RAM (that was around 160€ new). I'm going to add a SF450 PSU, SSD next week but already got the Intel i350-t4. Power consumption currently is around 28w on idle and 35 when routing gigabit with ntop, suricata, pfBlockerNG and a few more). Should be a bit less when I receive the SSD, currently is on HDD.

Hope this could be helpful for someone else looking at build its own pfSense box. I will update with final numbers once I've all in place. Maybe even some pics!

Thanks :)