Which Netgate to get?

noexit

I'm generally a Retired-From-IT / home user, 2 kids, wife, dog... the full catastrophe. We don't watch TV, we stream our entertainment on a limited basis. We're currently on Comcast with 200gb down, 12 up hoping to possibly upgrade to local fiber 200up/200down within the next year. I never really use VPN-in, but have it configured on my pfSense router if I needed remote access. My current router is an old Dell Dimension E310 PC (Intel(R) Pentium(R) 4 CPU 2.80GHz) with 1GB of RAM and 1000baseT 3com NICs running pfSense 2.3.4.

I have only a couple of NAT/Forwarding rules created to allow a couple of DVR and audio streaming services accessible remotely. I create DHCP reservations to control devices on the network and so my kids' devices get routed to OpenDNS to keep the "bad stuff" away as much as possible. I use 3 eero devices as WIFI Access points. It seems I have a very simple setup.

However, my old IT paranoias seep in sometimes and I wanted to try my hand at traffic monitoring to "see" just what's going on on the network. I thought I'd try again to learn SNORT but learned that my router is likely too old for such exercises. Also, I'd love to get a different "low power" device that doesn't heat up the network closet so much.

So, I'm considering the upgrade to either an 1100, 2100 or 3100. The cheaper the better I suppose, but I don't want anyone in the "family" to complain of any changes I make. I just earlier placed an order for a 1100 but then sent an email to Netgate asking to cancel as I'm not feeling confident of my choice.

Any feedback or guidance would be graciously appreciated. Thanks for reading my story.

Gertjan

@noexit said in Which Netgate to get?:

pfSense 2.3.4.

Wait.
That one is not the latest - 2.3.5 is.
Both are totally 'not supported' as they are very (far to) ancient.

@noexit said in Which Netgate to get?:

The cheaper the better I suppose

For the wallet, yes.
But a "wallet" shouldn't have any access to the net ( you'll regret it ;) ).
For all the other conditions : less expensive comes with a price.

This :

@noexit said in Which Netgate to get?:

Dell Dimension E310 PC (Intel(R) Pentium(R) 4 CPU 2.80GHz)

is this one ?
If so, it's a processor from the other century.
Still 64 bits capable (I think ...), so you should do this first :

Install a 64 bit pfSense version. That will be 2.5.2.
To make live easier : use the actual "config" as a guide line - it's very readable for humans.

Install a clean 2.5.2
Set it up.
Test drive it for a while.

Bonus : now you have access to all the packages also (as you are not 'allowed' to install packages as soon as the pfSense version isn't the latest version).

NOCling

The SG-2100 is fast enough for your Internet Upgrade and the 4GB of Ram is nice to run some Packages without Problems.

I ordered my SG-1100 2019, but if I could have got the SG-2100 at this point, I would have ordered the SG-2100.

stephenw10

@noexit said in Which Netgate to get?:

My current router is an old Dell Dimension E310 PC (Intel(R) Pentium(R) 4 CPU 2.80GHz) with 1GB of RAM and 1000baseT 3com NICs running pfSense 2.3.4.

Gah!
Yeah, that's an actual P4, 32bit only, so upgrade time for sure!

The SG-2100 would be fine for those speeds and, as mentioned, the 4GB RAM leaves plenty of headroom for Snort, ntopng etc.
It won't pass full Gigabit line rate though if that's likely to be something you need anytime soon.

Steve