Home Router Recommendation
-
For about $60 less than the C2758, you can get a C2558 board. That is the same thing, but with four cores instead of 8. Same as the SG-4860 in the pfSense store. It also idles at about half the power. Even without Quick Assist, it is good for gigabit WAN today
I'm not sure where you're located, but in the US, the C2750 (~$360) is more expensive at NewEgg than the C2758 (~$340). They even have a refurb 2758 board that comes in at the same cost (~$270) as the 2558 if you feel brave.
The Netgate store will ship you a C2558 setup all put together for $550. For $700, you can get it with an optimized version of pfSense and two support tickets (it will get Quick Assist support first). Both have a 1 year hardware warranty. I kind of wish I'd gone that route, just to avoid all the time spent doing research to try to ensure my selections would all work together.
I wanted to deviate from the popular M350 case and the power supply everyone else seems to use, and I feel like I wasted a bunch of time I could have saved with the pre-made box, though the end result is that I'll have a 2758 for about the same cost as the Netgate 2558. I thought one of the Supermicro desktop cases looked better then the M350. Still waiting on parts to show up to report back on how well it worked out.
As whosmatt says, LAN traffic shouldn't touch your pfSense if you have just a single subnet. Maybe not even if you have multiple VLANs, if your switch can route those on its own. Get a good LAN switch and you'll be fine no matter what you go with for the pfSense box.
You don't mention your WAN speed, what packages you want to run, or preferred budget. From the details you've given, you won't have to think about any of those details with the 2758 since it will probably be massive overkill, but a few more details could save you some cash by letting you go with smaller hardware.
-
It might be sounding hard, but all is depending on the real use case and traffic, the installed packets
and the awaited throughput you will need.- WAN speed
- LAN speed
- number of users
- amount of traffic
- installed packets
If you install pfSense, Suid, Snort, SARG, pfBlockerNG, Dpinger, ClamAV and CaptivePortal
and all is fine mostly then together with an ISP internet line upgrade you will be not happy.Go and get a SG-2240 or SG-4860 to be sure you will be benefit mostly from pfSense.
Take a mSATA and WiFi card if needed and you will be sorted for a longer time as you
might be thinking of. Or if WiFi ac is needed go with an UBNT ac WLAN AP. How more
you pay now or today how longer this box will be really working well for you!Let us say you will be paying a C2558 device from the pfSense store (SG-4860) and you
pay $700 this might be then running for 6 years for you, it is then;
6 years x 12 month = 72 month and $700 : 72 month = less then ~$10 each month without
any pain or compatibility issues and pre-tuned on top. -
If the A1SRI-2358F would actually become available in the wild it would be a perfect fit for what you describe.
-
Thanks for all these informative replies. I've already learned quite a bit more.
Internet speed is 117/12Mbps. I'm not really concerned about Gigabit WAN. Sure, over time it will get faster, but not concerned about Gigabit WAN speed.
I didn't realize traffic wouldn't touch router if only going through the LAN. I do intend on VLAN's in the future, so I'd like to be setup for it. So as long as I get a switch that can handle VLAN's itself, that would seem to be fine. Is the typical Smart/Managed switch going to be capable, or is there something better or specific I'd need? I'll need to get one along with the router.
I convinced myself with more research that the C2558 would be sufficient, not to eliminate any other ones besides the C2758 and the C2750. I hadn't even noticed that the C2750 was actually the most expensive. So cut those two..
I like the idea of it being custom, not just due to reduced cost. Moving forward, any upgrades can be done without replacing the entire box. I get to pick exactly what I want. I've already spent the time researching anyways to this point. How is pfSense better by it being optimized to their official hardware?
in regards to packages, I don't quite remember all the ones I wanted to run. pfBlocker sounds familiar, maybe a few others once I look more closely and figure out what I feel is worthwhile and relevant to me.
Budget wise, I'm flexible. The higher it is, the more I would need to feel benefited from the extra investment. $500 was what I wanted to stay under though.
Traffic wise, I'm the only user that puts a burden on the network. Streaming, large file transfers, locally and remotely.
-
I didn't realize traffic wouldn't touch router if only going through the LAN. I do intend on VLAN's in the future, so I'd like to be setup for it. So as long as I get a switch that can handle VLAN's itself, that would seem to be fine. Is the typical Smart/Managed switch going to be capable, or is there something better or specific I'd need? I'll need to get one along with the router.
A Smart/Managed switch is what you want. Lots of opinions on those. I have a TrendNET TEG-240WS that seems to work well enough, though the web interface hangs sometimes and needs a reboot and I'm still working my way through VLAN issues. Trying to isolate the guest wifi from the real one, sourcing from the same WAP. Things aren't working how I expect, but I don't know whose fault that is yet. Probably mine, at the end of the day. ;) The switch itself seems to work fine as a switch though.
I also am playing with a TP-Link TL-SG108E for another project. Even using it only as a switch, I see lots of issues with persistent connections through it, so can't recommend right now. In particular my network debugger works extremely poorly through it (fine through the TrendNet above). Might be firmware issue, I just recently got it and haven't had time to sort out the issues.
HP Procurve and Cisco options have been discussed in recent threads here. Hard to go wrong with enterprise gear, though it can be spendy. I've also heard good stuff about Dell PowerEdge. People that know more about those models than I do should make recommendations, but they'll need to know how many network connections you have, etc. I'm happy enough with my TrendNET for the price that I won't mess with it unless it turns out to be the root of my VPN issues (which I don't expect).
I like the idea of it being custom, not just due to reduced cost. Moving forward, any upgrades can be done without replacing the entire box. I get to pick exactly what I want. I've already spent the time researching anyways to this point. How is pfSense better by it being optimized to their official hardware?
There are unspecified optimizations made to the special images the higher cost version of the hardware from the pfSense store use. I have also seen threads (citation needed) that say the custom images for the pfSense models sometimes get new features earlier than the mainline branches. In particular, QuickAssist was mentioned in the thread I recall.
-
Internet speed is 117/12Mbps. I'm not really concerned about Gigabit WAN. Sure, over time it will get faster, but not concerned about Gigabit WAN speed.
Only pending on this you might be happy with the APU2C as a bundle for $173 including shipping and tax.
I didn't realize traffic wouldn't touch router if only going through the LAN. I do intend on VLAN's in the future, so I'd like to be setup for it. So as long as I get a switch that can handle VLAN's itself, that would seem to be fine. Is the typical Smart/Managed switch going to be capable, or is there something better or specific I'd need? I'll need to get one along with the router.
The Cisco SG300 or D-Link DGS1510 switches are powerful enough to route the entire traffic
between the VLANs with wire speed so that workload could be taken from the pfSense box with
ease. And this switches you will be longer having in usage as the pfSense box mostly!I like the idea of it being custom, not just due to reduced cost. Moving forward, any upgrades can be done without replacing the entire box. I get to pick exactly what I want. I've already spent the time researching anyways to this point.
The other both options are also very strong and capable of routing all you need and upgradeable with eases
but not so low power using then the APU2C4 named above.- Jetway NF9HG-2930 & M350 case & max. 8 GB RAM & mSATA & WiFi card (if needed)
Able to route 1 GBit/s and lo power using and small - ASUS Q87T & max. 16 GB & Intel i350 NIC & mSATA & WiFi (if needed)
Upgradeable (RAM & CPU) supports a wide range of CPUs from the lower bottom to the high top
How is pfSense better by it being optimized to their official hardware?
It is pre-tuned and gets some new features perhaps earlier as the other users, like Intel QAT
but with a really strong machine that supports AES-NI you could be not doing anything wrong.in regards to packages, I don't quite remember all the ones I wanted to run. pfBlocker sounds familiar, maybe a few others once I look more closely and figure out what I feel is worthwhile and relevant to me.
This would be the most important think here at all after the WAN speed and number of users.
Budget wise, I'm flexible. The higher it is, the more I would need to feel benefited from the extra investment. $500 was what I wanted to stay under though.
ASUSQ87T is here for ~150 €
Intel Xeon E3-1241v3 is here for ~120 € (on eBay refurbished)
16 GB from Crucial is here for ~80 €
Intel i350 quad Port NIC is able to get for ~80 € (refurbished)
mini-ITX case with PSU ~80 €Traffic wise, I'm the only user that puts a burden on the network. Streaming, large file transfers, locally and remotely.
Locally that must not run through the pfSense so a small Layer3 switch will be the best thing to get the
hands on for getting wire speed. - Jetway NF9HG-2930 & M350 case & max. 8 GB RAM & mSATA & WiFi card (if needed)
-
I believe ALIX APU series will work for you, but recently I also built one very low power 4-port router myself, you might refer to this post.
I've been doing countless hours of research and have put a lot of though into what I want to get for what will become my pfSense router. I'm having trouble determining what's needed for my usage so that I don't go overboard and stretch my budget for this out any further.
I've narrowed it down, CPU wise, to the C2758, C2750, and the N3700. Supermicro makes mini-ITX boards that are well known around here for each of these CPU's.
Wants:
Small, low power box
Gigabit LAN thoughput (No Gigabit WAN, not concerned about that) _I don't really use VPN at all, or anything else similar. Don't really plan to, but it not sucking at running 1 would be nice. I'll run some packages, but from what I could tell, I don't see like I'll do much that would utilize AES-NI or QuickAssist much at all. That makes it hard for me to stomach the cost of a C2758 build, as when QuickAssist is available, will I really use it anyways? The C2750 with its turbo boost sounds better for me. Perhaps the N3700 is enough. Any help based my usage is appreciated. Some sample stuff on my network.AC Wireless Access Point
Just a handful of wireless devices
Image backups done regularly
Nothing too burdensome, but some big file transfers I don't want taking any longer than they have to_ -
Thanks for the additional knowledge. It is actually starting to confuse me and question my approach here, which is good for the long run, but bad until I figure this out.
I've realized I don't need strong hardware for the router. Perhaps, for simplicity sake, I'm considering official models from pfSense. Even the SG-2220, which I'm trying to determine if it would be enough. 2GB RAM seems like it'd be alright. I can always get a M.2 SATA drive if needed, down the road.
In regards to the Layer 3 switch which seems ideal for the VLAN stuff and keeping internal traffic at or around wire speed. Small is fine, even 8 ports. Anything much bigger wouldn't fit very anyways and kill my budget. One thing to ask is that I have 4-5 devices I'd connect via Ethernet in my office where router is. I have another switch in the entertainment center for media devices and another desktop that connects to that 5-port unmanaged switch in the other room. Would that switch need to be just a VLAN aware switch, layer 2?
-
I took the easy route and got a SG-2440 and it made no sense not to get the SSD at the same time. Now I have a simple, small, low power and supported box and the work of converting to a SSD is never going to be needed. Deciding on the four or two port versions is a bit more of a challenge, I went with the four port because if I needed more ports in the future I'd have to buy one anyway.
Unless you need some inter-LAN routing you can hook a good quality switch to the SG-2440 and connect your other switches to it and all your devices will be able to communicate. If you want to segregate the devices and limit communication between the groups then the extra ports on the SG-2440 will allow you to have three LANs and control each of them individually.
-
Unless you need some inter-LAN routing you can hook a good quality switch to the SG-2440 and connect your other switches to it and all your devices will be able to communicate. If you want to segregate the devices and limit communication between the groups then the extra ports on the SG-2440 will allow you to have three LANs and control each of them individually.
I'm looking at the Cisco 300 series managed switches that support Layer 3 Switching. I wanted VLAN's at some point, so I'm thinking that the SG-2220 or anything with just 2 Ethernet ports will suffice for this. I still do wonder about whether basic layer 2 smart switches can handle that being connected to Layer 3 Switch, thus eliminating any need for more than 1 LAN port on router.
-
As far as lan speeds, if you have squid installed on the router with local cache turned on the speed in which the client can download from the router will depent on CPU, NIC and storage medium. If you want gigabit lan speed from the router's cache then you will need an ssd, gigabit nic and enough CPU power to push the data.
-
I'm wondering if a Layer 3 Switch if really necessary for my needs. It seems like a piece that is above my needs for such a small network that I have. I want at or near Gigabit LAN transfer speeds, but I have such little traffic. Most of it is from me. No more than a dozen or so devices at any given time, most of them not really doing anything. Simultaneous usage would be just a handful of devices at one time. One man can only do so much. Would a Layer 2 Switch suffice? Are there certain demands my switch must need to deliver Gigabit-ish speeds?
-
Not really, HDD speed is important, but CPU not that important unless you are building intercepting proxy (e.g. HAVP, other content filtering), and you don't even need too much RAM on the machine as well since squid has a pretty low memory requirement. 8 years ago I built pfSense with Squid for my office, just a cheap Pentium D CPU + 2GB ram, and that firewall was serving 150-200 person already.
As far as lan speeds, if you have squid installed on the router with local cache turned on the speed in which the client can download from the router will depent on CPU, NIC and storage medium. If you want gigabit lan speed from the router's cache then you will need an ssd, gigabit nic and enough CPU power to push the data.
-
Traffic wise, I'm the only user that puts a burden on the network. Streaming, large file transfers, locally and remotely.
and
I wanted VLAN's at some point,….
Why pumping all traffic through the pfSense box?
Why pushing large files not from one VLAN to another one directly?
By changing the pfSense box hardware in some or many years the Cisco SG300 will be fine running anymore!
For nearly wire speed between the VLANs it should be a Layer3 switch or a really strong pfSense hardware. -
@BlueKobold:
Why pumping all traffic through the pfSense box?
Not sure what you mean. I don't want to pump any traffic unnecessarily through anything. I'm trying to figure out the best way to do this.
Why pushing large files not from one VLAN to another one directly?
Again, not sure you mean exactly. I don't have plans to push large files from one VLAN to another, probably just on same one. They'd be mostly computer image backups and some other backups as well.
By changing the pfSense box hardware in some or many years the Cisco SG300 will be fine running anymore!
For nearly wire speed between the VLANs it should be a Layer3 switch or a really strong pfSense hardware.If I didn't need wire speed between VLAN's and only needed it within the same one, does that change anything?
-
I'm wondering if a Layer 3 Switch if really necessary for my needs. It seems like a piece that is above my needs for such a small network that I have. I want at or near Gigabit LAN transfer speeds, but I have such little traffic. Most of it is from me. No more than a dozen or so devices at any given time, most of them not really doing anything. Simultaneous usage would be just a handful of devices at one time. One man can only do so much. Would a Layer 2 Switch suffice? Are there certain demands my switch must need to deliver Gigabit-ish speeds?
A Layer 3 switch is the fastest, but not only option. A Layer 2 switch will force your pfsense box to handle inter-VLAN traffic. With a decent CPU and NICs this won't be a problem. I actually prefer the latter solution in many cases because you don't have to maintain multiple ACLs; all your rules are on the firewall page of the pfsense box. If you worry about saturating your LAN interface on pfsense with inter-VLAN traffic, this is where link aggregation can help. Since you're already using VLANs, you can aggregate the two (or more) physical interfaces into a single logical interface. Any single connection will still only use one NIC, but subsequent connections will balance out over the group, allowing, say, a large file transfer between VLANs to saturate one NIC while internet connections from other machines use another NIC and thus aren't affected speed-wise. Even the cheapest "smart" switches support this. It's not a bad way to go, especially for a home network, and will work just fine provided your pfsense hardware can handle the load. Essentially you'll just need to size it for gigabit throughput, as you would if you had a gigabit WAN.
-
If I didn't need wire speed between VLAN's and only needed it within the same one, does that change anything?
Yes, absolutely. I responded to an earlier post of yours before I saw this one. You'll be fine with a Layer 2 smart switch. They're cheap and work well.
-
A Layer 3 switch is the fastest, but not only option. A Layer 2 switch will force your pfsense box to handle inter-VLAN traffic. With a decent CPU and NICs this won't be a problem. I actually prefer the latter solution in many cases because you don't have to maintain multiple ACLs; all your rules are on the firewall page of the pfsense box. If you worry about saturating your LAN interface on pfsense with inter-VLAN traffic, this is where link aggregation can help. Since you're already using VLANs, you can aggregate the two (or more) physical interfaces into a single logical interface. Any single connection will still only use one NIC, but subsequent connections will balance out over the group, allowing, say, a large file transfer between VLANs to saturate one NIC while internet connections from other machines use another NIC and thus aren't affected speed-wise. Even the cheapest "smart" switches support this. It's not a bad way to go, especially for a home network, and will work just fine provided your pfsense hardware can handle the load. Essentially you'll just need to size it for gigabit throughput, as you would if you had a gigabit WAN.
Thanks. This sounds good to me. For the link aggregation, I'd be connecting 2 LAN ports from my pfSense box to 2 LAN ports on my Layer 2 Switch? If indeed so, obviously, I'd need a pfSense box with more than 2 total Ethernet ports.
-
Thanks. This sounds good to me. For the link aggregation, I'd be connecting 2 LAN ports from my pfSense box to 2 LAN ports on my Layer 2 Switch? If indeed so, obviously, I'd need a pfSense box with more than 2 total Ethernet ports.
Not necessarily. If you're using VLANs from the start, your internet connection can reside on one of them as well. In that case you'd plug your modem into a switch port on the VLAN you've designated for internet. This is how I do it with all my pfsense installs at work. In the one case where we're using a physical machine rather than virtual, the box has 2 NICs, aggregated into a single LAGG. Then, we define VLANs on top of that, and the internet router is connected to a switch port that is configured to the corresponding VLAN (the WAN interface on pfsense). What you end up with is a pfsense box with one logical physical connection but VLANs on top of that. It sounds more complicated than it is, but it's really pretty simple. Glad to provide help if you need it.
Quick edit: In short, you really only need 2 physical NICs for the scenario I'm describing. Downside is that you lose a switch port for your cable modem or whatever internet equipment your ISP provides.
-
Not necessarily. If you're using VLANs from the start, your internet connection can reside on one of them as well. In that case you'd plug your modem into a switch port on the VLAN you've designated for internet. This is how I do it with all my pfsense installs at work. In the one case where we're using a physical machine rather than virtual, the box has 2 NICs, aggregated into a single LAGG. Then, we define VLANs on top of that, and the internet router is connected to a switch port that is configured to the corresponding VLAN (the WAN interface on pfsense). What you end up with is a pfsense box with one logical physical connection but VLANs on top of that. It sounds more complicated than it is, but it's really pretty simple. Glad to provide help if you need it.
Quick edit: In short, you really only need 2 physical NICs for the scenario I'm describing. Downside is that you lose a switch port for your cable modem or whatever internet equipment your ISP provides.
Okay, let's make sure I understand this. Modem will plug into switch, then another cable will go from another port on the switch to the router WAN port. Now is there another cable coming from LAN port on router back to switch?
In regards to the quick edit, the downside is having one extra port being taken up on switch? If so, that's fine. Clarify the 2 physical NICs needed, as this setup is something I'm still trying to grasp, being new to me. Thanks again.