PfSense Build to Match Ubiquiti EdgeRouter Lite Price
-
@jwt:
…
(We're working on it, but it's not going to be an ERL.)If you hit the price point and manage 1 Gbps NAT throughput, then I would be highly interested. BTW, may I ask who are you referring to when your say "We're working on it, …"?
Perhaps he means they are working hard on an ARM based FreeBSD or pfSense port or fork and so this is
likes in that direction but not hitting the point with the UBNT EdgeRouter that is MIPS based.I have an edge router here as a backup to my pfSense setup and for that it is a pretty good deal for $100.
The UBNT EdgeRouter series is substituted by other devices from UBNT, please don´t forget this, and there
is nothing pfSense should be messing with, its a plain Router and not a firewall and as second this should
also be said, MIPS hardware is cheaper to get and pay for comared against x86 hardware needed by pfSense.For sure it would be nice to see pfSense working on that devices too, they comes with sufficient ports
and UBNT will be not angry about a better sales rate or a smaller to mid ranged offerings to pfSense if
they want to get a bigger charge of those units. But at first it must be a MIPS port of FreeBSD and
pfSense there right in the place. -
If you hit the price point and manage 1 Gbps NAT throughput, then I would be highly interested. BTW, may I ask who are you referring to when your say "We're working on it, …"?
That's Jim Thompson, better known (previously) as gonzopancho, and CTO for Netgate - which basically runs, and employs just about everyone working on the pfSense project, with the exception of Chris Buechler (cmb), IIRC.
-
One major point is, the price of x86 platform is high when compared with ARM based platform, and some ARM processors are actually ASICs which is not even comparable (x86 is more generic purpose), so I would say it's not really possible to find such x86 build.
-
That's Jim Thompson, better known (previously) as gonzopancho, and CTO for Netgate - which basically runs, and employs just about everyone working on the pfSense project, with the exception of Chris Buechler (cmb), IIRC.
Thank you for the clarification.
-
Got the Ubiquiti EdgeRouter Lite and hooked it up to my symmetrical gigabit fiber Internet and did a quick test:
The firmware does leave a lot to be desired when compared to pfSense.
-
What would be a good hardware to run pfSense if the main objective is to support Gigabit Internet and still be within the price point of the Ubiquiti EdgeRouter Lite (around $100)?
It must supports true gigabit Internet routing of IPv4.
An ERL will barely do gigabit. Enable anything that disables the hardware offload and you are toast. I wouldn't touch anything smaller than an EdgeRouter Pro if I had gigabit Internet, and even then I'd be wary if I needed to do anything beyond basic routing.
Spend a bit more and get decent hardware to run pfSense - you won't be disappointed. You are absolutely about to get yourself into a pay me now/pay me later situation.
-
Connection speed is the limitation here.
This is a Dell r210 II - I think I payed around $200 on ebay.
Pretty minimal hardware:
Running under vsphere 5.5, also running a server 2012 vm.
This is what I give pf:
Intel(R) Xeon(R) CPU E3-1225 v5 @ 3.30GHz
Current: 414 MHz, Max: 3312 MHz
2 CPUs: 1 package(s) x 2 core(s)CPU usage never broke 25% on that test.
What I am not understanding is why you would want to offer the massively larger feature set of pf to people whom you say have no need for it.
I would point out that they do need more than the ERL offers, especially if they are clueless lusers.
I do only some very light touch filtering for our public wifi, but there are still 5 people in the last week who are not infected with viruses because of the filtering I have in place.
Neither the ERL, nor the Edgemax for that matter, are capable of offering that sort of protection.
If your mission is to stuff security down the throats of people who do not see the value in it, and are not willing to pay the freight, you are already doomed.
If they are willing to pay for it, a more fair comparison would be the edgemax, which I can stomp to dust with comparable priced hardware.
-
I am not trying to compare the ERL to pfSense. I am just trying to find hardware that can reliably be sourced and be within the price point of the ERL that can run pfSense and still route at wired gigabit speed. Since the ERL with hardware offloading can route at wired gigabit speed, I was hoping that there was some hardware that can do the same but be able to run pfSense.
Just trying to minimize the hardware costs of deploying routers to users with gigabit Internet where I can run pfSense. I may have to wait to see the price point of the Atom C2358.
Edit:
Looks like the Atom C2358 is starting at $180 for the Supermicro A1SRI-2358F
-
I am not trying to compare the ERL to pfSense. I am just trying to find hardware that can reliably be sourced and be within the price point of the ERL that can run pfSense and still route at wired gigabit speed. Since the ERL with hardware offloading can route at wired gigabit speed, I was hoping that there was some hardware that can do the same but be able to run pfSense.
Just trying to minimize the hardware costs of deploying routers to users with gigabit Internet where I can run pfSense. I may have to wait to see the price point of the Atom C2358.
Edit:
Looks like the Atom C2358 is starting at $180 for the Supermicro A1SRI-2358F
The most peoples, in my mind, are not willing to accept that pfSense is a x86 software firewall with the need of
more, faster or stronger hardware compared against many other "only routers". DD-WRT, OpenWRT and such
Linux based Router software will be not having that need likes pfSense and on top they are not performing firewall
rules that needs also their time. -
I am not trying to compare the ERL to pfSense. I am just trying to find hardware that can reliably be sourced and be within the price point of the ERL that can run pfSense and still route at wired gigabit speed. Since the ERL with hardware offloading can route at wired gigabit speed, I was hoping that there was some hardware that can do the same but be able to run pfSense.
Just trying to minimize the hardware costs of deploying routers to users with gigabit Internet where I can run pfSense. I may have to wait to see the price point of the Atom C2358.
Edit:
Looks like the Atom C2358 is starting at $180 for the Supermicro A1SRI-2358F
There doesn't seem to be a use case here then. If all they want is a gigabit capable NAT router, an Asus RT-AC66U would do the job and has far less hassle than the Edge series.
What you could sell to them is the idea of a VPN gateway. Just a simple to setup OpenVPN feature and no licensing fees would be worth deploying pfSense for. Any comparable 'branded' device (Cisco ASA, Juniper SRX, Palo Alto, Fortinet, SonicWall etc) in the same performance league would cost more than pfSense hardware.