New to pfSense. Some questions about hardware and ease of use.



  • Hi all. I'm a newb to pfSense but I have heard many good things. I'm looking to get away from a regular all-in-one home router to a real router + AP for better security features and decently updated firmware. Linksys hasn't pushed an update on to my WRT-AC router since summer 2015 and it's mind boggling with all the security exploits affecting IoT and wireless routers these days.

    My connection is currently 100Mbps/10 and will soon have 250Mbps/50.

    A few months ago I saw the SG-2220 and thought it would be nice to have, but it was a tiny bit out of my price range. Now I see the SG-1000 and it looks like the perfect price point for me as a starter. Also, I don't want to build my own pfSense box. I'd rather just get something from pfSense/Netgate directly.

    Questions I have:

    1. The SG-1000 is rated for "maximum throughput exceeding 300Mbps". All I'm looking to do is set it up as a firewall + maybe snort + pfBlocker for countryblock. Would I have trouble saturating my line when I upgrade to 250Mbps? Anything I should worry about such a tiny device? I understand I'm not going to be getting 1Gbps out of this thing. It's just a starter gear so I can get my feet wet with pfSense.

    2. Is almost everything done via the WebGUI? One of the things that pushed me away from Ubiquiti and their EdgeRouter is that some advanced stuff needs to be done in CLI and that is something I haven't touched since my Cisco Academy training in highschool when I worked on Cisco Catalyst hardware. I don't need much out of pfSense. Just a nice and capable firewall that's better than an all-in-one router from BestBuy to where I can set it up and forget it.

    3. I'm no where near a networking expert. My knowledge is somewhere in the middle between newb and advanced user. Would I have major trouble with pfSense at first?

    Thanks.



  • 1.  The more you load the unit down with extra packages, the worse the general performance will be.  From what I understand, not all packages will be supported on the SG-1000.  JimP mentioned squid being there, but I think I remember him saying that heavy packages like Snort would not be supported.

    2.  Yes.

    3.  Maybe.  That depends on what you want to do, and your knowledge level.  For anything you don't understand, just ask here.  Traffic shaping with HFSC is a bit of a beast but everything else you can figure out if you try.



  • It's a shame that all packages aren't supported. I guess for the hardware and my usage, packages won't matter if it's for a basic firewall.

    If I need something more capable that runs all packages, safe to say the entry level SG-2220 could do it?

    Thanks for the quick reply.



  • I just came from an edgerouter lite and pfsense was much easier to configure. Using snort and pfblockerng on a jetway. Computer, ram and SSD cost about $230ish. Using an AC-LR and AC-Lite as the AP's. On a 300/7 connection which has been working great as I pruned down too many pfblocker lists.



  • the entry level SG-2220 could do it?

    Certainly, and you could get support and also help the project.  Others have had success with homebrew mini-pc units like the ZBox and those Chinese dealies you can get from Alibaba.



  • @Ethos:

    1. The SG-1000 is rated for "maximum throughput exceeding 300Mbps".

    AFAIK not with pfSense. You will get ~100Mbps full duplex.

    Look at Asrock boards with IPMI support, onboard PSU with DC jack and Intel NICs.
    http://www.asrockrack.com/general/products.asp#Server Select mini-ITX and SoC. Entry level would be  J1900D2Y
    The IPMI delivers you ability to use this board without keyboard and monitor after initial setup of BMC interface and you don't need any installation media, you can virtually mount images to install OSes like pfSense. Just remember that IPMI interface IP should not be the same range as firewall WAN/LAN subnet, this is asrock bug, that would not be fixed. Yes, assrock support is very bad, so be ready…
    You will get even UEFI support, but with some movement around it https://forum.pfsense.org/index.php?topic=120021.msg663993#msg663993
    But even without UEFI it works just fine.

    Alternate way would be as already suggested to buy https://store.pfsense.org/SG-2220/ with SSD to cover all you need in the future.



  • My connection is currently 100Mbps/10 and will soon have 250Mbps/50.

    There are some nice matching units to get success.

    • APU2C4 & mSATA
    • Chinese J1900 box
    • Jetway NF9HG-2930
    • Supermicro C2558/C2758

    Alternatively I would more have a look on the SG-2440 units from the pfSense shop.