Hardware Advice for a Firewall System


  • Hi guys. I've been interested in the idea of making a pfsense box for a little while. Dont know much about it and I need some advice about what my options are and the hardware I would need.

    I'm thinking of buying a cheap used mini PC for firewall for my ADSL home network (10mbps down, 1 Mbps up). I can get my hands an HP Compaq DC7800 ultra slim desktop for $80 NZD.

    Specs:
    Intel Core 2 Duo E6550 @ 2.33 GHz
    4GB DDR2 Ram 1333
    80GB hard drive
    Stacked RJ45/USB 2.0 x 8

    Expansion Slots:
    Mini PCI Slot x 1

    Would this be adequate for running pfSense layer 3 firewall?


  • APU2C4
    Not so really cheap but with an small mSATA and a WIFI card it will be a nice system and enough for your needs!
    There are also bundles from Yawarra with an enclosure and PSU and all other spare parts.


  • @BlueKobold:

    APU2C4
    Not so really cheap but with an small mSATA and a WIFI card it will be a nice system and enough for your needs!
    There are also bundles from Yawarra with an enclosure and PSU and all other spare parts.

    Wait so you are saying the system I'm buying is expensive or cheap? The APU 2 board you linked was $460 which seems pricey.

    Cheers

    Edit: Also fibre 200Mpbs is available for residential homes in my city so I'd want to be able to upgrade to that when I get it. Thinking of getting a multi port mini PCI LAN card for that…


  • @Digital:

    @BlueKobold:

    APU2C4
    Not so really cheap but with an small mSATA and a WIFI card it will be a nice system and enough for your needs!
    There are also bundles from Yawarra with an enclosure and PSU and all other spare parts.

    Wait so you are saying the system I'm buying is expensive or cheap? The APU 2 board you linked was $460 which seems pricey.

    Cheers

    It's a strange place to link to. http://pcengines.ch/newshop.php?c=4 is the manufacturer, it should come to about $150 including storage, case, and ac adapter.


  • Would this be adequate for running pfSense layer 3 firewall?

    Yes.

    Wait so you are saying the system I'm buying is expensive or cheap? The APU 2 board you linked was $460 which seems pricey.

    Your system is cheap and draws much more power my system might be expensive and does not drawing so much electric power.

    Edit: Also fibre 200Mpbs is available for residential homes in my city so I'd want to be able to upgrade to that when I get it.

    Might be not the problem for both units.


  • Greetings from over the pond.

    Unless space or power are concerns, I would suggest a small form factor dc7800 or dc7900.  Although, it has to be said that any of that series are going to be fairly well aged by now.  Also, there was a premium to be paid for the USDT and that may be carried through to the second hand market.

    You'll get more proper PCI/PCIe slots in a SFF.  I ran pfSense, a mail server and Wordpress VMs on ESXi in an 8GB dc7900 SFF for about 5 years.  Very serviceable and surprisingly quiet machines.  About 45 Watts power consumption most of the time.

    Also not sure whether you'll find a mini-PCI NIC to go in that slot on the USDT - or how you would connect it to the outside world.  You really need two proper RJ-45 connectors (LAN and WAN) to avoid VLANs and a smart switch.


  • Good point about having additional expansion slots. I've ended up getting a used HP 8200 SFF PC which has several PCI slots - not just a mini PCI slot.

    It's a higher TDP/power consumption system than the mini/ultra slim model, but I have so many things I want to experiment with the machine that I felt this was what I required.  I heard you can disable some cores of the i5 2400 if power consumption is an issue. Might need someone to weigh in on this.

    Cheers guys.


  • @Digital:

    I have so many things I want to experiment with the machine that I felt this was what I required.

    That's one of the best parts of pfSense IMO. You can do your experimenting on any old hardware that might fit your needs, and then port your configuration over to different (fanless, low power, high power, virtualized, whatever) hardware for production when the time comes.  And not everyone needs a fanless low power platform.  Sure, it's nice, but if you're just learning the ins and outs of the software, an older desktop is a great way to start.


  • spend a bit more and try to get something i3/i5 or above with more pcie slots for intel lan cards from ebay

    zoltac ci323/5 would be a bit more, but not break the bank