Pfsense : looking for low cost / low consumption Hardware
-
Hi All,
I am looking for Hardware for pfsense.
Idealy :
- 4 ~ 6 Ethernet ports (6 will be very better in my case)
- Fanless (or Very quiet)
- Low power consumption (Atom, DDRL, or another technology)
- CPU Maybe 2 ~ 4 core Should be good
I have a pretty good knowledge of pfSense, which I use under Vmware for routing multiple virtual machines and that I find so good that I plan to use in "physical firewall" for personal (my home) and professional use (Promote pfsense to customers).
My research has been numerous, I would also like to thank the many responses that have been posted.
I remain open to any suggestion before throwing my devotion and my unconditional love on the material that I will select ;)Some additional technical information:
I will use LAN port as- Fisrt Modem ADSL
- 2nd Modem ADSL
- Modem 4G LTE Modem
What makes 3 separate internet connections.
Others port 4 : Connected to Switch with 16 ~ 24 ports (On which I already have several VLANs)
With 6 ports, I avoid making a VLAN to connect firewall to switch.My original post :
@TKOF:With currently two Internet connections, I am looking for a motherboard with 4 ports minimum Ethernet, or 6 if possible.
If the question has already been paused or similar topics raised on the forum, thanks to those who would share links that I will not have seen.
I looked for the moment of the side of the motherboards SuperMicro, but I seek a solution at lower prices.
https://www.supermicro.com/products/motherboard/Atom/My attention is also focused on a solution with low electrical consumption with ATOM processor and memory type DDR-L, With passive cooling (if possible).
Thank for your suggestions.
-
The SG-2440 https://store.pfsense.org/SG-2440/ would fit the bill. Otherwise perhaps one of the APU2 boards: http://www.pcengines.ch/apu2.htm.
-
The SG-2440 https://store.pfsense.org/SG-2440/ would fit the bill.
Thanks for reply.
Is there device or motherboard with a lower price ? -
The SG-2440 https://store.pfsense.org/SG-2440/ would fit the bill.
Thanks for reply.
Is there device or motherboard with a lower price ?Not really. The reason the APUs (and the ALIX before) are so popular is that there just aren't many options for low power multiport embedded solutions. The next jump up is intel's Atom C series which were plagued by availability issues early on and seem to have just missed the window for lower cost implementations. On the ARM side most of the common boards are single interface and USB connected (not much gigabit ethernet). You can look for the banana pi bpi-r1 or on of the more open soho routers which include a programmable broadcom gigabit switch for multiple interfaces, but you won't be running pfsense on one of those.
-
Does it HAVE to be an ATOM processor, or are you just looking for low power consumption in general? I just bought AsRock's j3455-itx board, along with an HP NC364T 4-port nic. The integrated celeron on that mobo should run at under 10W, and I'm sure that nic card adds a few as well, but it should run pretty efficiently, and I think it satisfies your requirements. Passive, Low power consumption, supports DDR3-L, and has 4 nics with the HP card (or 5 if you use the onboard nic).
The mobo goes for about $70-$80, and the HP card was $40 on Amazon if I'm remembering correctly.
-
Is there device or motherboard with a lower price ?
There always is.
But rememder:
a) you get what you pay for
b) your time for searching and comparing is your time, it's a bit crude to offload that to other volunteers.There are countless posts in this forum covering your topic. The "search" button in the top menu bar does wonders (NOT the one top right!). Search for Lanner NCA-1010…
-
I just set up a pfsense box on
https://www.amazon.com/QOTOM-Q310G4-Barebone-Industrial-Celeron-Fanless/dp/B01JLQP7KQ
-
I just set up a pfsense box on
https://www.amazon.com/QOTOM-Q310G4-Barebone-Industrial-Celeron-Fanless/dp/B01JLQP7KQ
ok unless you want vpn (no aes-ni; should be in the same ballpark as an apu2 performance wise, for a bit more money and drawing significantly more power). I don't understand why they went with a broadwell celeron for a 2016 product.
-
I just set up a pfsense box on
https://www.amazon.com/QOTOM-Q310G4-Barebone-Industrial-Celeron-Fanless/dp/B01JLQP7KQ
ok unless you want vpn (no aes-ni; should be in the same ballpark as an apu2 performance wise, for a bit more money and drawing significantly more power). I don't understand why they went with a broadwell celeron for a 2016 product.
I agree about the odd CPU choice
Im going to do some testing to see how much VPN traffic it can handle, should be ok for light throughput anyways.
I got it with a 120GB SSD and 8GB of ram for less than $300 though, thats alot less than i could build one for, especially with a fanless case.
So far so good.
-
The SG-2440 https://store.pfsense.org/SG-2440/ would fit the bill.
Thanks for reply.
Is there device or motherboard with a lower price ?Out of curiosity, what justifies the price-tag on the SG-2440?
On paper, as far as my untrained eye can tell a J3455 (or J3355 if you prefer even lower price and/or more single-thread perf.) are better (by a pretty wide margin CPU-wise) than the Atom in the SG-2440, and they only draw a few more watts than the atom.
How many years of always on time would it take to make those few watts worth it for the SG-2440 at 3-5x the cost of an Apollo Lake build?The only thing I can guess off the top of my head is that the SG has an incredibly good NIC built onto the mobo? If that's the case how much better is it than the Intel PRO/1000 Quad Port NICs you can get on eBay for $30-50?
I don't ask this question to flame. The OP asked for a 4-6 port low cost/TDP solution supporting DDR-L & passive cooling.
He also asked for an Atom CPU, if that's a hard requirement then this is irrelevant, but if it was just mentioned because Atom is synonymous with low-TDP then this is a relevant question.There is a massive disparity between the SG-2440 and an Apollo Lake build cost. There's a reason for that but it isn't immediately obvious to me and maybe not others as well. Can anyone clarify?
-
…
There is a massive disparity between the SG-2440 and an Apollo Lake build cost. There's a reason for that but it isn't immediately obvious to me and maybe not others as well. Can anyone clarify?My guess is that the SG-2440's $549.00 price tag includes some of the price of the support it comes with.
From https://store.pfsense.org/SG-2440/
pfSense Incident Based Support via email, chat or phone. Each purchase includes two complimentary incidents.From https://portal.pfsense.org/members/signup/per-incident-signup
pfSense
Per-Incident Support (2 Incidents) $399.00 for one yearTANSTAFL (There Ain't No Such Thing As A Free Lunch)! I have just happily bought a SG-2220 (should arrive in a few hours) which has the same disparity with roughly equivalent little boxes and has the same inducement. One way or another, a commercial organisation's support staff have to be paid. I imagine that Netgate thought deeply about pricing versus reputation and customer satisfaction.
The SG-1000 I have just returned (due to a throughput problem others are discussing elsewhere in the 2.4 section) had a 1 year gold subscription ($99) as an inducement.
I have been using pfSense (on ALIX and APU) boxes for 18 months and have solved problems (misunderstandings) from reading documentation and this forum, but having some incident support available does give me a nice warm feeling, even though I know it is costing me.
-
…
There is a massive disparity between the SG-2440 and an Apollo Lake build cost. There's a reason for that but it isn't immediately obvious to me and maybe not others as well. Can anyone clarify?My guess is that the SG-2440's $549.00 price tag includes some of the price of the support it comes with.
From https://store.pfsense.org/SG-2440/
pfSense Incident Based Support via email, chat or phone. Each purchase includes two complimentary incidents.From https://portal.pfsense.org/members/signup/per-incident-signup
pfSense Per-Incident Support (2 Incidents) $399.00 for one yearTANSTAFL (There Ain't No Such Thing As A Free Lunch)! I have just happily bought a SG-2220 (should arrive in a few hours) which has the same disparity with roughly equivalent little boxes and has the same inducement. One way or another, a commercial organisation's support staff have to be paid. I imagine that Netgate thought deeply about pricing versus reputation and customer satisfaction.
The SG-1000 I have just returned (due to a throughput problem others are discussing elsewhere in the 2.4 section) had a 1 year gold subscription ($99) as an inducement.
I have been using pfSense (on ALIX and APU) boxes for 18 months and have solved problems (misunderstandings) from reading documentation and this forum, but having some incident support available does give me a nice warm feeling, even though I know it is costing me.
Thanks for your response, I figured it would be something obvious but I didn't think it would be that obvious, haha!
I just use pfsense for my personal use, and absolutely love it. My needs combined with (IMO) really outstanding community support on this forum have meant that I've never really considered official paid tech support. (Which I think speaks volumes of pfsense and its community as I'm NOT an IT person.)
But now that you mention it that seems like a really good reason for a professional running a production system for a client to pay the extra money.It's also valuable to know what you are paying for when you buy an official pfsense system. Like I said, I didn't even consider support as an option when comparing prices, I was just thinking in terms of hardware capability vs $.
-
Out of curiosity, what justifies the price-tag on the SG-2440?
On paper, as far as my untrained eye can tell a J3455 (or J3355 if you prefer even lower price and/or more single-thread perf.) are better (by a pretty wide margin CPU-wise) than the Atom in the SG-2440, and they only draw a few more watts than the atom.
How many years of always on time would it take to make those few watts worth it for the SG-2440 at 3-5x the cost of an Apollo Lake build?Do you have a link to a low cost 4 port GBE fanless J3455 or J3355 that we can evaluate for comparison?
Note that things may change in the relatively near future: https://ark.intel.com/products/97928/Intel-Atom-Processor-C3338-4M-Cache-up-to-2_20
…the next generation of the atom C series starts at $27... -
Out of curiosity, what justifies the price-tag on the SG-2440?
On paper, as far as my untrained eye can tell a J3455 (or J3355 if you prefer even lower price and/or more single-thread perf.) are better (by a pretty wide margin CPU-wise) than the Atom in the SG-2440, and they only draw a few more watts than the atom.
How many years of always on time would it take to make those few watts worth it for the SG-2440 at 3-5x the cost of an Apollo Lake build?Do you have a link to a low cost 4 port GBE fanless J3455 or J3355 that we can evaluate for comparison?
Note that things may change in the relatively near future: https://ark.intel.com/products/97928/Intel-Atom-Processor-C3338-4M-Cache-up-to-2_20
…the next generation of the atom C series starts at $27...Sure, here you go:
http://asrock.com/mb/Intel/J3455-ITX/
https://www.newegg.com/Product/Product.aspx?Item=N82E16813157728
https://www.cpubenchmark.net/cpu.php?cpu=Intel+Celeron+J3455+%40+1.50GHz
http://www.asrock.com/mb/Intel/J3355B-ITX/
https://www.newegg.com/Product/Product.aspx?Item=N82E16813157726They aren't 4 port GBE out of the box, you would have to buy a PCIe NIC.
Intel PRO/1000 PT Quad Port Server NIC's with Low Profile brackets can be had for $35 used,
http://www.ebay.com/itm/IBM-Intel-PRO-1000-PT-PCI-E-Quad-Port-Gigabit-Ethernet-Adapter-LP-45W1959-/142220082375?hash=item211cfa3cc7:g:zdYAAOSwA3dYIKwO
Or $80 new,
http://www.databug.com/45W1959-p/45w1959.htmI happen to use a J3355 as a LibreElec HTPC because Apollo Lake includes hardware acceleration for HEVC up to 10 bit.
Irrelevant for this, but at it's low price/power point, small size, enough CPU power for a lot of pfsensing and AES-NI it seems like a very viable option for pfsense. -
Out of curiosity, what justifies the price-tag on the SG-2440?
On paper, as far as my untrained eye can tell a J3455 (or J3355 if you prefer even lower price and/or more single-thread perf.) are better (by a pretty wide margin CPU-wise) than the Atom in the SG-2440, and they only draw a few more watts than the atom.
How many years of always on time would it take to make those few watts worth it for the SG-2440 at 3-5x the cost of an Apollo Lake build?Do you have a link to a low cost 4 port GBE fanless J3455 or J3355 that we can evaluate for comparison?
Sure, here you go:
[…]
They aren't 4 port GBE out of the box, you would have to buy a PCIe NIC.So you said "sure", then admitted there isn't such a thing. It's generally possible to cobble a bunch of parts into a solution cheaper than buying an integrated product, but it's apples and oranges. Your 4 port NIC by itself draws almost as much power as an integrated solution. If you're happy with it that's great, but it's not even close to being the same thing. It sounds like you're using it as a HTPC, which is what that part is designed for. You can make it work as a network device, and it's certainly a cheap way to get in with intel's current lineup, but it's an awkward fit. The reason I'm so excited about the c3xxx series is that it seems like intel might finally ship a product tuned for networking applications that's priced sensibly. Think about it: the celeron j's and n's are what people are using for budget networking builds, and every one of those has a 3d graphics accelerator on it that's not used at all. You're paying for the R&D and the silicon for a graphics card, and intel still prices them cheaper than parts that don't include it. (It's nice to be a monopoly and set prices based on your personal whims.) If you want a board with IPMI you'll pay for two graphics cards if you go with a celeron solution. That's nuts. So you're right that the c2xxx chips are unattractive from a pricing standpoint, and for no really good reason except intel being arbitrary–but in pretty much every other way, they're more sensible for a firewall. If you value the end result (a compact integrated box) then you'll pay for it, and if you don't you won't. And we can all hope we see the c3xxx's in volume soon.
-
Yeah, the Celeron build is certainly a compromise over a dedicated one. But for many the initial buy in for the dedicated pfsense boxes can be prohibitive, making the celerons and pentiums very attractive despite their drawbacks.
I do hope that the hardware you're talking about comes out at a low price point and is readily available, that would be awesome!
-
Do you have a link to a low cost 4 port GBE fanless J3455 or J3355 that we can evaluate for comparison?
JeGr in the german section of this forum did that already.
https://forum.pfsense.org/index.php?topic=104714.msg583760#msg583760There's no free lunch/you get what you pay for/… and someone has to pay the developers. They are employed and need lunch themselves.
-
Do you have a link to a low cost 4 port GBE fanless J3455 or J3355 that we can evaluate for comparison?
JeGr in the german section of this forum did that already.
https://forum.pfsense.org/index.php?topic=104714.msg583760#msg583760There's no free lunch/you get what you pay for/… and someone has to pay the developers. They are employed and need lunch themselves.
I've seen NCA-1010, never have seen solid benchmarks. It looks like it's about the same performance as an APU2 for a little bit more money. (Although even that's a guess because I haven't found many sites actually selling them.) So not a game changer–I assume if someone is unhappy with the APU2 they either want so spend significantly less than ~$150 or get significantly better performance. It would be nice to see more options in this space also, of course.
-
Asus J3455M-E w/ Intel
Celeron Processor J3455
8gb ram (4gb x2) - whats on sale
120gb ssd - whats on sale
matx case and 200w psu+ (don't buy a crappy psu)
intel dual nic card from ebay
case fan or two -
Asus J3455M-E w/ Intel
Celeron Processor J3455
8gb ram (4gb x2) - whats on sale
120gb ssd - whats on sale
matx case and 200w psu+ (don't buy a crappy psu)
intel dual nic card from ebay
case fan or twoKeep in mind that the board have a x16 PCIe slot operating at x1 and most (if not all) NIC's operates at x4! I have been struggling myself to find one mini-ITX board with enough NIC's or with a real x4 PCIe!
@VAMike pointed that most AMD mini-ITX boards have a real x4 PCIe however not sure about enough "horse power" with these AMD APU's!
