Will this hardware work for me?
-
Hello!
the past couple of days I read through a lot of posts and I can´t figure out which board would work for me.
I read about:
- J3455 (4 cores at 1.5Ghz - Q3'16)
- J3355B (2 cores at 2.5Ghz - Q3'16)
- J1900 (4 cores at 2Ghz - Q4'13)
My requirements are:
- filter and secure my Synology Mail Plus Server
- filter traffic from my isp (I have a 100/12 connection) -> intrusion prevention and detection
- block requests from certain regions of the world
- maybe filter ads, spam, etc.
- secure about 10 devices connected to a 24port managed switch
- 1 VPN connection at night to sync two servers (one external server) - if thats too much, I could establish a vpn with the synology nas
As you can see, my requirements are not very high. I just want to max out my isp speed with 100mbit down and 12mbit up and filter all traffic (intrusion prevention and detection).
Gaming is a thing, too. So I want to avoid lags because of filtering. Most discussions are about using a VPN, what I don´t really need. After all I read, I would go for the J3355B because of the single core speed.
It would be great, if you could tell me if one of the three options is ok or if I need to look for a i3 or i5 setup.thanks a lot!
bye
MNKY
-
all of them are more than fast enough, but the new systems should be about the same price as a j1900 and will give you more room to grow. I'd also lean toward the J3355B.
-
If higher VPN speeds aren't important then clock speeds aren't as important relative to core count.
IPS will be the CPU hog, even more so than VPN.
I ran an IPS only test on my J3355B with a 150/10 line and saw ~62% CPU usage using suricata.
https://forum.pfsense.org/index.php?topic=127793.msg709169#msg709169It looks like you need basic firewalling, pfBlockerNG w/ DNSBL, and a VPN server, no VPN clients?
J3355B can do all of those and do them simultaneously, it just depends on what speeds you want your VPN server to run at to sync?
On the same thread linked above I ran all of the above packages at the same time and maxed out my J3355 @ ~63Mbps, but that was with AES-256-CBC.
If you use pfSense 2.4.0 BETA it provides OpenVPN 2.4 which lets you run your server at AES-128-GCM instead, which is a more efficient and more sensible encryption level. Using that you can probably get everything you are asking for simultaneously at or near your line speeds. But I've never tried it so can't say for sure.
So if you can settle for the possibility of a little slower than line speed on your VPN server, then J3355 is definitely the way to go.
-
Thank you for your help!
I read your whole thread and the output of AES-128-GCM, that would do the trick for me. I don´t need the full speed for VPN usage, thats no problem.
But I need the full speed for the basic stuff like: snort, squid, pfBlockerNG, maybe HAVP, SquidGuard, DarkstatI was curious if that little apu can handle so many plugins :) I can max out the RAM and I would go for an SSD for fast caching.
Is it possible to run pfsense as an instance (vm) on that apu or is that too much?
The only board I found is this one: http://www.asrock.com/mb/Intel/J3355B-ITX/index.asp
What surprises me is the fact that they built a Parallel and COM port on that board? The last board I had with COM port was a INTEL Pentium 120 mhz :P -
By APU do you mean the J3355?
If so, yes it should work fine for you in a VM. The J3355 supports virtualization. Just make sure you buy a NIC that supports it as well (i340).
As for running all of those packages simultaneously, that looks like it would work fine but I've never tried that specific combo.
I will say that you might get better results with suricata than snort due to snort being single threaded only.
pfBlockerNG & DNSBL in my experience isn't much of a CPU hog.
Squid + squidguard I've never paid attention to its CPU usage because I abandoned it quickly but I wouldn't think it would have much of an impact on a home network.
I have no idea about HAVP.
Same for Darkstat, but I would guess that its performance impact is negligible.
That is the board that I have, there's also a micro ATX version, and I think that Asus makes one as well?
-
But I need the full speed for the basic stuff like: snort, squid, pfBlockerNG, maybe HAVP, SquidGuard, Darkstat
This means then to be a fully featured UTM device, and there fore you may need perhaps a little bit more horse power and RAM
on top of this. The APU2C4 is not really powerful enough to handle that amount of things.I was curious if that little apu can handle so many plugins :) I can max out the RAM and I would go for an SSD for fast caching.
Jetway NF9HG-2930 & 8 BG RAM & 120 GB mSATA would be nice to serve that network load, not ot much but powerful enough.
All in all ~350 Euros I would think about.