Which is the most suitable and future proof hardware for running pfSense?
-
The question obviously arises from the need for us end-users to move to 64-bit AES-NI -based hardware. So that basically means that old watchguards and ciscos are not future proof. But there has to be some hardware, in the range of 400-800 € or $ that can be had - second hand - much like the watchguards, but with newer specs.
Any ideas? Let's try to list different options. Pricewise I would say anything that is less than 50% of a new netgate is reasonable. Also, Netgates are not that commonplace in the EU to start with. This thread is not for "buy a computer and get a 4-nic network card" kind of solution, but rather about hardware that was manufactured to be a firewall from the beginning.
-
I'm also shopping for a new box now so I'm wondering the same thing. AES-NI is a no-brainer, and unfortunately eliminates a LOT of hardware out there, even being sold new for firewall applications.
Something I have been checking is processor support for VT-d for passthrough of networking and other hardware in virtualized applications. This is just now landing on the lowest end (apollo lake) embedded intel chips.
Intel i210/211/350 (igb) ports should take you further with the cool things coming out of dpdk and with VT-c/SR-IOV (again for virtualization).
As for "pc hardware with nics" vs "purpose built firewall hardware", that has been blurry for a VERY long time once you move into commercial/industrial grade motherboards, etc. They all have the same guts, which is why most of the new IoT industrial gateways have multiple DP video, etc. Proprietary form factors also lock you in and make it harder to swap things out in an emergency or move to a new case for further expansion.
-
in the range of 400-800 €
[]
Pricewise I would say anything that is less than 50% of a new netgate is reasonable.
In here are quite a few in your price range. Not used, but new.
Not good?
https://store.netgate.com/pfSense/systems.aspx
-
Well for me part of the fun is taking something old like a WatchGuard and doing a conversion like this. The other thing is that I am really disappointed that the SG-4860 is the only one that comes with a rackmount shelf or that they don't sell the shelf as an accessory, granted you could just use any old shelf… My thing is, if I am not buying a Net Gate to be used in production, which is what I would buy, then I am building one in my homelab for kicks... so I want it to look cool and go in my rack, I don't want some little thing for $149 or worse yet $299 flopping about....
Also, the Watchgaurd XTM 5 for example, can be had for $150 bucks or a bit more while something with more than 2 ports on the Net Gate site goes for over $500... granted it's got current gen hardware and the coveted AES-NI... so of course it will be more expensive, but I don't think its worth a $400 premium.... If they only had a ~200 Net Gate with 3-4 ports.... I want that 3rd port...
Sorry I am tired and rambling.. but idk for me it seems like there is a missing sweet spot in the product offerings, but that could just be me.
-
@Mr.:
in the range of 400-800 €
[]
Pricewise I would say anything that is less than 50% of a new netgate is reasonable.
In here are quite a few in your price range. Not used, but new.
Not good?
https://store.netgate.com/pfSense/systems.aspx
Not really in the pricerange. To get it to the EU, there will be shipping, then customs then local taxes on price + everything else. The MAGA-guy won't make things easier in this department at all in the future, because protectionism is the obvious solution to problems. So we are looking at a "cost" which is double the "price" to get a US firewall (and add in the fact that there might be power-issues and it may not be CE-certified, I don't know).
And as I implied, I am not looking for low-end homeuser stuff but something like a proper firewall - rackmount and 4-8 ports (at which point the above starts kicking in heavily for the netgates).
-
What about the latest Watchguard M400 & M500 series?
According to : http://www.watchguard.com/help/docs/hardware%20guides/Firebox_M400_M500_Hardware_Guide.pdf
They use Intel Celeron G1820 CPU & Intel Pentium G3420 CPU.
Now these are not AES-NI supporting CPU's. But there are plenty of FCLGA1150 socket CPU's that are.
I am hoping that by the time AES become a requirement the price on these series Watchguards will have dropped to something that is affordable. You can find them on Ebay UK for about £750 now.
Assuming that it is possible to replace the CPU and the BIOS is not locked out completely I would hope one of these would be viable candidate.
-
I just got the Qotom Core i5 (signature)
Base price is 216$ + 40$ shippingI chose 8G Ram + 64G M2.Sata extra , and ended up paying $341 incl shipping to EU
I have installed pfSense 2.40 on it , but will install it for real in the weekendNote !! you need a HDMI screen to install & setup Bios
/Bingo
I got from the QOTOM store in Aliexpress
Ohh decided to install a 240G SATA SSD instead of the 64G M.Sata - The Sata/pwr cable is alreasd inside the box , psu is included.
-
What about the latest Watchguard M400 & M500 series?
According to : http://www.watchguard.com/help/docs/hardware%20guides/Firebox_M400_M500_Hardware_Guide.pdf
They use Intel Celeron G1820 CPU & Intel Pentium G3420 CPU.
Now these are not AES-NI supporting CPU's. But there are plenty of FCLGA1150 socket CPU's that are.
I am hoping that by the time AES become a requirement the price on these series Watchguards will have dropped to something that is affordable. You can find them on Ebay UK for about £750 now.
Assuming that it is possible to replace the CPU and the BIOS is not locked out completely I would hope one of these would be viable candidate.
This is a good candidate for sure.
-
old watchguards and ciscos
Is there any Cisco hardware that can boot pfSense? I saw a post further down in this board with someone thinking of buying a 2901 and implying that they'd run pfSense on it, which I'm pretty sure isn't possible. I know the PIX and later ASA were and are x86 hardware but have yet to hear of anyone booting anything other than the prescribed OS on them. Just curious.
-
I thought I saw one for sale on ebay with pfSense mentioned - hence I used it as an example. Will need to check.