New pfsense for soho



  • I’m just getting started with pfsense. Want to get something for my home network that will be somewhat future proof and supports AES-NI. Plan to install snort and OpenVPN at a minimum. Probably a few other packages as well. No WiFi though. I’ll use seperate AP’s for that.

    I’ve been looking at this- https://www.amazon.com/Firewall-Appliance-Gigabit-AES-NI-Barebone/dp/B072ZTCNLK

    It’s manufactured by a California based company with good user reviews so hopefully hardware support would be good if needed. Hoping to get some feedback from the pfsense community though, if anyone is already using this box. Also not sure how much ram and storage to purchase. My inclination is 8GB ram and a 120GB SSD, but maybe that’s overkill?



  • @wgstarks:

    I’m just getting started with pfsense. Want to get something for my home network that will be somewhat future proof and supports AES-NI. Plan to install snort and OpenVPN at a minimum. Probably a few other packages as well. No WiFi though. I’ll use seperate AP’s for that.

    I’ve been looking at this- https://www.amazon.com/Firewall-Appliance-Gigabit-AES-NI-Barebone/dp/B072ZTCNLK

    It’s manufactured by a California based company with good user reviews so hopefully hardware support would be good if needed. Hoping to get some feedback from the pfsense community though, if anyone is already using this box. Also not sure how much ram and storage to purchase. My inclination is 8GB ram and a 120GB SSD, but maybe that’s overkill?

    No it's not manufactured by a Californian company. It's a rebranded generic china box. If you want one of those, I'd suggest using aliexpress as they are probably also the ones you'll get from a drop shipping company like protectli.



  • This is what you're looking at: https://forum.pfsense.org/index.php?topic=132528.0 just sold from someone else with extra fees probably.



  • If you like the Protectli "style" device, the real manufacturer sells them here: https://aliexpress.com/item/Minisys-4-Lan-pfsense-minipc-Intel-atom-E3845-quad-core-mini-itx-motherboard-linux-firewall-computer/32825684280.html

    The other protectli devices are form the same manufacturer: https://aliexpress.com/store/product/Best-pfsense-computers-intel-kaby-lake-celeron-3865u-dual-core-fanless-mini-pc-6-gigabit-lans/3058001_32821041344.html

    This does not mean Protectli is bad or anything, but if you are going for community support and custom firewalling, there is no point in giving money to a middleman that 'adds value' (not really - maybe a support email address).

    If protectli or one of the other resellers (there are many that sell the Qotom / MiniSys boxes) were to actually deliver something 'better' or 'on top of' then great, same goes for turnkey appliances (but they'd have to sort out licensing with Netgate for the pfSense trademark I guess) etc. but since hardware isn't really all that complicated and actual support for pfSense is available from the creators for a reasonable price, there really isn't much they can add to the hardware, it's all in the software these days.



  • I was told on the Qotom thread that the Protectli was not a Qotom, and the hardware looks slightly different.
    Nevertheless, I am more comfortable ordering from Amazon than Aliexpress, and have ordered several of the boxes you referenced.
    I'm using 4 GB memory sticks and 16 GB msatas that were surplus from laptop upgrades. If you don't order the barebones, it will come with decent memory and a cheap msata. Mine was Samsung memory and a hoodisk msata. Easy install from the memstick, boxes have been solid so far.
    edit- Yes, you could get the same box shipped from China in about two weeks (DHL), or you could pay $28 more and get it in two days from Amazon and be able to easily return it if there is a problem. You pay your money and take your chances. Maybe the price difference is greater in the Netherlands, but for me (in the US), it's not worth my time to deal with China directly. Protectli does have some sort of support. I've never had to use it, but I'd rather have someone to reach out to in the same country, if only for time zone and language difficulties.



  • @johnkeates:

    If you like the Protectli "style" device, the real manufacturer sells them here: https://nl.aliexpress.com/item/Minisys-4-Lan-pfsense-minipc-Intel-atom-E3845-quad-core-mini-itx-motherboard-linux-firewall-computer/32825684280.html

    The other protectli devices are form the same manufacturer: https://nl.aliexpress.com/store/product/Best-pfsense-computers-intel-kaby-lake-celeron-3865u-dual-core-fanless-mini-pc-6-gigabit-lans/3058001_32821041344.html

    This does not mean Protectli is bad or anything, but if you are going for community support and custom firewalling, there is no point in giving money to a middleman that 'adds value' (not really - maybe a support email address).

    If protectli or one of the other resellers (there are many that sell the Qotom / MiniSys boxes) were to actually deliver something 'better' or 'on top of' then great, same goes for turnkey appliances (but they'd have to sort out licensing with Netgate for the pfSense trademark I guess) etc. but since hardware isn't really all that complicated and actual support for pfSense is available from the creators for a reasonable price, there really isn't much they can add to the hardware, it's all in the software these days.

    Thanks for the link. The pictures look like the same hardware and it’s about $100 cheaper, but that’s really all I can tell. The page is all in german(?) maybe. No idea what I’d be ordering.

    Would really appreciate some recommendations on how much storage/ram is needed?



  • Protectly uses MiniSys indeed, not Qotom.

    Here, ordering something from Aliexpress is almost always faster than Amazon, unless you pay about 50 euros (about 60 USD) to get it in 1-2 days. Returns are also easier and you pretty much always get your money back even before your item has arrived back at the seller, or the new/replacement item arrives before the broken/old one has returned.

    Also, it really depends on stock, most of the stuff I've heard from the MiniSys/Qotom rebranding/resellers is that they just dropship from china anyway which practically means that when you order from an Amazon shop, you are still ordering from china directly.

    I suppose if you live in the USA the national services are cheaper or faster due to proximity, pretty much everyone else in the world is far away, except Canada and Mexico.

    @wgstarks:

    Thanks for the link. The pictures look like the same hardware and it’s about $100 cheaper, but that’s really all I can tell. The page is all in german(?) maybe. No idea what I’d be ordering.

    Would really appreciate some recommendations on how much storage/ram is needed?

    I think Aliexpress prefixes the URLs with the country code, I removed them, it should be in english now. Basically, the first link is the box that is being sold on Amazon for 100 more.



  • @johnkeates:

    @wgstarks:

    I’m just getting started with pfsense. Want to get something for my home network that will be somewhat future proof and supports AES-NI. Plan to install snort and OpenVPN at a minimum. Probably a few other packages as well. No WiFi though. I’ll use seperate AP’s for that.

    I’ve been looking at this- https://www.amazon.com/Firewall-Appliance-Gigabit-AES-NI-Barebone/dp/B072ZTCNLK

    It’s manufactured by a California based company with good user reviews so hopefully hardware support would be good if needed. Hoping to get some feedback from the pfsense community though, if anyone is already using this box. Also not sure how much ram and storage to purchase. My inclination is 8GB ram and a 120GB SSD, but maybe that’s overkill?

    No it's not manufactured by a Californian company. It's a rebranded generic china box. If you want one of those, I'd suggest using aliexpress as they are probably also the ones you'll get from a drop shipping company like protectli.

    Thanks. Is Alibaba the same as aliexpress? Can’t find an english website for aliexpress.



  • @johnkeates:

    Basically, the first link is the box that is being sold on Amazon for 100 more.

    I accidentally added the shipping twice, but for a barebones shipped 6-13 days, it's $191.46, so you save $57
    Mine shipped free two day from an Amazon warehouse. I've never done a return on Aliexpress, I'd be amazed if was better than Amazon- they have always just sent a replacement and a label to return the old one.
    It all depends on your location, how soon you want it, and if you would rather deal directly with the factory, or with a local reseller.
    Anyway, they seem to be decent boxes, I'm reserving final judgement until I've had several in the field for a year or so.



  • @wgstarks:

    Is Alibaba the same as aliexpress? Can’t find an english website for aliexpress.

    Follow the link from the Dutch site to the English site. (Go to Global Site) The language will be stuck from when you visited the Dutch site.



  • @johnkeates:

    Protectly uses MiniSys indeed, not Qotom.

    Here, ordering something from Aliexpress is almost always faster than Amazon, unless you pay about 50 euros (about 60 USD) to get it in 1-2 days. Returns are also easier and you pretty much always get your money back even before your item has arrived back at the seller, or the new/replacement item arrives before the broken/old one has returned.

    Also, it really depends on stock, most of the stuff I've heard from the MiniSys/Qotom rebranding/resellers is that they just dropship from china anyway which practically means that when you order from an Amazon shop, you are still ordering from china directly.

    I suppose if you live in the USA the national services are cheaper or faster due to proximity, pretty much everyone else in the world is far away, except Canada and Mexico.

    @wgstarks:

    Thanks for the link. The pictures look like the same hardware and it’s about $100 cheaper, but that’s really all I can tell. The page is all in german(?) maybe. No idea what I’d be ordering.

    Would really appreciate some recommendations on how much storage/ram is needed?

    I think Aliexpress prefixes the URLs with the country code, I removed them, it should be in english now. Basically, the first link is the box that is being sold on Amazon for 100 more.

    That didn’t work too well, but thanks for the try. Actually found the same listing (different distributor) on alibaba for about $20 less. I’ll probably just go with a barebones box from the cheapest supplier and buy ram and SSD locally. That will give me more time to figure out how much I need.



  • @dotdash:

    @wgstarks:

    Is Alibaba the same as aliexpress? Can’t find an english website for aliexpress.

    Follow the link from the Dutch site to the English site. (Go to Global Site) The language will be stuck from when you visited the Dutch site.

    That worked. Thanks.



  • @wgstarks:

    @dotdash:

    @wgstarks:

    Is Alibaba the same as aliexpress? Can’t find an english website for aliexpress.

    Follow the link from the Dutch site to the English site. (Go to Global Site) The language will be stuck from when you visited the Dutch site.

    That worked. Thanks.

    It's really annoying how aliexpress/alibaba messes with the language settings. I'm currently in The Netherlands so they direct me to their dutch translated site, and I keep having to go back to english. I guess the global site works better for me as well.



  • Could still use some recommendations on how much storage I’ll need running snort OpenVPN-as and maybe a few other apps? I understand snort may require a fair amount.



  • @wgstarks:

    Could still use some recommendations on how much storage I’ll need running snort OpenVPN-as and maybe a few other apps? I understand snort may require a fair amount.

    You'll need about 8GB RAM if you are running a few packages like IDS/IPS and if you log a lot you might want a 64GB SSD to make sure you have the room for it.



  • Thanks everyone for the help.



  • I wound up ordering the box from an alibaba retailer just because the shipping time will be about 4 weeks vs 8-10 weeks from aliexpress. I can see why people would be willing to pay an extra $100 to get 2 day delivery.

    The unit I ordered will have a preinstalled msata SSD with who knows what kind of garbage on it. I’m pretty much a noob at this and not sure of the best way to erase the drive prior to loading pfSense. Any suggestions? Will the installer wipe the drive?



  • @wgstarks:

    Will the installer wipe the drive?

    Never mind. I think I found my answer-
    https://doc.pfsense.org/index.php/Installing_pfSense#Embedded

    Looks like the installer will format the target disk as UFS if these are the correct instructions?



  • The installer wil happily wipe the drive. If you ordered a Qotom box with preinstalled SSD and RAM, they usually put a non-activated Windows 7 image on it during their last hardware QA test to make sure everything works. If you order them with no RAM (in case you supply your own) they will clear the SSD for you as it should be delivered as a 'clean' box then.

    Regarding alibaba vs. aliexpress, I'm not sure how they differ. I know aliexpress was designed by alibaba (same company) to be targeted at western countries (more PayPal / Amazon / Ebay style protections etc), but I never had shipping time differences. Even with the 4-day DHL shipping (cost me about 15) it's the same on either site.

    When installing the Box, keep in mind that pfSense has at least two flavours, one uses the HDMI port for initial setup, the other uses the serial port. In the Qotom topic, on one of the last pages, there is a small list of BIOS settings and UEFI installs that work for most people. Regarding writing the image, win32imager or whatever it's called should work, if you have a Linux or Mac computer, you can use cp or dd.

    Depending on how the ethernet chips are setup, the ports on the front might be registered in a different order in pfSense. This is no big deal, and you can re-label them in the interface. Also, see the Qotom topic for that ;-)



  • @johnkeates:

    The installer wil happily wipe the drive. If you ordered a Qotom box with preinstalled SSD and RAM, they usually put a non-activated Windows 7 image on it during their last hardware QA test to make sure everything works. If you order them with no RAM (in case you supply your own) they will clear the SSD for you as it should be delivered as a 'clean' box then.

    Regarding alibaba vs. aliexpress, I'm not sure how they differ. I know aliexpress was designed by alibaba (same company) to be targeted at western countries (more PayPal / Amazon / Ebay style protections etc), but I never had shipping time differences. Even with the 4-day DHL shipping (cost me about 15) it's the same on either site.

    When installing the Box, keep in mind that pfSense has at least two flavours, one uses the HDMI port for initial setup, the other uses the serial port. In the Qotom topic, on one of the last pages, there is a small list of BIOS settings and UEFI installs that work for most people. Regarding writing the image, win32imager or whatever it's called should work, if you have a Linux or Mac computer, you can use cp or dd.

    Depending on how the ethernet chips are setup, the ports on the front might be registered in a different order in pfSense. This is no big deal, and you can re-label them in the interface. Also, see the Qotom topic for that ;-)

    I ordered the MiniSys unit linked earlier. Was planning on installing from flash drive. Have I got that wrong?



  • @wgstarks:

    @johnkeates:

    The installer wil happily wipe the drive. If you ordered a Qotom box with preinstalled SSD and RAM, they usually put a non-activated Windows 7 image on it during their last hardware QA test to make sure everything works. If you order them with no RAM (in case you supply your own) they will clear the SSD for you as it should be delivered as a 'clean' box then.

    Regarding alibaba vs. aliexpress, I'm not sure how they differ. I know aliexpress was designed by alibaba (same company) to be targeted at western countries (more PayPal / Amazon / Ebay style protections etc), but I never had shipping time differences. Even with the 4-day DHL shipping (cost me about 15) it's the same on either site.

    When installing the Box, keep in mind that pfSense has at least two flavours, one uses the HDMI port for initial setup, the other uses the serial port. In the Qotom topic, on one of the last pages, there is a small list of BIOS settings and UEFI installs that work for most people. Regarding writing the image, win32imager or whatever it's called should work, if you have a Linux or Mac computer, you can use cp or dd.

    Depending on how the ethernet chips are setup, the ports on the front might be registered in a different order in pfSense. This is no big deal, and you can re-label them in the interface. Also, see the Qotom topic for that ;-)

    I ordered the MiniSys unit linked earlier. Was planning on installing from flash drive. Have I got that wrong?

    No, flash drive is fine. As far as I know, VGA console (over HDMI) should work too. I don't know about the UEFI settings, not sure if you need to manually disable the CSM before UEFI install works on MiniSys, but it should probably be fine, they most likely use the same standard UEFI package from Intel, just like Qotom.



  • Wish I had bumped into this thread earlier, for no other reason than for comparison shopping, but I did end up buying from ProtectLI/Amazon at +usd70.

    I don't think the saving$ would had make up for the longish-ship and risk-when-trouble/english support.  I mean ProtectLI shipping are handled by Amazon that means any prob and you can return at your Zero expense. As any Amazon customer knows, you get your $ back as soon as UPS scans your return package, don't know anybody who makes return so user friendly. Scanning through the reviews ProtectLI, as promised was able to provide in-depth tech support fixing one's Samsung SSD issue with an updated BIOS and another fix for near-gigabit thruput, I doubt if one can get that kind of support unless you know Chinese, from Ali.

    Anywhoo, your risk/patience tolerance and piggy bank will dictate which way u go.  Scanning just about every Amazon review, I don't see anybody having any prob at all installing Pfsense on the ProtectLI boxes, with a few obviously DOA.



  • I didn’t have any problems with mine. Make sure you re-install though. I wouldn’t trust the pre-installed software.



  • Amazon is rather expensive here, I guess it only works if you are in a Amazon-country.



  • @wgstarks:

    I didn’t have any problems with mine. Make sure you re-install though. I wouldn’t trust the pre-installed software.

    Oh no prob there, I got the bare bone, only trusting brand name Crucial+Sandisk. This is my production box, don't need no strange issues.  10 days now 24x7. If it doesn't break the next 20 days, I should be OK.


Log in to reply