New Hardware Selection Help



  • Hi All,

    I am look for some advice on getting some new Hardware to create a custom build to place PFSense on to.

    I require WIFI, 3 x Gigbite Nic's decent cpu and ram. I plan to run the device at home,

    I want to run SNORT and VPN. I am based the UK and have a rough budget of £300.

    Thanks in advanced



  • I'm afraid your budget and requirements are a mismatch (depending on your network speeds).

    • Don't run WiFi inside pfSense, run 'standalone' access points and connect them to pfSense using ethernet
    • Snort on gigabit speeds requires powerful CPU and a bit of RAM
    • More than 1 Gigabit NIC means you'll have to add a card or get a motherboard with multiple NICs

    I'd say for about 100 more you can get a Ubiquiti UniFi AC AP, and the 300 you already had you can use to get a china-made i5-based box with gigabit ethernet like the Qotom of minisys systems.



  • Sounds like a plan I guess. I assume I will be able to run VLANs from the AP to the FW ?



  • I require WIFI, 3 x Gigbite Nic's decent cpu and ram. I plan to run the device at home,

    Sounds like a APU2C4 will be the best option to realize that.
    ~50 € for 120 GB ior 128 GB mSATA
    ~200 € APU2C4, case and PSU (bundle)
    ~ 50 € for WLE200NX or UBNT SR71-E and antennas

    I want to run SNORT and VPN. I am based the UK and have a rough budget of £300.

    And what is now the Internet line speed? And do you use PPPoE for log into the ISP Internet account?



  • @BlueKobold:

    I require WIFI, 3 x Gigbite Nic's decent cpu and ram. I plan to run the device at home,

    Sounds like a APU2C4 will be the best option to realize that.
    ~50 € for 120 GB ior 128 GB mSATA
    ~200 € APU2C4, case and PSU (bundle)
    ~ 50 € for WLE200NX or UBNT SR71-E and antennas

    I want to run SNORT and VPN. I am based the UK and have a rough budget of £300.

    And what is now the Internet line speed? And do you use PPPoE for log into the ISP Internet account?

    I have a 40/6 connection from BT and yes I PPOE . The APU2C4 looks like the best option.

    I have used a previous version for clients



  • I have a 40/6 connection from BT and yes I PPOE . The APU2C4 looks like the best option.

    For 40/6 it will be way enough to handle it, up to ~450 - 500 MBit7s it will be nice to go with it. But over that
    it has a to small footprint and is to slow. All is given there for you, silent, small form factor, mSATA with not
    sounding or moving parts, integrated wifi is also available and it could be sorted with an small modem and
    SIM card too if needed. It is available at the Varia-Store here in Germany and they are shipping nearly
    world wide. Some hints besides, you will be needing a 16 GB for firewall and VPN only usage, 32 GB
    with snort and perhaps 64 GB or 128 GB with Squid and SquidGuard and pending on the amount of
    users or the entire network load.

    This equipment of not in place will be the best option to get the hands on, because all failures are occurring
    even on Sunday with all sites closed shops! if you will need it you have it right handy there will be the best
    bet in my eyes!
    USB to Serial Adapter & nulll modem cable ~15 €
    PC Engines spi1a - Flash Recovery Board für APU2 ~5 €



  • Does Apu2c4 works without compromising speed while using openvpn with a connection speed of 50/10?
    Will it be too much for Apu2c4?  I am also planning to use adblocker in it. Does it suffice?



  • Does Apu2c4 works without compromising speed while using openvpn with a connection speed of 50/10?

    If your speed is 50/10 what do you expect to get out from that little small APU2C4?

    Will it be too much for Apu2c4?

    Depends even on your expecting? What do you think it must be delivering as OpenVPN speed?

    I am also planning to use adblocker in it. Does it suffice?

    If you mean pfBlockerNG DNSBL & TLD and subscribing then to all available lists it might be owning to low
    RAM then. The you might be sorted better with a more strong CPU and much more RAM.



  • @plikmuny:

    Does Apu2c4 works without compromising speed while using openvpn with a connection speed of 50/10?

    yes



  • Guys what do you mean ? i am not at all understanding what you are trying to explain.
    i want a device which doesnt compromise on Internet Speed when i am using Openvpn.
    i also dont want to invest too much on Hardware. Hence i asked for help on deciding which Hardware to choose.

    i live in Germany. currently using 50/10 Telekom ISP. may upgrade in 6 Months to 1 year to 100/20.

    Now i have never used pfsense. all i want to ask is APU2C4 better or i5 5250 Qotom Q355g4 is better in Terms of Performance and Electricity.
    APU2C4 is 170€ at present. and Qotom Q355g4 is 290 including 4gb RAM and 64gb SSD.

    which one should i buy ? i may also run Squid depending on ist usefulness for me at home. As i said pfsense is new for me… i have to explore ist uses...



  • You can do this with used desktop class hardware and try to find used intel gigabit nics from someone who is upgrading from 1gbps to 10gbps.

    In the USA ebay is flooded with the type of equipment that could handle this job on the cheap for you.

    I'd look for a 3ghz or better dual core or better that also supports AES-NI.

    Probably a AMD-8150 based system or better with 4gb or more and a couple drop in intel server nics.

    Yes - You can do it cheap, but the power requirements will be high.



  • This processor could handle the task.

    http://www.cpu-world.com/CPUs/Bulldozer/AMD-FX-Series FX-4100.html

    Used, they are about $30

    Intel NICs that are netmap compatiblel will probably cost you $20 each.

    Yeah - You can do it.

    I'd drop in a small SSD, 16gb or better.

    Nothing you need will be hard to find or expensive but it will not be system on chip, compact form factor, low power, air cooled etc.  But it will be fast.



  • @plikmuny:

    Guys what do you mean ? i am not at all understanding what you are trying to explain.

    I thought a simple "yes" was pretty clear: an APU2 will do 50Mbps VPN with no problem.



  • The Qotom has more horse power, more ports and can be sorted with more RAM as the APU2C4.
    For beginners it will be useful to follow between 8 - 10 of this in german written HowTo´s to start
    with pfSense and the most of them must be only retyped one by one. Really nice if you are starting
    with pfSense. aqui´s HowTo´s



  • @BlueKobold:

    The Qotom has more horse power, more ports and can be sorted with more RAM as the APU2C4.

    Not that any of this actually matters for the task of firewalling a 50Mbps connection with a VPN. So, yes, spending 50% more will buy you more horsepower, burn more electrons, and cost 50% more.



  • @kejianshi:

    You can do this with used desktop class hardware and try to find used intel gigabit nics from someone who is upgrading from 1gbps to 10gbps.

    In the USA ebay is flooded with the type of equipment that could handle this job on the cheap for you.

    I'd look for a 3ghz or better dual core or better that also supports AES-NI.

    Probably a AMD-8150 based system or better with 4gb or more and a couple drop in intel server nics.

    Yes - You can do it cheap, but the power requirements will be high.

    Hi, but this amd cpu has tdp from 95w?  How much electricity  does it consume?



  • maxed out, 95w.  Idling, much less.  There are other dual core processors in the 45w and 65w range that will work.

    Just get something from 2012 or later thats 64bit and supports AES-NI.

    You have choices.  New and very power efficient or older, fast and not as power efficient.

    Something like this is pretty new, lower power, and very very fast.  i3-7100

    Buying from the netgate store is cool also. Might save you some headaches trying to build your own.



  • I can go with APU2C4, but it has only 3 LAN ports. but i Need Minimum 4 LAN Ports.
    Also i am not seeing any i3 7100U based Qotom Devices on Ali with Minimum 4 LAN Ports.
    Can you Point me out and how much does they cost ? is it better to buy a bare bone Device and add RAM & SSD or buy a configured complete Set ?. then i am not sure which Company Parts are added and how they would perform compared to the better ones.
    Upto 500 mbps connection Speed i can use APU2C4 , thats what i learnt from here. Is that true that AMD is better than Intel because AMD has more single clock  core Speed ?



  • Aliexpress isn't magic. If you want something very custom you need to build it from components.



  • is it better to buy a bare bone Device and add RAM & SSD or buy a configured complete Set ?

    If you will find something that is really matching to your needs take it, if not you are able to sort this with other
    hardware you will be able to get for cheap or they are matching better to your needs.

    Get a small Intel i3 or Core i5 with dual or quad cpu cores likes you like or need it.
    Intel® Core™ i5-5200U Processor 3M Cache, up to 2.70 GHz = 5th generation Intel Core i5 CPU
    QOTOM-Q355G4 2017

    DHL - shipping fee to Germany US $33.68 - time between 8-17 days - status: Available
    This item is in stock an will be sold from the Qotom flagship store on aliexpress.com
    They accept paypal, VISA and Master Card payment, if you prefer to order online they
    are able to provide you an amazon link, but you must ask them before placing the order
    because this will be not even able to realize, as I understood it!!!

    I would get it with 8 GB RAM and an Intel 60 GB mSATA.


Log in to reply