ZBOX CI547 users here?
-
Hi there,
I am currently using a PC Engines APU2 Board on a 200/10 Internet connection with Snort enabled. I plan to upgrade to a 1000/50 connection soon.
The PC Engines boards are not an option because they wont be capable to handle the throughput.
I thought of getting a zBox CI547 Barebone with 2x GBit/s NICs. Anybody here who uses this box with PfSense?
Cheers,
Henry
-
The NICs are Realtek. It has only two NICs which might be enough for now but who knows what ideas will pop up in your head down the road. I like to have options and be able to experiment. Because of this I would not recommend it. If I were you I would rather buy Qotom with i7-5500U. That would be more than enough for 1Gbps. It is a lot cheaper too.
-
Yes, I do. Usually I prefer Shuttle's XPC slim DS77... boxes, if 2 NICs are sufficient. The ci547 works fine, but has two limitations which may or may not matter.
First Shuttle's cooling system is better. It typically runs at 5°C to 10°C higher temperatures than a Shuttle or a small server system with more NICs (1 MB fan at generic settings). The other disadvantage may be that the ci547 does not support M.2 strips.
AFAIK and as far as I have testet, there is no intrinsic support for the onboard WiFi chips, though newer FreeBSD distribution seem to have an appropriate driver. I haven't looke at the details as I usually install larger mesh systems. This is valid for Zbox and Shuttle.
-
@pvn You are right. 2 NICs are the absolute minimum and I’d prefer more NICs - if possible Intel NICs. I read a lot about the Qotom machines and I also checked their website. I could not find a machine with a i5 or i7. Just a Celeron. I also would like to have AES-Ni support so the Celeron is not an option.
Here is my biggest problem with the Qotom machines: I live in Germany and I could not find a reseller. I can order it from the chinese website only and shipping + import tax adds a lot to the total price.
Any other suggestions? They are highly appreciated.
Cheers,
Henry
-
@jsphgttgns Hey, thanks for your reply. 2 NICs are the absolute minimum. I’d be glad if the machine would have more NICs and (if possible) Intel ones. The zBox CI was just my first shot. It doesn’t have to be this one. I am open for other suggestions. The wifi card in the zBox is not interesting for me because I use Access Points and switches from Ubiquiti Networks. They are work really great. It doesn’t need to be a fanless solution.
Can you suggest any other devices?
Thanks in advance.
Henry
-
Hardware encryption is not really that critical. It depends how many tunnels you have to support. Usually about a dozen tunnels are not critical. If I can't use the Shuttle barebones, I'll almost always use the Asus basic motherboards (P10s series currently) with small Xeons. I have 4U beasts and 2U things in Chenbro cases with more or less standard PSUs. It depends. I usually add an extra NIC card with 2 or 4 ports (i.e. 6-8 for the system, but my systems are usually multi-wan, ...). In Germany Allnet has nice Intel cards which are about half the price of the official Intel cards.
-
@elmnts you can find this model on eBay. I am not sure if posting links to eBay is against the forum rules but if you search for "pfsense 5500U" you will find it. It is $347.20 with free shipping to US.
-
@jsphgttgns You are right. Hardware encryption is not really that critical. It´s just my wife and me who use OpenVPN and I have a couple of IPSec Tunnels. I think I will stick to the Shuttle DS77u5. That sounds like a good solution.
Thank you!
Henry
-
@elmnts Acually, the i3 is more than sufficient. Even the Celeron would be ok, but then reloading of larger tables, etc. (e.g. snort, pfblockerng) would take a longer time, which is not so nice in case you have to wait.
I like to use 8GB+ of RAM, though that is also not really necessary.
-
@burchsung said in ZBOX CI547 users here?:
Hi...i am a new user here. As per my knowledge it has only two NICs which might be enough for now but who knows what ideas will pop up in your head down the road. I like to have options and be able to experiment. Because of this I would not recommend it.
WTF. This is a copy-paste from my response.
-
@pvn spammer getting ready to spam
-
@pvn Was that post here? Did it get deleted?
-
@stephenw10 said in ZBOX CI547 users here?:
@pvn Was that post here? Did it get deleted?
I don't get what are you asking. The copy-pasted post clearly is not deleted.
