pfSense on QNAP NAS



  • I'm thinking of buying a QNAP NAS and would like to run pfSense on it (want to reduce the number of devices on my network rack). As everyone knows, Netgate just released pfSense for use on certain QNAP models through its "Virtualization Station" app. Although it's only been out a week, I was wondering if anyone's had a chance to look at it. I'm new to QNAP (as well as pfSense) and I'm wondering how involved it would be to set up. From what I've read, it seems pretty straightforward, but reality is often different. 😏

    Also, since this runs on a VM, which has it's own overhead, I'm wondering how much processing power the NAS will need to run pfSense with basic security services (like Snort, pfBlocker, OpenVPN, LightSquid), as well as all the storage duties, without throttling my 100/10Mbps bandwidth. The NAS models I'm considering are TS-473 (AMD RX-421ND cpu, 4635 passmark) and TS-677 (AMD Ryzen 5-1600, 12298 passmark). The TS-473 is less than half the cost, so I would prefer it if it can handle this.

    Thanks for any feedback. I hope this is a reasonable thing to try.



  • Hello there,

    I recently started putting the pfsense on the ts-677. With basic configuration as provided by QNAP installation guide. I was able to get 940 Mbps and 7 Mbps despite the fact that I have 1Gbit both ways internet. I need to do more testing. But it looks promising. In addition, there are other threads on here that are related to this topic. Hope this will help you.

    https://forum.netgate.com/topic/95439/virtualized-pfsense-on-qnap-nas



  • @brother_scud said in pfSense on QNAP NAS:

    Hello there,

    I recently started putting the pfsense on the ts-677. With basic configuration as provided by QNAP installation guide. I was able to get 940 Mbps and 7 Mbps despite the fact that I have 1Gbit both ways internet. I need to do more testing. But it looks promising. In addition, there are other threads on here that are related to this topic. Hope this will help you.

    https://forum.netgate.com/topic/95439/virtualized-pfsense-on-qnap-nas

    Thanks so much for the feedback. It's the sort of information I've been looking for. If you don't mind me asking, are you running just the firewall, or do you have other packages (like Snort, SquidGuard, etc) going as well? I ask because I know these other packages (Snort in particular) can consume a lot of processing power and really throttle the throughput. It can be up to an order of magnitude based on specs sheets I've seen from other security vendors.

    Also, any idea why your upload is so low?

    Thanks again for the feedback. It is indeed sounding promising!



  • Hey there,

    after trying out for couple days, I couldnt figure out what was the issue. Looks like I need to contact the Qnap support for their opinions on AMD machine despite disabling the hardware checksum. Other wise Im going to try other firewall softwares out there.

    And no, Im just testing with basic configurations if it can get me the speeds then I would do the next steps. I am quite new to pfsense.

    if I have any updates in the future, I ll post good news here :)



  • @pmk3
    Hey there,
    Update: I was able to get the full speeds up perfectly with QNAP's pre-image and the NAS did not struggled at all. Very happy with the performance. Which program do you recommend me first to try? Or the most CPU intensive..

    In Nerd mode: The issue was one of the 4 adapters were strangely acting up.

    So far really happy with the equipment.

    cheers



  • @brother_scud said in pfSense on QNAP NAS:

    @pmk3
    Hey there,
    Update: I was able to get the full speeds up perfectly with QNAP's pre-image and the NAS did not struggled at all. Very happy with the performance. Which program do you recommend me first to try? Or the most CPU intensive..

    In Nerd mode: The issue was one of the 4 adapters were strangely acting up.

    So far really happy with the equipment.

    cheers

    Thanks for the update! Happy to hear you got it working.

    In terms of packages, I've read that Snort (intrusion detection and prevention system) can be quite cpu intensive. Other packages that interest me are pfBlockNG (for blocking incoming and outgoing traffic based on IP address or domain name), and SquidGuard (URL filter and redirector). I don't know if there are packages for spam or virus filtering, but those would be worth checking out as well. I know the throughput can drop dramatically (up to 10x) when you start running other services, so I'll be interested in hearing how it does.

    Thanks for checking it out!



  • @pmk3
    So after months of testing with pfsense and fine-tuning. Im please to say that the Ts677 has minimal issue in running the image of Pfsense provided by Qnap. I am currently running Snort (IPS set to security), pfblockNG, and OpenVPN. I have running speed-tests at various points and I can confirm that it does not affect my gigabit connection at all. I was very surprised that it runs flawlessly on 2GB allocated RAM and not needing SSD drives.

    Atop of that I was able to run Plex, syncing services, setting virtual drives. The Ts 677 has no issue what is thrown at it. What I really appreciate of this server is the 4 ports in which 3 ports can be balanced throughout the network (when it comes to accessing the server internally).

    Hope that helps

    Specs:
    Ts-677 8g
    4x 10tb raid 5 (took less than a day to raid sync)


  • Galactic Empire Netgate

    Great info, thank you!



  • @brother_scud said in pfSense on QNAP NAS:

    @pmk3
    So after months of testing with pfsense and fine-tuning. Im please to say that the Ts677 has minimal issue in running the image of Pfsense provided by Qnap. I am currently running Snort (IPS set to security), pfblockNG, and OpenVPN. I have running speed-tests at various points and I can confirm that it does not affect my gigabit connection at all. I was very surprised that it runs flawlessly on 2GB allocated RAM and not needing SSD drives.

    Atop of that I was able to run Plex, syncing services, setting virtual drives. The Ts 677 has no issue what is thrown at it. What I really appreciate of this server is the 4 ports in which 3 ports can be balanced throughout the network (when it comes to accessing the server internally).

    Hope that helps

    Specs:
    Ts-677 8g
    4x 10tb raid 5 (took less than a day to raid sync)

    Thanks so much for the update. Very glad to hear it's working well for you. I had read that pfSense is relatively lightweight (with regard to resource requirements) and your experience seems to bear that out.

    I haven't done anything further on this, although I was starting to lean back towards a dedicated appliance for the firewall since it would need to be on 24x7. I wasn't sure I wanted my NAS on all the time since I don't think I would access it all that often. More to think about!



  • Hello,

    I run pfSense in a QNAP TS-251+. I upgraded the QNAP to 16GB RAM; in the virtualization station, I have allocated 2GB for the virtualization station itself, 4 GB of RAM as well as 2 out of the 4 cores for the pfSense VM. I did not use the image provided on the QNAP page but the "original" pfSense ISO for installing the VM.

    The whole setup works well after some tweaking and experimenting. The QNAP has two physical network adapters. One is connected to my cable internet, the other one to my router (that serves as WLAN repeater only). Both physical network adapters have been assigned a virtual network adapter in QNAP.

    I use pfSense as router for establishing my internet connection, DHCP server for the devices in my network, snort and connecting as client to three different VPN servers at the same time.

    Since I am living in China, I cannot really say reliable things about the connection speed but the whole setup works well. All my network devices connected via wifi have a VPN connection to the free world; my china devices in the network are blocked via firewall rules from establishing any connections to the outside world.