Best Processing Power vs Power Efficiency Compromise - Home Gigabit

  • Hello,
    I'm new to Pfsense and I have been browsing for a few days trying to understand what would give me the power I need for the feature set I'm looking for while trying to minimize power consumption and noise.


    • Future: VPN Client (Maximize bandwidth on a 1Gbps link)
    • Future: VPN Server
    • Future: IDS
    • QoS

    Hardware Preferences

    • Small form factor (mini/micro ITX?)
    • Passive cooling is preferred
    • Dual nic is fine (3-4 would be nice to have)
    • Intel nics
    • Ability to handle 1Gpbs w/o maxing-out resources (future proof)
    • Power efficient (not sure about what I should be shooting for here in terms of power consumption while idling vs full load, etc).
    • Processor supports AES-NI

    Ideally I would like to spend ~$300 but I'm open to any suggestions.
    I'm looking to build something I can use for a good number of years.

    Any recommendations based on your own experience would be greatly appreciated.

    R. Rod

  • For 300, pcengines hardware would probably be available (APU2)
    AFAIK, it does not do full GB, but pretty close.

    I have no experience with it (yet). I'm still debating whether to buy an APU2C4 or an SG3100 (at more than double the cost).

    I'm near Zurich, so PCEngines is really a local business here. The price is another factor, but given the intended lifespan of the system, it's not all down to price.

  • So to add to @rainer_d comment, I've recently purchased the APU2C4 as my pfsense box and frankly considering the costs I'm rather impressed. I'm have a WAN\LAN setup running Squid, Squid Guard, Suricata, PFBlockerng, and ntopng - my main focus is keeping my kids from getting into too much trouble as they start exploring the internet. Looking at the performance to energy cost, I really feel this box hits a lot of check boxes. Sadly, I'm limited in my bandwidth so I can't speak to how it handles on 1Gbps, but I've hear you can get close but I don't know if would need to limit the packages your running.

    If you do end up do end up looking at the APU2 setup, here is what I came up with so far to improve performance:

    1. Get thermal grease and stand the box vertically - Reduced my CPU temp by 10C
    2. Avoid ClamAV, it will eat the CPUs alive with large downloads
    3. Suricata seems to perform better than Snort, but is twice as hard to setup... but twice the trouble is twice the fun in my book. Between the multi core support and the APU2 supported inline mode, you can get IDS on without to much impact to your system.
    4. Get the 4GB version, it's not much more and gives you lots of RAM to play with.

Log in to reply