Rack Mount pfSense Router Build
Apologies ahead of time for the longer post, but I would like to provide as much detailed information as possible, so that you're able to help me.
I know there are tons of threads about builds, and I have probably read through them all by now at this point. Unfortunately, none of them really address everything I'm looking for, and if any do, they are likely much older threads, with older hardware that is no longer available and have likely fallen out of date.
I feel I have a good enough idea on the information I need to provide you all with, so that you can kindly provide me with some options. I am looking for some help with specific components for a pfSense router build. I will list out all of the information that I have thought of that would help you, help me. Again, I am looking for specific URL's pointing to current available components for this build (ie. mobo/cpu/case/power supply/nic etc..).
I would like to keep this as a low power and energy efficient as possible (it is a router), while still saturating my gigabit internet service, and meeting as much of the criteria listed below as possible. I would like to keep the cost of this between $300-500 if at all possible. Given the fact that I am hearing the NIC is likely one of the most important factors in the build, I don't want to skimp out on this. If this price point is too low for what I'm looking for, I can always piece together some of the other random stuff at my leisure (memory / ssd etc..)
I am currently running my pfSense router in a virtualized environment, however I would like to have this on it's own dedicated hardware. Given the fact that I just recently moved over to a gigabit connection (1gb/1gb), I need to ensure that I can saturate this connection. After reading many threads, I am more of a realist and understand I cannot achieve everything I want for the price-point I am seeking. While I would certainly like to at some point in the near future implement Open VPN, I am really not too concerned about reaching 500-900mb (as many people through the threads I've read are), but I would like to ensure that it provides the highest throughput possible, while fitting most of the specs below.
This router, will be for my own personal home use.
- Looking to build my own router here, not purchase used.
- Do not want to purchase a pre-built appliance from NetGate.
- Do not want to purchase a pre-owned Dell R2 or watchdog etc..
- I have a full server rack in my home, so this build must be rack mountable.
- I would prefer a 1u Rack Mount Case (Not opposed to 1.5 or 2u case) only if there are issues with sizing etc.
- Do NOT want small form factor or desktop build etc..
- I would like to keep this as low power as possible (don't have a number in mind, as low power as we can get it).
- Absolutely require AES-NI CPU
- Must saturate my current Gigabit Internet connection
- Likely will want Open VPN (as high througput as possible)
- Support for over ~6 VLANS, and potentially dozens of firewall rules / NAT etc..
- Unlikely, but possibility of supporting SQUID
- Will need to support IDS, Snort, among other miscellaneous packages (do not want to be limited).
- As future-proof as much as possible.
- 4-port Intel NIC
I am not partial to any brands.
Would prefer server grade hardware (reliability in very hot server rack), if cost is not going to be a huge issue.
I really appreciate all of your help, and again, I'm looking for specific hardware (model numbers, and URL's would be fantastic), so that I can compare.
I think this will meet most of your requirements except that it might be a little higher than your price range and would be barebones vs. built completely from scratch:
I have been using this system for almost two years now on a symmetric gigabit fiber connection and could not be happier. It's a very capable and flexible little box that has no trouble maxing out a gigabit connection even with IDS enabled. There are other Supermicro 1U systems as well (some a bit more powerful, some a bit less) that you can check out as comparisons.
stephenw10 Netgate Administrator
To get the best OpenVPN throughput you should look for a CPU with the highest single-thread performance.
@tman222 That does look like a great box, but it is a bit over what I'd like to spend.
Does anybody else have any recommendations? I'd really like to start ordering some parts soon, so I can begin building. I was hoping to get it up and running before Christmas, but also don't want to just rush anything.
Thank you for time!
I know this topic is a bit old, however I still have not made a decision on what I want to do. I've managed to continue to fund this upgrade and am hovering around $1000 to do the upgrade. The question now becomes, do I want to spend this much on a firewall that will still do what I need for it to do what I want for the next 5-7 years, or should I spend less money as it may be overkill?
Please reference my initial post in this thread on my specific requirements. After looking around, I am very highly considering just purchasing the official Netgate appliance the (XG-7100-1U). It looks like it would fit most of the criteria I want, and also provide future-proofing, so I wouldn't need to upgrade again for quite awhile.
I am looking for some feedback on this, and what others think about this decision. Should I just bite the bullet, or should I continue to look around and just build my own appliance. I just don't want to have to worry about any build upgrades with things not being compatible. It doesn't look like I would really need to buy anything else, or even upgrade outside of the standard supplied components that is included.
Any help or feedback would be appreciated.
Hi @Commander -
Here are a few more suggestions to help you with your decision. I think it is possible to build a quite a speedy system for around $500 - $700 that will pass gigabit and also meet the majority of your other requirements:
Obviously still need to add a hard drive and PSU, but with the i3 CPU this comes out to just over $400, and gives you 5x Intel network interfaces and a pretty highly clocked multi-core CPU.
Hope this helps.
Thank you so much for your recommendations @tman222, they are very much appreciated!
I have been debating between the XG-7100-1U, and the Supermicro SuperServer 5018D-FN8T Xeon Rackmount version. Both are about the same price, right around $1000. After careful consideration I have come to the conclusion that I'm going to just bite the bullet and go with the 5018D-FN8T. I'll be throwing in 8GB ECC memory and a 256GB M.2 Solid state drive. This seems to fit all of my needs, will allow me to max out my Gig connection, and the main reason is that if I decide against pfSense at any point in the future, I can use this hardware towards something else.
I will be placing my order in the next day or two, and finally transition my current config over to it. I wanted to thank everybody for their advise and feedback, it was very much appreciated. I'm hoping I won't run into any issues with the hardware, and that it will future-proof me for the next 5-7 years. If anybody has any thoughts, opinions or suggestions, they are always more then welcome.
Again, I appreciate the communities feedback, thank you!
Hi @Commander - I think you'll be quite happy with your choice. I have been running pfSense on this exact system for about two years now without any major issues -- this little box offers great performance. Let me know if you have any further questions regarding configuration or performance tweaking once you have got things setup. Hope this helps.
Hi @tman222 , I am planning to get a pair of SuperServer 5018D-FN8T to replace my 8860-HA cluster, an recommendation what type of 8GB ECC and 256GB M.2 is recommended?
The motherboard seems to be tested with 2400MHz Registered ECC, or should I get 2166Mhz ECC?
Any difference between registered ECC vs ECC memory ?
Which M.2 would you recommend:
NVMe (higher power usage)
SATA (lower power usage)
Hi @john9323 -
Here is a link to the memory kit I used when I put together my system a couple years ago (I think bought it directly from Crucial at the time):
Unless you are planning on using a large amount of memory in the systems (> 64GB) you wouldn't necessarily have to use to registered memory. However, I would recommend using ECC.
Regarding storage, I'm actually using a regular Samsung SATA III in my box since at the time M.2 drives weren't fully supported yet by pfSense yet. That being said, I recently put together another pfSense box where I used this line of Samsung OEM M.2 drives (price was pretty good too):
This box hasn't been in production all that long yet, but so far everything is working great and no issues with storage.
Hope this helps.
Thank you @tman222