Returning user needs a new pfSense box!



  • Hello!

    It's been a while since I stop using pfSense. Back in the day I got it installed on a Mac mini but in 2016 sold it and went back to the dark side. Anyway I'm looking to buy a new box!

    My hardware needs will be:

    • Route a 500/500 fiber connection but to make it future-proof ideally I want the full gigabit.
    • Low power
    • Very Low noise or fan-less
    • Enough to have WAN/LAN and an OPT1 interfaces

    On the software side:

    • Handle the web ui of pfSense with ease, quick menus, fast loading, etc
    • pfBlockerNG
    • Future-proof for new pfSense versions (AES-NI support)

    Budget

    • Ideally around 150-250€

    I've been looking around to buy a Netgate hardware but I'm living in Spain and the resellers' website I checked they don't offer the lower-tier models or they are at super expensive prices.

    Options I guess they could work are these Mini-Pc with different CPUs like Atom E3845 or 3865U. I'm a bit lost here on what would be best but I believe all of these should have plenty of power for my needs.

    Is there any more options I'm missing? Any recommendations?

    Thanks a lot!


  • Netgate Administrator

    The SG-5100 meets that.
    The SG-3100 meets that at 500Mbps an comes very close to full Gigabit.
    Not for €250 though. 😉

    Steve



  • @stephenw10 thanks a lot for your reply! I've checked but both of these go way too much over my budget, sadly. Just as a constructive critique would be great to get a performance chart on the Netgate shop for each device, like the max routing speed, the OpenVPN speeds, adding Suricata, etc. I think that could make people's life easier when trying to pick a device right for them

    Anyway! I found 2 boxes that seems to be quite interesting and I was wondering what do you people think about it based on my needs? I'm not entirely sure which one I should pick up:

    Qotom Q355G4:

    • Intel Core i5-5200U Processor, dual core,3M Cache,2.2GHz up to 2.7GHz, Intel HD Graphics 5500.
    • 4 LAN Ports
    • 4GB RAM
    • 32GB SSD
      %(#12C402)[Price 237€] including shipping

    or

    Qotom Q530G6:

    • Q530G6:Intel 6th Gen Core i3-6100U Skylake Dual Core, 3 M Cache, 2,3 GHz.HD Intel® 520
    • 6 LAN Ports
    • 4GB] RAM
    • 32GB SSD
      %(#12C402)[Price 226€] including shipping

    Looking at the ark.intel.com comparison (see https://ark.intel.com/content/www/us/en/ark/compare.html?productIds=88180,85212) the i3 is newer and got more memory bandwidth as it uses DDR4 so looks like the better choice... or am I getting blind by numbers and should consider something else?


  • Netgate Administrator

    Mmm, I can't really advise you there. 😉

    Qotom have long been in our bad books for trademark abuse.

    Steve



  • @stephenw10 oh wow, why is that?


  • Netgate Administrator

    Why did they abuse our trademark? To sell more hardware without contributing in any way to the project I would guess.

    I can't advise you to buy from them as it directly conflicts with Netgate's interests and they pay me so I can eat! ☺

    I rather see you buy a second hand Watchguard box really. But I have weakness in that area. 😉

    I'm sure someone else can let you know if either of those would be suitable, there are many people running them.

    Steve



  • @stephenw10 oh I didn't know, I don't feel comfortable buying from such a company now. Will see what else is around, thanks!



  • @stephenw10 that being said, if I would be interested in the SG-3100 where I could get numbers regarding routing speeds without anything installed, with OpenVPN, with Suricata, etc, etc?


  • Netgate Administrator

    On the SG-3100 I have here which is configure in quite a complex way I see close to Gigabit with firewall+NAT using iperf3. >900Mbps. ~100Mbps OpenVPN and ~300Mbps IPSec using AES-128+SHA1.
    Numbers can vary wildly using Snort/Suricata depending on what rules you have loaded and the detection tuning. However with a fairly default Suricata install on WAN I see 750-800Mbps.

    Those are all tests with iperf3 so TCP with 1500B packets.

    Steve



  • @stephenw10 Thanks a lot!



  • @stephenw10 so I really wanted to buy Netgate product but the price in Spain is just insane honestly. Got a quote from one of the resellers: 500€ + Shipping (around 520€) for the SG-3100

    That's more or less around 600$ for a product that costs 349$ in the official online store.

    I will really need to look up for other options sadly :(


  • Netgate Administrator

    Well we appreciate you trying to go that route even if it eventually proved impossible.

    Steve



  • @bluepr0 said in Returning user needs a new pfSense box!:

    Got a quote from one of the resellers: 500€ + Shipping (around 520€) for the SG-3100

    Don't know where you looked ... but since we're all EU you could easily order from https://www.voleatech.de/de/produkt/sg-3100/ for:
    € 415,31 (€ 349,00 excl. 19% VAT)
    Shipping to Spain shouldn't add too much to that, € 20 - 30 maybe, unless you need UPS Express morning delivery.

    If you (your company) has a valid EU-VAT-ID you get it for € 349,00 + s&h which seems fair.



  • @jahonix thanks for the info! That's WAY more reasonable... I'm looking at virtualization now so might put this on hold for now.


  • LAYER 8 Rebel Alliance

    I can also recommend voleatech, ordered 8 Netgate devices so far (more coming soon) and everything was smooth.

    -Rico



  • Hello!

    I thought I should update this thread on what I've finally settled after trying a few different routes.

    • First I tried to go the official way, which ended up being super expensive if you live in Spain. There's some more accesible options on Germany through Voleatech but still quite a bit with the power you get. Don't get me wrong, this would be the perfect option if this was a mission critical equipment, but this is just for my home network.

    • Then I tried going the virtualisation route but I found some problems and/or limitations with KVM when trying to route gigabit speeds. I'm currently on 500/500 but pretty sure in a few years from now we will have 1000/1000 as my ISP has been almost duplicating speed between 2-3 years. Not so future-proof. Also was a bit of a pain in the ass if I had to do stuff on the server that my internet will be also off.

    • And finally arrived to what I think it will be the perfect solution, yes you guessed it: bare-metal installation. I had lying around a cheap PC I built last year for my crypto miner project: Asus prime z270-p + Intel G4400 + 4gb RAM (that was around 160€ new). I'm going to add a SF450 PSU, SSD next week but already got the Intel i350-t4. Power consumption currently is around 28w on idle and 35 when routing gigabit with ntop, suricata, pfBlockerNG and a few more). Should be a bit less when I receive the SSD, currently is on HDD.

    Hope this could be helpful for someone else looking at build its own pfSense box. I will update with final numbers once I've all in place. Maybe even some pics!

    Thanks :)


Log in to reply