Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Homeserver for PFsense, maybe NAS and probably some database

    Hardware
    2
    2
    624
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      blank
      last edited by

      Hi,

      ​

      I have UniFi and I am pretty happy about it,unfortanately I also use port forwarding for a few services I host, like MQTT, Home Assistant, OpenVPN etc. and I see a few thousands attacks/attempts per day.

      I wan't that number down (blocked on the Firewall level, and not on application level (guessing a wrong password etc.), 70% of them is coming from Russia and China, and about 20% from the U.S (I live in the EU)So here UniFi doesn't really fit my needs, as IDS/IPS decreases the speed to about 80mbps while my ISP provides 500/500 Mbps,so, PFsense is now on my roadmap, with Suricata/Snort and PFBlocker.

      Well, the SG-3100 is about 600$ and the SG-5100 is about 1200$ here, and that is waaay to much for a home firewall if you ask me.

      And I am not even sure either of those will fit my needs, as it's pretty difficult to really understand the CPU power used for IDS, PFblocker and if OpenVPN is enabled also etc.

      I have several VLAN's running.1 for CCTV1 for management1 for IOT with local API's for my Home Assistant1 for IOT which is cloud only1 for users1 for guests.

      not sure if the amount of VLAN's in use, will use more CPU power for the IDS, but I guess so.

      My thoughts are
      Option 1:buy a Atom motherboard and install 2 network cards and install PFsense on it, that's it. done.I guess the pros and cons would look something like this:

      Pros Cons
      Power consumption Will only run PFsense
      Price Not a lot of upgradeability
      May not age well, gigabit internet is closing in, 10gbps local networks is starting to become affordable.

      Option 2: Is a bit different.I use a Raspberry PI for my home control software (Home Assistant), I don't wan't to have to much running on it, so the database is run from a NUC, along with SIEM, Log analyzer etc.I also have a DS1511 NAS, with 10 drives and about 20TB hdd capacity (it's 8 years old)

      So I am also considering a Xeon D/E processor and motherboard (Or maybe even Ryzen), and run XCP-NG on it and then virtualize PFsense, freenas and maybe even repurpose my NUC for Home Assistant or something (I love my RPi's, but I hate that I am relying on an SD card to whether or not the Alarm is running or maybe even worse, if we can turn on the lights :D )

      Pros Cons
      Decent upgradability Power consumption
      Some Xeon motherboards have on board 10Gbps network card as default Price
      Flexibility

      There may be a 3'rd or 4'th option, and I would appreciate if any of you could chime in.

      If going for Xeon, does any Xeon processor exist, which is "low power" while still powerfull enough for PFsense with lot's of features enabled and also running Freenas and probably other stuff.

      1 Reply Last reply Reply Quote 0
      • G
        gcu_greyarea
        last edited by

        Have a look here for Xeon D based systems....

        https://tinkertry.com/

        If that’s too expensive I’d recommend a used Dell Optiplex 9020 Small Form Factor (SFF) with an Intel 4770 or 4790 CPU.... you can get up to 32GB of RAM.

        I use this system with a fake Intel 350 4 Port Nic in one PCI slot. The other PCI slot holds a PCI Express Adapter for a NVME SSD. I boot Esxi off a USB thumb drive.

        Cant say if it’ll meet your performance requirements, but its a good value system.
        You’ll have a 3.5” slot for a high capacity HDD ...( no drive redundancy )

        1 Reply Last reply Reply Quote 0
        • First post
          Last post