Replacing current pfsense box

quincer

Hi everyone, I'm hoping to get some input and suggestions.
Currently I have 1 gig internet connection on a Intel(R) Celeron(R) CPU J1800 (Speeds are ok, but I think the realtek and the cpu are my week points), and I'm looking to upgrade the box.

I was thinking something of -
ASRock Z390M-ITX/ac LGA 1151
+
i3-9100(f).

The push for the upgrade is because I was hoping to get openvpn installed, start partitioning out my network to more vlans, properly setup snort, and pfblock.
the 9100 is hard to find but the 9100f seems plentiful (but no graphics onboard).
I wanted the motherboard so I could repurpose some ddr4 memory and a m.2 ssd.

Anyone moving toward something similar?

akuma1x

Does that ASRock board have any built-in NICs on it? If so, what are they, do you know?

Jeff

stephenw10

Yes, 2, Intel.

 1 x Giga PHY Intel® I219V, 1 x GigaLAN Intel® I211AT

Which will work great.

If they do one without the WIFI on board you should get that though as it isn't supported.

Steve

quincer

Hi and thank you for the responses!

The asrock board I was looking to buy (Z390M-ITX/ac) does indeed have 2 intel nic's which was another reason why I was attracted to this board (That and it's mitx factor and a full pci-e x16 slot). The wifi I plan to disable, the pci-e slot is open for future expansion.

The cpu is what I was wondering, I can't seem to find a i3-9100 in stock, and all I see available is the i3-9100f (no integrated graphics).

If there are any other suggestions of a similar type of build, I'm also open to suggestions!

Thanks again!

stephenw10

Well you don't need graphics on your firewall! Usually that saves you a few Watts. The only issue is some boards require the graphics hardware to boot but that CPU is shown in the compatibility list so is presumably fine.

Steve

james211

@quincer Did you build this out?

quincer

@james211
I actually have not yet. The motherboard seems to pop in and out of stock @ about $134, the cpu is about $80 -90, ram is about $60? Its a good price still, and would carry through pretty sure quite a while.

I currently run a J1800 and a addon Intel dual nic x1 which has 0 issues (except for not able to achieve full bandwidth on pcie x1), so I've been putting the money towards infrastructure stuff (Namely ubiquiti).

It's still on my buy list, but the i3-10100 and 400 series chipset is announced so that's another possibility.

james211

@quincer I've not built one of these before, still trying to figure out what direction to go, and if this is the right answer for me.

quincer

@james211 It's not much different than building a computer, just need to understand what your needs are and people here are great at helping you choose the correct setup. you can always also buy a prebuilt box from netgate that includes everything (even support if you choose) if you don't want to deal with all of it (again, similar with building your own computer).

I have extra parts and have been building my own systems for a while. I forgot I had ram/storage/nic's for the above build so those are extra costs if you don't have those. I wanted mine to do this -

Be able to support 1G Internet connection.
Be able to do Snort and pfblock (currently I have these running)
Be able to host openvpn.
Last a while before I think about having to upgrade.

For reference I am currently using thing I bought in 2015- https://www.newegg.com/foxconn-d180s-mini-itx/p/N82E16813186242?Item=N82E16813186242 + a dual nic (realtek that is built in is pretty bad.)

provels

If virtualization is an option, I'd consider that and a multi-port NIC.