Hardware recommendations

pmadem

Hi

I have a Intel 10th gen i7 NUC with proxmox up and running . I wanted to know which of the following two are recommended for a newbie setting up pfsense for first time

1. Create a VM with pfsense
2. Running pfsense on dedicated hardware like SG-1100/2100/3100

Appreciate any feedback . Thanks !

DaddyGo

@pmadem said in Hardware recommendations:

I wanted to know which of the following two are recommended for a newbie

Hi,

I don't know about Intel NUC with at least dual NICs...?
(f.e. in case WAN / LAN default interfaces)
It has a wired port and - a WiFi option in it, correct me if i know wrong.

I wouldn't use wireless stuff in more serious NGFW installations for key interfaces, only for WLAN maximum.

The answer is clear, anyway:

Running pfsense on dedicated hardware like SG-1100/2100/3100

NOCling

First try and first play, use a VM and go for a Setup and try some Rules, Packages, etc.

For a real Setup and produtic using, ip prefered the hardware appliance.

Personally, I'm a fan of appliances and I use an SG-3100 and an SG-1100 remote on my parents' house to use a nice S2S IPSec tunnel for NAS backups.

akuma1x

@pmadem You can try it, but you're going to have to run VLAN's if there's only 1 network port on that NUC. Do you have a smart/managed switch that can also run VLAN's?

https://www.youtube.com/watch?v=z59_MWWPL-Q

Jeff

netblues

@akuma1x Depends on your speed needs.
nucs use realtek nic and is fine for speeds up to 300mbi.
Anything above that is problematic

pmadem

Thanks All . I have Google wifi with mesh network . I believe if I had to use the dedicated hardware such as SG 1100/SG 2100 I will have to disable the mesh and configure the google wifi as bridge ,right ? Are there any options wher I can use the mesh network and also a dedicatted hardware such as SG 1100 to run pfsense ?

@NOCling : Great idea to use for secure NAS backups

@akuma1x : No ,I do not have a smart/managed switch that can run VLANS

akuma1x

@pmadem How many physical network ports does your NUC have? If only 1, I'm almost positive that you still have to run a smart/managed switch to make this work, VM virtualized or not.

Jeff

DaddyGo

@netblues said in Hardware recommendations:

nucs use realtek nic and is fine for speeds up to 300mbi.

I would be surprised, if it were a Realtek part in a factory Intel product.

netblues

@DaddyGo Original nuc's by intel utilize realtec single port gigabit ethernet adapters

Confirmed in many occasions

DaddyGo

@netblues said in Hardware recommendations:

Original nuc's by intel utilize realtec single port gigabit ethernet adapters
Confirmed in many occasions

????????

You're just kidding me, aren't you?
That would be a terrible thing for Intel, I think you could see some fake Chinese NUC.
Fortunately, I have already worked and are still using NUCs in our installations for thin clients.

I can help you learn more about what is in NUC as PHY:

Intel i219-V and wireless AC-8265
(Believe me in all Intel NUCs, that's right -
possibly - i211)

btw:
Realtek, spelled correctly, not with "c"
https://www.realtek.com/en/

netblues

@DaddyGo Maybe on the bigger models...
We are talking about original sealed boxes, bought through official distributors.
Here you go

lspci
00:00.0 Host bridge: Intel Corporation Atom/Celeron/Pentium Processor x5-E8000/J3xxx/N3xxx Series SoC Transaction Register (rev 35)
00:02.0 VGA compatible controller: Intel Corporation Atom/Celeron/Pentium Processor x5-E8000/J3xxx/N3xxx Integrated Graphics Controller (rev 35)
00:10.0 SD Host controller: Intel Corporation Atom/Celeron/Pentium Processor x5-E8000/J3xxx/N3xxx Series MMC Controller (rev 35)
00:13.0 SATA controller: Intel Corporation Atom/Celeron/Pentium Processor x5-E8000/J3xxx/N3xxx Series SATA Controller (rev 35)
00:14.0 USB controller: Intel Corporation Atom/Celeron/Pentium Processor x5-E8000/J3xxx/N3xxx Series USB xHCI Controller (rev 35)
00:1a.0 Encryption controller: Intel Corporation Atom/Celeron/Pentium Processor x5-E8000/J3xxx/N3xxx Series Trusted Execution Engine (rev 35)
00:1b.0 Audio device: Intel Corporation Atom/Celeron/Pentium Processor x5-E8000/J3xxx/N3xxx Series High Definition Audio Controller (rev 35)
00:1c.0 PCI bridge: Intel Corporation Atom/Celeron/Pentium Processor x5-E8000/J3xxx/N3xxx Series PCI Express Port #1 (rev 35)
00:1c.1 PCI bridge: Intel Corporation Atom/Celeron/Pentium Processor x5-E8000/J3xxx/N3xxx Series PCI Express Port #2 (rev 35)
00:1c.3 PCI bridge: Intel Corporation Atom/Celeron/Pentium Processor x5-E8000/J3xxx/N3xxx Series PCI Express Port #4 (rev 35)
00:1f.0 ISA bridge: Intel Corporation Atom/Celeron/Pentium Processor x5-E8000/J3xxx/N3xxx Series PCU (rev 35)
00:1f.3 SMBus: Intel Corporation Atom/Celeron/Pentium Processor x5-E8000/J3xxx/N3xxx SMBus Controller (rev 35)
01:00.0 Unassigned class [ff00]: Realtek Semiconductor Co., Ltd. RTS522A PCI Express Card Reader (rev 01)
02:00.0 Network controller: Intel Corporation Wireless 3160 (rev 83)
03:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 15)

DaddyGo

@netblues said in Hardware recommendations:

Here you go

This HW, now you are presenting just a toy box, sorry...
(and a fairly old edition)

You are not reading the OP's message properly

@pmadem "I have a Intel 10th gen i7 NUC with proxmox up and running ."

well it's no longer a "toy" box, ergo Intel PHY should be in it

++++edit:
The quality of Realtek used to be acceptable, but today they do terrible things, pls. forget it...

netblues

What I said is that some original nuc's come with realtek lan adapters. This is a fact.
One should check to see what's inside.
Since Intel does it, it needs to be verified.
As for realtek lan and freebsd issues, its a well known issue.

DaddyGo

@netblues

Fact...
have a nice weekend

+++edit:
Correctly, Realtek PHY, because the acronym "LAN" can be misleading, as it provides poor performance on any interface

f.e.: WAN, LAN, OPT1, OPT2, etc. - or whatever you want WLAN, DMZ, IoT..........

And it's not just in FreeBSD, pls. avoid Realtek chip-based NICs everywhere

tman222

I've got one of these sitting in a spare parts bin somewhere - was a great little box (until its purpose was replaced by a VM), but the Realtek NIC was a bit of a sore spot (look under I/O Specifications):

https://www.intel.com/content/www/us/en/products/boards-kits/nuc/kits/nuc7pjyh.html

DaddyGo

@tman222 said in Hardware recommendations:

was a great little box

Yes I like NUCs, but we're talking about Intel Core i .... platform (10Gen)

Not about the cheap version, which is Intel Pentium Silver Processor Series and moreover Q4'17

but I think the our opinion about Realtek - doesn't change from that yet

BTW:
the OP clearly described what kind of NUC it had - - Realtek PHY is definitely not there

pmadem

@akuma1x Yes , I only have one LAN port on the NUC

pmadem

Here's a link to check the specifications for the NUC that I have :

https://ark.intel.com/content/www/us/en/ark/products/188811/intel-nuc-10-performance-kit-nuc10i7fnh.html

Integrated LAN Intel Ethernet Connection I219-V

akuma1x

@pmadem The Intel i219-V is reported to work just fine with pfsense, and I'm assuming FreeBSD. But, since it's got only 1 single network port, you're still going to need a smart/managed switch to make this project work.

Jeff

pmadem

@akuma1x Thanks Jeff ! I m trying to find a good managed switch . Do you have any recommendations ?