pFsense Hardware purchase 2020
Looking for advise, I have planned to secure these components to setup pFsense for home, for basic use of firewall and vLan setup for my IOT device.
I am a newbie, this built is costing me 203$ is this worth a setup ?
What you going to put it in? I don't see a case listed.
Is a netgate sg1100 not an option - that is only $179.. Are they not available in your region?
What is your internet bandwidth?
@johnpoz My internet bandwidth is max 300mbps, sg1100 is not available in my region (India), however I can get it shipped with additional shipping which is costing the same 203$ + import charges am not aware of them, also " I'm not sure if it will really reach me, due to covid times and import charges are no shown in the invoice so that will be additional charge"
Case, I plan to keep it open, and later build a aluminium case, diy stuff.. to keep the form small .. Please advise if am making a sensible decision going with this approach ?
things I would use is ad blocking, all free pfsense , add-on, which am not sure if they will be available in SG1100 ..
Also keeping future view in consideration, internet speed are growing really fast, currently am using fibre connection .. but the rate are expensive with 1gb rate.. so waiting for price to come down..
While the sg1100 would work for 300mbps connection.. If you plan on going gig than prob not a good fit.
Build your own device is most likely going to use more power than appliance that is for sure - but a quick look to elect cost in India - seems quite cheap compared to here Chicagoland.. But its difficult to compare sometimes.. Without full understanding of the cost of living, average salaries.. any other costs that might come with what the actual rate for electric per kwh is.. I show sate supplied electric being only about 6 rupees per kwh.. That cheap when just converted to usd.. So the amount of power it draws might not be a concern for you.
There are many a DIYers around here - I would think someone with more info on what that cpu and board could handle will chime in.
While I use to build a lot of rigs back in the day.. I am more of a just buy an appliance sort of guy today.. They get the job done, they are power friendly, they look nice, they don't make any noise. And buying one supports the company that puts out pfsense.. And your sure there isn't going to be any surprises with pfsense running on it.. And netgate stands by them, if or when something might be wrong..
@johnpoz thank you, the electricity cost is about 6-7 ₹ that is correct, power draw for the CPU is about 35w TDP , in idle state it may be lesser.
Noise, is a concern so I am not using any enclosure, keeping them open.. its a not a pretty sight tough.
Still am not sure should I pull the trigger on this plan or take risk in shipping netgate...
That is just the cpu.. Power draw of the board, the fan, the disk (which you don't list either)
Power you need to add up the whole system - not just the cpu..
@johnpoz so you suggest not to build, due to power consumption being high building a custom pc as solution for pFsense ?
Depends if your ok with paying for the electric.. Your router is pretty much a 24/7/365 on device.
While you might save X amount of money building some box up front. What is going to be the total out of pocket cost say 5 years down the road?
And what the cost of electricity is for you..
Overbuilding a firewall/router might be great - but does it make sense to have a bunch of horsepower sitting there sucking electricity when you don't actually need it?
For example... Lets say an appliance that handles your internet, and does what you want that sucks say 10W cost you you 300.. But a diy box only cost 200, but it sucks 50W..
People forget this all the time..
So $300 for appliance using 10 watts or quite often less.. At 12 cents per kwh cost me after 5 years (300+$10x5) = 350 for 5 years of service.
A 200$ box but uses 50W = (200+$50x5) = 450 out of pocket after the 5 years..
Which one is the better deal? You see users all the time building rocket ships for their routers.. Its a router - it routes and firewalls. Does it need to be sucking 50W? 100W? Will you be leveraging the added performance said box might bring you?
They think DIY saves them a few bucks.. But not really.. Just like you see users buying old enterprise switches and other hardware they think that 24 port cisco switch is such a deal at $100.. But it sounds like a jet taking off, and is sucking 100W of juice while you have 3 devices plugged into..
We might of gotten a bit off topic.. That system your wanting to put together might be great, and cost is right. and maybe it can do 2GBps firewall throughput, etc.. I don't know - my point is that its not always about upfront cost. And over sizing is never going to be cost effective in the long run..
You see users all the time building rocket ships for their routers
Guilty. Very much wish I wasn't using a XG-1541 clone (exactly the same HW, just purchased from a SuperMicro reseller long before I started using pfsense).
Take @johnpoz advice on this one. It's not just the financial hit, consider that you are feeding the big carbon companies that are not your friend.
Buying a Netgate appliance has the advantage that before any pfsense version is released to the public it has been exhaustively tested on that exact HW. That has been said here before but deserves to be repeated.
An used dell/hp box might be a better option. It will cost a little more but you might get a more recent system.
Also, if you have a vlan capable switch an sff box might be better option. You can keep power consumption and space under control.
@jwj said in pFsense Hardware purchase 2020:
wish I wasn't using a XG-1541
Yeah that is a bit overkill for a home network.. Even my sg4860 is more than I need.. But is power consumption is low.. And I use all the interfaces..
Does your clone only use 20W idle like the appliance does?
If so that is not much for the power of such a box.. I would run that in my home network for sure.. The ability to do 10ge is nice for sure! And future proof for sure I would hope for any home network ;) you should get many many years out of that ..
You don't always need a porche to go to the grocery store - but it can be nice ;) heheh.. Maybe I worded that wrong a bit.. If your goal is cost, for example if your worried about cost no you wouldn't buy a porche.. But if you can afford it and don't care about what it cost - then yes they can be nice to have ;) And if you can use it - then why not. But no I wouldn't buy a porche for someone that is worried about cost, and only uses it to drive 1 mile down a residential street to visit their sick mother twice a week.. Unless your trying to show off for the neighbors ;) hehehe
@johnpoz Not entirely sure. I assume it's more than 20w though. It makes a good space heater ;)
I had a kill-a-watt on my rack for a while. About $20/month for the router, one switch (cisco sg-220-50p) with 3 APs being powered, synology 6 bay NAS, QNAP 4 bay NAS and cable modem all on an APS UPS. Power here is kinda expensive. Paying for Duke Energy to clean up their coal ash mess...
This is what I have:
From this place:
@johnpoz you have brought some valid points, that has convinced me to drop this project, rather join buy the appliance club :) thank you @johnpoz , you have also brought another interesting point where you touched upon the enterprise switch which is attractive to buy but only 3 devices connected hehe.
Since I am dropping the idea of going with the initial project of building pFsense firewall, I have now started looking for a switch to clean up the network traffic in my house by setting up some vLan, I have plans to buy this CISCO switch SG350 10P, this switch in my region cost 230$ what is your thought over this pick ?
My current setup is a ISP all in one router, switch, firewall, with fibre connection. I have a 4 channel POE switch which I bought to connect my surveillance IP camera, but only have 1 port used and 3 ports are not connected, which am not planning to use as network switch considering its 100mps switch an most of the time the switch is turned off, when am home... because the duty of the camera was to monitor my baby :) since covid times we all are home so have not put this to use.
Sorry I digressed, back to the switch topic, do I consider the SG350 managed switch or go with unmanaged switch - CISCO SG95-24-AS costing 120 dollars in my region .. Intention is to build a 10gig network and future proof. Please note I do not have any 10gig interface in any of my current device, even if I get NAS enabled with 10gig ethernet card, my mid 2012 macbook pro does not have 10gig :( so I will have the need for another computer in future to really experience and use 10gig connection, this is my background of system usage.
Since I am newbie, and know very little of networks, looking for some home networking advice :)
That said, I have trueNAS diy built, gigabyte Lan, its not a 10gig interface, it's turned on only when required while I do my backups and photo editing or its switched off most of the time -- I see you will counter me on the electricity consumption :) lesson learnt mate!
looking forward to hear from you on network switch advice..
@shyam-srinivasan That 350-10p is a good switch, I wouldn't do anything with that. Add a bigger non poe switch if you need the ports, the 24 (or is it 26...)port cisco 350 is a good value. @johnpoz posted the exact switch in another thread not long ago.
In my opinion, 10gb at home is a waste unless you have a specific need for that. If your a professional photographer with a large photo library on a 10gb capable NAS for example. Just my opinion. 10gb sure is sexy sounding and future proof if you have the coins to spend.
The power draw on that 10p isn't out of line.
@jwj thank you, I want to know I go with the 10port switch 350 managed or 24 port unmanaged - please note I do not have the switch yet, I am planning to make the jump in buying them.. since 10 ports sounds little but within my budget really, comparing my future upgrades, feeling will this fall short, but you have made another point that I could add more unmanaged switch to equation - learning everyday thank you.. that is what is going on my mind currently..
Before I pull the trigger, I wanted some expert advise.. thank you!
@shyam-srinivasan Not unmanged, but a managed non poe switch. You'd have to have a bunch of APs and Camera's to need more POE ports, but you want a managed switch to do your vlans.
@jwj yes, thank you.. since I have all in one ISP router performing switch, firewall, router duties.. I am going to take off the switch load for now as first step, so I clean up network, so I do not see buffering videos / low quality videos streams.
I decided to go with CISCO brand was not sure if I go with 350 P with POE option or managed CISCO switch without POE and more ports..
@shyam-srinivasan If you don't have the need for POE than, yeah, don't get a POE switch. If you might have one or two AP's at some point in the future you can just use injectors. As with the other stuff it all sounds very professional and future proof until you realize that that big POE switch has 4 loud fans in it. That 350-10p is fan less and will power POE(+) devices if you have the need. I would never recommend a 10 port switch as your only switch. Think about how many ports you will use right now and than get more than that. If 8 port is what you need now, get a 16 port. Like that.
A switch is a long term buy. A good switch (doesn't have to be expensive) will last a long time. Make sure you have good air circulation so it doesn't overheat is important. Most switches that die early are from heat. That's why enterprise switches have many loud fans. You can shove those in a rack and forget about them. Too loud for most home applications.
@jwj I agree, 10 ports will fall short pretty soon, reason, considering my current set of devices, 1) Rasberry pie for home assistant 2) Mac mini 3) NAS 4) MacBook Pro 5) future 2-3 IP cameras 6) AP at least 2 of them .. that sum's to a total of 12 ports so 16 ports sounds ideal choice, but budget is something I need to see :( how deep will it my pocket :) for 16 port CICSO POE switch..
SG350 10P, this switch in my region cost 230$ what is your thought over this pick ?
That is a fantastic choice to be honest.. Do you want/need the POE - that does raise the price.. And unless you have need of it, the non poe would be a cheaper option.
I have a sg300-28 and a sg300-10, and for sure when they are eol, few more years.. I will prob go with 350.. Unless there is something newer on the market, etc.
I don't have a problem with end of sale devices - as long as they still have support for the length of time I plan on using them.
As others have touched on - always get more ports then you currently need.. Because they will fill up fast ;) heheh I thought I would never use up the 28 port model.. I have like 2 ports open currently..
@shyam-srinivasan You can always get a nice non poe switch now 16 or 24 ports. Than add a small POE switch later if that spreads the cost out better and matches your upgrade plan. Sometimes that works out very well as you can run one Ethernet drop to a poe switch in the attic (or crawl space) and than power your AP and surveillance cameras from there. Spend the time and plan this out, step by step. The gear will be there when you're set. No rush to spend the money and wish you had done something different later. Deep Breath :)
@jwj Any recommendation on the switches please, 2 options ? considering L2/L3 feature.
Yes agree with this approach, going with the non POE switch , later add as need arises, that will save couple of 100 $$ thank you
@shyam-srinivasan I have a cisco. It's a good switch. Certainly not the least expensive option. If your lucky you can find great deals used. Failed startups will sell off newish gear all the time. Stay away from enterprise stuff.
TP-Link has a bad reputation. Cheap and not very cheerful.
This is a nice switch:
This isn't much help outside of the US, but:
Some like Netgear. I have no experience so I'll not say more than that. Some like Unifi from Ubiquiti. I dislike Ubiquiti! You'll get a lot of different recommendations from different people...
@jwj said in pFsense Hardware purchase 2020:
I like this recommendation it also support 10Gig, many thanks, I will start looking out for this - in my region on Amazon 267$
I will look for any used for this model, and see if I am lucky ..
@shyam-srinivasan Not sure about the 10gb. 10gb fiber uplink on the combo ports maybe, I'd have to look. Ok, just looked. SFP not SFP+ so no 10gb.
@jwj :( thought for a moment I had everything I needed , ok I will have to further look to pick a model that support 10gig just in case if I decide to connect my NAS on 10gig, in future, if the price goes over the budge then I will roll back to this switch as plan A.
@shyam-srinivasan What are doing with your NAS that would need a 10gb connection? Do you have any "client" devices (Your PC) that have a 10gb nic? I can stream HD video from my NAS to 3 devices (3 people watching HD movies from plex) on a gig connection with no issues. 10gb is a LOT of bandwidth...
Your going to have to splash a lot of coin on a 10gb switch.
Edited to add: anything other than a high end NAS filled with fast SSD's isn't going be able to pull the data off the disks fast enough to need a 10gb connection.
@jwj In my previous comment I stated, I do not have any device with 10gig interface yet, but was only considering future proof, since lots of coins are going out of my pocket for very limited use and as you pointed out 1gig is quit adequate for home use for streaming, I will stick with your first recommendation and look for CISCO SG350-28 switch, see if I get lucky finding a used one..
I use my NAS for network photo editing - as primary use, not using as Plex - but in future when I have the firewall in place have plans to host for sharing photos with family members ..
@shyam-srinivasan OK. If I had a 500,000 photo library on my NAS and wanted to access it with lightroom (local catalog, of course), yeah, 10gb makes sense. You'd need it on both your NAS and PC. That is one case were 10gb can be justified.
What I do is I keep my current project(s) local on my MAC and edit from there. Move things in and out as needed. Lightroom, Capture One handle the idea of "offline" images very well. But, yeah, 10gb for that is nice. Do you have fast storage in your NAS? SSD?
@jwj NAS storage not SSD , SSD turned out to be expensive for 3TB.
QQ, I see to options on amazon for new switches.
- CISCO SG350-28-K9 28-Port Gigabit Managed Switch
24x GbE (1000Base-T) | 4x SFP | Managed, VLAN-fähig, Rackmount
Internes Netzteil | Device Type:-Switch - 28 ports - L3 - Managed
Enclosure Type:- Rack-mountable 1U | Subtype:- Gigabit Ethernet
Performance:- Switching capacity: 56 Gbps | Voltage Required :-AC 120/230 V (50/60 Hz)
Ports:- 24 x 10/100/1000 + 2 x Gigabit SFP + 2 x combo Gigabit SFP
2)Cisco SG350-28 28-Port Managed Switch
24 x 10/100/1000 Gigabit Ethernet ports for cost effective connectivity with desktop computers
2 x Gigabit Ethernet combo + 2 SFP for higher bandwidth connection
Ease of use with Web UI, CLI, Smart Network Application and Cisco FindIT Network Manager
Are there two models in this category ?? if so I am not seeing what's the difference between them and the price for option 2) is lesser by 10$
- CISCO SG350-28-K9 28-Port Gigabit Managed Switch
@shyam-srinivasan Not that I'm aware of. Could be different regions? Amazon can be bad about things like that. Are any of those authorized Cisco resellers? If you get something that dies in a few months that matters.
@shyam-srinivasan Oh Yes. SSD's are crazy expensive relative to HDD. I have 24TB (6x4) in my NAS at the moment. I don't want to know what it would cost to have that much storage SSD's.
@jwj no they are not cisco authorised sellers, I will look off amazon for CISCO dealers in my region and buy direct that would help cover any service and warranty.. so there is only one model and not two - not sure why amazon is showing two kinds though ??
with regards to SSD staying away to put my coins for better use .. thank you for today's discussion, its 2:45am here.. will crash and catch up tomorrow ..
@shyam-srinivasan Sleep well.
@jwj @johnpoz I have found a cafe shutting down and want to sell off their equipment sg300-28-POE-port-gigabit-managed-switch, asking price is about 200$ Question is the power draw, as compared with - CISCO SG350-28-K9 , am what to do ? any advise on this switch ?
As compared with CISCO SG350-28-K9 (174$), which is seems to be latest and with intelligent power save mode option, but with non POE -
for about 26$ less am getting new but not POE, let me know .. which one would be a better pick ..
Offer them $150...
Based on what you have said, I would go with a 350-28 if you can find one for a good price.
You could also see what MikroTik offers that appeals to you and what availability is like for you...
@jwj you are suggesting to with POE option SG300 instead of SG350 managed switch non POE version .. ??
since my update there are few new updates..
I was able to find a CICSO dealer who is selling new SG350 managed switch 28 port non POE version for 175$
and the used version of SG300 28 port POE for 202$ ... do I still choose the POE version of SG300 over SG350 managed switch non POE version ?
For my home use i have a few prioritizes req's.
1: Fanless (or super silent fan)
3: Fairly low power unit (as it will be on 24/7/365)
Have you checkked 1 & 3 against a 24+ port PoE switch ?
I can easily pay $100 more for a low power unit , it will often earn it self in saved electricity ..
During the time i use it.
@shyam-srinivasan I'd get the SG350... As you have said POE is something you will add in the future. Get a nice "core" switch and then add a small POE switch (or just use injectors) later as you expand your network with POE powered Access Points and Cameras. Just my $0.02 worth.
As @bingo600 says, a 24 port POE switch is going to have fans, most likely loud fans.
So, nice switch, quiet and power efficient switch. Get more ports than you think you will need. A long term purchase.
Then either figure out your pfsense build or a Netgate Appliance.
After that if you want nice AP's you just add in a small POE (say 8 port) switch to power those devices and budget it together.
You may have said this and I missed it, what do you have now?
@bingo600 you recommendation to go with non POE version if I have understood the comments correct ?