Hardware recomendations
-
Hi there, searched through the forum but found nothing. Hope this question will be answered. Wanted to buy SG-5100 but the price here in Poland is 1k+
So decided to google what could be a reasonable substitute for SG-5100.
I found SYS-E300-9A-4C which looks almost the same. Will I be able to install pfSense on SYS-E300-9A-4C and will it manage to cover the functionality of SG-5100? Also, there is only one NIC on board with 4 ports, is it possible to use one of them for WAN and the rest of them for LAN?Thanks for any help. I'm a newbie in the world of PfSense.
-
Forgot to mention.
I will be using VLANs, OpenVPN client, and the OpenVPN server. Probably something else from the available packages like IPS/IDS/DPI. -
It should work fine. I'm pretty sure there are some other threads about that system here, you should read those first.
Those are discrete interfaces you can use them however you wish.
I would not anticipate any issues with anything you have mentioned.
Steve
-
@stephenw10
Thank you for a quick reply and sorry if I missed an existing thread on the forum. I was trying to find info exactly about this server SYS-E300-9A-4C -
Now I'm stuck choosing between
SuperServer E300-9D and SuperServer E300-9A-4C
Searched through the forum if there are any issues regarding this SYS-E300-9D server were reported, but found nothing. Hopefully, someone who is experienced could tell me if it is also ok, if yes will try to decide which one to choose.
Thank you in advance. -
I would expect both to work fine. They are very different systems though. The 9D is a far more powerful device in both senses of the word.
What sort of bandwidth do you have there?Steve
-
@stephenw10
At the moment 500Mps download and 50Mbps upload without VPN. Previously I was using Netgear XR500 under dd-wrt with the OpenVPN client and the speed was terrible, that is why I started to look for something else. Unifi looks cool but the functionality of their gateways is far from 2021(have switches and APs from Unifi). -
Both are fine even to me. If they run in a quiet environment (i.e. not in a dedicated room) consider the noise aspect. I had to replace all fans with noctuas in order to be compliant with my environment requirements.
-
@psp
Thank you for your reply. Noice is not an issue for me as everything is in the attic at the moment, but want to move everything in the garage under the house because it could be quite hot in the attic during summertime. -
The OpenVPN performance will be much better on the 9D. You will hit a limit on the C3558 at less that 500Mbps over OpenVPN as it's single threaded.
Both will easily carry 500Mbps just firewall & NAT.Steve
-
@stephenw10 could you elaborate more on this, what max speed over OpenVPN could be handled by C3558 approximately?
Encryption Cipher: AES-256-CBC
Hash Algorithm: SHA-512 -
found this nice review of SG-5100 speed over VPN with different ciphers.
Looks like the answer to my last question is ~200Mbps
While my intel nuc with i5-4250U CPU manages ~285Mbps
That is strange indeed.
I guess IKEv2/IPSec should be faster -
Yes, IPSec is faster as is WireGuard. Bother are less flexible that OpenVPN but if you have a sute-to-site tunnel that doesn't matter too much.
Steve
-
Small update. I decided to buy this 5019S-L
and Intel Xeon Processor E3-1220V6
It is not as expensive as mentioned earlier products, but more powerful :) -
-
Small update. Bought 5019C-FL, installed xcp-ng, and pfsense. Having pfBlockerNg, nordvpn for some vlans and VPN server. Everything runs as expected. I'm overexcited with pfSense after dd-wrt:)