Questions about my ideal setup

JKnott

@jt40 said in Questions about my ideal setup:

Did you enable all the security features? On the paper, that traffic can be handled by the Netgate 2100

What security features are available on Netgate gear that's not on pfsense running on generic computers? How much is the 2100? Netgate gear that was comparable price to my Qotom was definitely on the inadequate side.

JKnott

@jt40 said in Questions about my ideal setup:

Awesome point, I never thought about it :D

Having installed LAN cabling in many offices and other locations, including for APs and cameras, that's something I don't forget. In fact, that's one thing I check before buying my APs. No PoE, no sale.

JKnott

@sergei_shablovsky said in Questions about my ideal setup:

Do You Apple-centered user

If he is, he's not worried about cost.

Sergei_Shablovsky

@jknott said in Questions about my ideal setup:

@sergei_shablovsky said in Questions about my ideal setup:

Do You Apple-centered user

If he is, he's not worried about cost.

Topic starter wrote I need to spent tons of money for this setup, but I know how mileage may be differ...

JT40

@sergei_shablovsky Thanks to you and @AndyRH
I don't have such spare hardware for now, I should buy it.
The market of used goods is more expensive nowadays, but also previously, I don't think that you could get such a good hardware for that sum, maybe an i3 of 2010? Quite old ah? :D
For learning purpose is a great idea, but I like to leverage my incompetence and play with the fire :D

JT40

@stephenw10 said in Questions about my ideal setup:

Yeah, we need more details to be able to recommend hardware:

What is your WAN bandwidth? Will that be increasing?

You mention power consumption being an issue, do you have any sort of figure in mind?

Are you going to be running VPNs? What bandwidth do you need across them?

Steve

WAN will be 1 Gbit in 1y maybe, with 300 Mbit upload if I'm lucky I guess.
When am I gonna NEED this bandwidht? Well, almost never, so it's not my concern. I'm ok with 200 Mbit for the next 10y, shall we bet on it? :D
I'm already fine with 60 Mbit...

Power consuption seems high if it's beyond 15W/h...
But to be honest, if I get a great level of protection, I'm willing to reach 30 W/h without crying.
It assumes that during the night and low demands, the consumption will be much less than 30 W/h.

VPN should be fine, I don't have much demands from it. Definetly not more than 20 Mbit...

JT40

@jknott said in Questions about my ideal setup:

How much is the 2100?

Sorry I didn't get you.

My question was posed to understand how did you make your benchmark, did you enable any plugin?
Did you test the L2 switching bandwidht? Or WAN bandwidht?
Absurd number of ACLs etc? Something else I should be aware of? I just need to get an idea of what that HW is capable of, but I need to know your details to compare.

JT40

@sergei_shablovsky said in Questions about my ideal setup:

@jt40
Do You Apple-centered user, or just have a lot of different home devices from different brands?

You wrote about VMs, so how much servers You have and what You need for them? (bandwidth, speed, latency, etc...)?

Ahahah, naaaaaa, budget wise I KNEW that I needed to spend a lot of money, but I'm trying to avoid a loan :D .
It doesn't seem right to spent 1k on my network infra, my badass gaming videocard costed much less :D , just to give you an idea.
Obviously I recognize the importance from the security perspective.

I'll have 2-3 phones, printer (stand-by 364/365), 2 VMs in the same time (+ some container in the future) + the host, 2 laptops, maybe IPTV if I succeed with the firewall setup, all in the same time.
This could be the common situation, but it doesn't mean that these devices will ask 1Gbit bandwidht in WAN at the same time, most probably they will be in idle most of the time from the network point of view.
As mentioned previously, at the moment I'm just fine with 60 Mbit... I don't expect that amount to grow 10X in the next 5-7y...
I don't even expect to have faultless hardware for 20y, as well as lifeterm software support :D
Making a longer plan than 7y doesn't seem right, unless I missed something.

stephenw10

@jt40 said in Questions about my ideal setup:

WAN will be 1 Gbit in 1y maybe, with 300 Mbit upload if I'm lucky I guess.

If that's the case you will need something more powerful than the 2100 to fully use a 1G link.

Steve

JT40

@stephenw10 said in Questions about my ideal setup:

@jt40 said in Questions about my ideal setup:

WAN will be 1 Gbit in 1y maybe, with 300 Mbit upload if I'm lucky I guess.

If that's the case you will need something more powerful than the 2100 to fully use a 1G link.

Steve

I was just mentioning my network capability in 1y distance probably, but real world scenario won't overtake the need of 60 Mbit anyway...

For what I see on the official page, it's more than capable of 1Gbit (in download at least), did I miss something?

stephenw10

It can route at >1Gbps (L3 forwarding) but it can't firewall/NAT at that rate.

At 60Mbps it would of course have no problem!

Sergei_Shablovsky

@stephenw10 said in Questions about my ideal setup:

It can route at >1Gbps (L3 forwarding) but it can't firewall/NAT at that rate.

At 60Mbps it would of course have no problem!

Anyway after reading all posts I more than sure that fanless top-box with Intel / ARM 64bit CPU and 16Gb RAM would be great for start, or just buy one from Netgate (for example Netgate 2100 Max) for USD$345+shipping.

You need something to start with.
Only after a You start to play, you understand what You exactly need.

JKnott

@sergei_shablovsky

That Qotom mini PC I bought (see sig) should do the trick. I've already downloaded over 900 Mb with it.

Waqar.UK

@jknott

True.
I have the Qotom, so far so good: i5, 8GB RAM and 120GB SSD.
On Virgin media I get on my official 200-20 connection: sometimes 230-22 via Ethernet.
AP: Asus RTAX 88U. Across my semi detached house I get 220-21.
Running Suricata as an add on and CPU barely touches 1%.

Community fibre are offering me 3Giga-bit for £99. But all my hardware is "only" 1 Gig-bit.

If anyone wants a good value machine that will handle everything up to 1 gig-bit, then Qotom is the way to go. Small and power efficient. Yes I use active cooling and even during rare hot summers in London its CPU rarely goes above 45 Celsius.

JT40

@waqar-uk Nice setup, but it's gonna consume a lot of energy...
At this point, it's simple X86 HW, I just noticed, I'm better of building something by myself, I just need to be careful with the compatibility of the network card and try to find a case that has at least 4 ethernet ports :D
Do you agree?

stephenw10

@waqar-uk said in Questions about my ideal setup:

Community fibre are offering me 3Giga-bit for £99

Grr. I'll have probably retired by the time fibre reaches my part of London.

JT40

I'm browsing around, but it's a bit difficult to find good hardware , used or new...

I live in UK, so the import tax from EU is something I need to avoid, I need to buy in UK but it's not that easy...

I found this hardware, am I on the right way?

• ASRock H310CM-HDV, 1151, MATX, 2 DDR4, DVI, VGA, HDMI, GB LANASRock H310CM-HDV, 1151, MATX, 2 DDR4, DVI, VGA, HDMI, GB LAN

• Corsair CMK8GX4M1A2400C16 Vengeance LPX 8 GB (1 x 8 GB) DDR4 2400 MHz C16 XMP 2.0 High Performance Desktop Memory Module, BlackCorsair CMK8GX4M1A2400C16 Vengeance LPX 8 GB (1 x 8 GB) DDR4 2400 MHz C16 XMP 2.0 High Performance Desktop Memory Module, Black

• Intel Core i5-9400F 2.9GHz LGA1151 9M Cache BOX CPUIntel Core i5-9400F 2.9GHz LGA1151 9M Cache BOX CPU (it may be overkill and TDP too high, I'll try to find a less performance CPU, something like 35W max)

• CiT MTX008B PC Case, Mini ITX, CE/EMI Approved Design, Game Max TFX 300W Power Supply Included, 80mm Front Fan Included, Designed With The Professional In Mind | Black

Looking at the PfSense doc, it's supported hardware so far...

It's already 290 pounds, maybe other 30 for the power supply and I'm done. I wish.... :D
I miss the network card, probably the most expensive component, from where do I start??

At this point, I ask myself why don't buy a Netgate box, like Netgate 2100... Looking at the performance declared, it's overkill for me...
Or do you want to tell me that plugins etc are gonna put down such box around 100 Mbit??
I'll use SNORT and Surricata minimum...

stephenw10

You should not use Snort and Suricata at the same time. They do the same task.

The 2100 would have no problems running either at 100Mbps.

Steve

Sergei_Shablovsky

@jt40 said in Questions about my ideal setup:

I'll use SNORT and Surricata minimum...

For what You definitely need SNORT / Suricata ?

This systems mostly used in office / enterprise environment and needs.

Sergei_Shablovsky

@jt40 said in Questions about my ideal setup:

At this point, I ask myself why don't buy a Netgate box, like Netgate 2100... Looking at the performance declared, it's overkill for me...

According to what most users wrote here on forum, they quickly goes from “this is overkill to my needs” to “why I not spend a +$80 at beginning to avoid some problems / impossibilities now” :)