Can I run this as a UTM appliance? APU 1C 4GB (3NIC+USB+RTC)



  • Hi,

    I'm looking at buying this LinITX APU 1C 4GB (3NIC+USB+RTC) pfSense mSATA Firewall Kit. I wondering if i will be able to run,

    SNORT
    HVAP
    SQUID
    ETC

    I would like to build it as a full UTM appliance. Also open to suggestions.

    http://linitx.com/product/linitx-apu-1c-4gb-3nicusbrtc-pfsense-msata-firewall-kit-red/14243

    Thanks
    Oli


  • Netgate Administrator

    Yes as long as it's booting from SATA. The performance may not be what you need though. What sort of throughput are you hoping for?

    Steve



  • You need something with abit more horsepower.  Quad core.  2GHZ plus would be nice.
    Perhaps more, depending on your internet speed and number of clients on the LAN.
    But that is available in a small form factor also so I'm sure you can build what you are looking for, just probably not with this box.

    caveat - If you wan speed isn't very fast and not many lan clients, it may be ok.  It will be easily be maxed.

    Those are more mainly for basic firewall and VPN on not super fast connections.  Very reliable in those scenarios I hear.



  • Its funny - Because that link we were looking at yesterday to that dual NIC NUC-like box would probably be great.


  • Netgate Administrator

    Yep.
    The APU is a low powered box but that's fine it's designed to be. Many people have (relatively) low band WAN connections where a quad core 2GHz CPU would just be wasted. It will run Snort and Squid and whatever else just not as fast. People used to run those packages on the Alix board, though I can't imagine they ever ran well, the biggest issue there was RAM. The 4GB APU shouldn't have a problem.

    Steve


  • Rebel Alliance Netgate Administrator

    How is this different then the APU offered by Netgate?



  • Thanks for your replies.

    I have a 100Mb link which i would like to get the full potential from but only for  few services which i would be happy not to run through Snort. Do you have any idea of what throughput I would get using this box?

    Only really need to use SNORT for web browsing and exclude any sites / services that I want 100Mb.

    Or is there a better box I could use? I was really looking for something that doesn't use much power, ideally fan less, and small.

    Thanks



  • "How is this different then the APU offered by Netgate?"

    Seems like it wouldn't be.  Why do you ask?



  • If you buy this box, test it.  Let me know how close you get to full throughput.

    Post it here so next time someone asks the same questions with the same packages and bandwidth availability, I can just link to your test runs.

    Typing "not with those packages and bandwidth" is giving me Carpal Tunnel Syndrome…

    Something faster and cheap.  Reasonable low power.  Proven to run pfsense.

    http://www.newegg.com/Product/Product.aspx?Item=N82E16856205007

    Its not tiny but power consumption isn't high.  10W - 15w average according to people running it.


  • Netgate Administrator

    I don't have an APU. However based on the reports of others here I think it would handle 100Mbps even with Snort and Squid, especially if you're willing to do a bit tuning. It will pass ~350Mbps without Snort or Squid. Check the forum because there are a number of similar posts about this including UTM style reports.

    Actually I believe the Netgate APU boxes (and those from the pfSense store) have a customised image that includes things like support for the leds and reset button. The LinITX box can only be the standard pfSense image.

    Steve

    Edit: This guy is running Snort, Squid3 and HAVP and has <10% CPU usage for 20Mbps:
    https://forum.pfsense.org/index.php?topic=76332.msg447602#msg447602



  • Thats great, thanks for all the fast responses. If I buy this I will bench test and report back.

    Thanks :)