Shopping list
-
I'm planning on building a pfSense box, and having spent time looking on this board I've come up with the following hardware list - does it look okay ??
It's for a home office environment, with the main uses being firewall, web filtering, VPN (AirVPN, and maybe a site-to-site VPN), a couple of VLANs, some QoS. Spec could be a little overkill, but should future-proof me for a while.
-
Motherboard: Supermicro A1SRi-2758F
-
Storage: Samsung 850 EVO 120GB SSD
* Cable: SATA3 data cable -
Case: Mini-Box M350
-
Power Supply: 150W AC Universal Adapter 12V 12.5A
* 4pin Mini-DIN & Mini-FIT JR Adapter (included with PSU)
* picoPSU-150-XT Power Supply
I did look at not using the picoPSU, in which case I would go with a "4 Pin P4 Male to ATX P4 Female CPU Power Extension Cable Black".
But … the SSD would also need power (using a 6" Female 4-Pin Molex to SATA Power Cable) - however I was unsure how this would connect - does it plug straight into the motherboard ??Appreciate thoughts on this spec !
Thanks. -
-
Looks ok but 16 gig of ram is obscene if this is only for a soho box which is only going to run pfsense.
6 gig is about the most you will need, and you will manage perfectly fine with 3 unless you use squid.
-
Looks ok
Looks ok ? Jeez, I just priced it up and I was hoping for better than "ok" ;)
Point taken on the memory - seems the 4GB sticks are a little harder to get hold of over here (in the UK), but doing so should cut the cost of memory by half.
I could get a lower spec mobo and save some cash, but … I think I'll spend a little extra on the A1SRi-2758F which should do me well for some time.
My hardware list works out quite expensive, ~£550 GBP, but it looks like the closest pfSense hardware is the SG-4860, which over here is >£900, so I'm making a saving there ! Either way, it's well over-specced for my needs, but I'd rather be over than under :-[
-
Ok so .. what's the speed of your connection?
You could probably do better, price wise, with an i3 setup.
-
Ok so .. what's the speed of your connection?
Speed is not great, up to 30Mb.
I'm guessing that the i3 is better for me, as it will reduce the cost of the hardware and be ample for my requirements ? Sounds reasonable, but I know I'm then going to spend ages (and ages) searching for the right chip and motherboard models, then try to find them for sale in the UK (time is money!).
-
Searching around for i3 related kit, i found a pre-built one, Shuttle DS57U3 core I3. Cost in the UK - from £460. So not too far way from my original kit list. I know I could get a homebrew i3 kit much cheaper, but it's finding the compatible hardware (mobo) I'm struggling with.
-
Little more research, for an i3 board - how about this setup:
MoBo: Gigabyte GA-H170N-WIFI Socket 1151 (Skylake) Mini-ITX board
CPU: Intel Core i3-6100T 3.2GHz Socket 1151 Processor 35W TDPThat saves me around £60 GBP compared to the Supermicro A1SRi-2758F.
If the A1SRi-2758F is a better setup, I'm not sure the saving is worth it (for me). I'd welcome thoughts !
-
Point taken on the memory - seems the 4GB sticks are a little harder to get hold of over here (in the UK), but doing so should cut the cost of memory by half.
It all depends mostly on the use scenario and how many and what kind of packets will be installed
and service will be used and offered on top.
2 GB RAM for firewall only
2 GB - 4 GB RAM for firewall & snort
4 GB - 8 GB RAM for firewall, Snort, Squid & SquidGuard8 GB - 16 GB RAM for firewall, Snort, Squid & SquidGuard, pfBlocker-NG & HAVP (ClamAV)
- high up the mbuf size to 1.000.000
- high up the default Ram size of Squid
- amount of users & services will increase
The packet filter, the IP forwarding parts, and even NAT (part of pf, but run at a different phase) all hit the memory system.
I could get a lower spec mobo and save some cash, but … I think I'll spend a little extra on the A1SRi-2758F which should do me well for some time.
But I would assume that the Intel Atom C2758 SoC is using less electric power by being strong enough.
Here you will get AES-NI and Intel QuickAssist and the QuickAssist is not really in usage and so no one is
able to tell you whats going on if this will be unleashed and integrated fully in the pfSense code. So more
future proof will be to go with the Intel C2758 SoC in my eyes. Also if all CPU cores will be used in the nearly
future the entire system will be able to get a real speeding up effect so I would say the C2758 one is the better
choice for being future proof.My hardware list works out quite expensive, ~£550 GBP, but it looks like the closest pfSense hardware is the SG-4860, which over here is >£900, so I'm making a saving there ! Either way, it's well over-specced for my needs, but I'd rather be over than under
I think more the C2758 is more like the SG-8860 that comes closer to this tech. specs.
If the A1SRi-2758F is a better setup, I'm not sure the saving is worth it (for me). I'd welcome thoughts!
With the Intel Core i3 you could easily upgrade your system to another higher level for sure, you will be able to
buy the strongest i3 or i5 CPU or alternatively an Xeon E3-12xxv3 CPU and also ECC RAM, but with the C2758
you get the best bet in that CPU or SoC class at this time and I am personally thinking we all was not really
seeing the end of what power this C2758 Atom SoC able to serve.One at last from me about the Samsung850 SSD, some customers were reporting about issues with
this SSD by activating the TRIM support in pfSense, so I would more try out to get the former Samsung840
SSD that was without any kind of problem.And if it is so, in real, that you want only run the pfSense as a pure firewall, you could also go with two
other options that a really more saving money than the Intel Core i3 or i5 set up.- Jetway N2930 bundle (PSU, case & board) + 8 GB RAM + mSATA + WiFi ~300 € - 400 €
- APU2C4 bundle (PSU, case & board) + mSATA + WiFi ~350 €
They will be really strong and powerful enough to handle firewall + Snort + pfBlocker-NG for sure
and pending on your Internet connection speed it will be enough. -
@BlueKobold:
…. so I would say the C2758 one is the better choice for being future proof.
Thanks for the detailed response - useful!
Stupid question, but just to be sure I'm not making a mistake: Atom C2758 = Supermicro A1SRi-2758F (i.e. the Supermicro mobo is one piece of kit which uses the Atom C2758).
One other thing I'm unsure on, if anyone could clarify please - if I'm going to use a SSD for storage (with the A1SRi-2758F), do I need a picoPSU ? I was not sure if there is a SATA power socket on this mobo, which saves having to install the picoPSU.
-
Stupid question, but just to be sure I'm not making a mistake: Atom C2758 = Supermicro A1SRi-2758F (i.e. the Supermicro mobo is one piece of kit which uses the Atom C2758).
On this board the Intel Atom C2758 SoC is soldered on as the CPU. It is also soldered on the SG-8860 and
on the XG-C2758 1U unit from the pfSense shop. Or in short, yes. Supermicro A1SRi-2758FOne other thing I'm unsure on, if anyone could clarify please - if I'm going to use a SSD for storage (with the A1SRi-2758F), do I need a picoPSU ? I was not sure if there is a SATA power socket on this mobo, which saves having to install the picoPSU.
In this thread about this mainboard you will be able to read much more about the Supermicro A1SRi-2758 as here
and there you could also read about what kind of PSU the other users were taking. Intel Mini-ITX Atom 8-core Hardware Build Recipe Available Here -
On this board the Intel Atom C2758 SoC is soldered on as the CPU. It is also soldered on the SG-8860 and
on the XG-C2758 1U unit from the pfSense shop. Or in short, yes. Supermicro A1SRi-2758FPerfect, thank you.
In this thread about this mainboard you will be able to read much more about the Supermicro A1SRi-2758 as here
and there you could also read about what kind of PSU the other users were taking. Intel Mini-ITX Atom 8-core Hardware Build Recipe Available HereThanks. I did find/read that thread initially, but was still a little unsure. However, with further enlightenment it would appear that I have 2 options to supply power to the mobo and the SSD:
- An appropriate power brick
- If choosing the 4-pin connector, then a 4-pin cable extender
- A Serial ATA 15 Pin Female to LP4 Female Power Cable (to power the SSD)
or 2.
- An appropriate power brick
- A picoPSU (has the hard drive power connector built in)
I'm inclined to go with option #1 for now.
Looks like I'm good to go !
-
With 8 GB or 16 GB you could;
- high up the mbuf size to 1.000.000 (if needed)
- high up the Squid default RAM size
- high up create a RAM disk if you need it
Please enable the following two things after install; - PowerD (hi adaptive) for the CPU
- TRIM support for the SSD
Please create a /boot/loader.conf.local file that owns all custom made settings to survive the next upgrade
where all files will be new written and custom settings will be wiped away.Have fun.
-
I have 2 options to supply power to the mobo and the SSD:
- An appropriate power brick
- If choosing the 4-pin connector, then a 4-pin cable extender
- A Serial ATA 15 Pin Female to LP4 Female Power Cable (to power the SSD)
or 2.
- An appropriate power brick
- A picoPSU (has the hard drive power connector built in)
I'm inclined to go with option #1 for now.
Well, I would have gone with option 1, but I can't find a SATA 15 Pin Female to LP4 Female Power Cable anywhere for sale in the UK. Looks like I'm going for the picoPSU instead.
-
If you haven't got a case yet:
Antec ISK 300-150 Mini ITX http://www.amazon.co.uk/Antec-ISK300-150-0-8mm-Mini-ITX-Construction/dp/B0036CSMSG
I Built my SOHO-Firewall with that Case (with a Supermicro A1SAi-2550F).
Almost silent internal sfx-powersupply.
-
If you haven't got a case yet:
Antec ISK 300-150 Mini ITX http://www.amazon.co.uk/Antec-ISK300-150-0-8mm-Mini-ITX-Construction/dp/B0036CSMSG
I Built my SOHO-Firewall with that Case (with a Supermicro A1SAi-2550F).
Almost silent internal sfx-powersupply.
Looks a good case that, and would solve my issue with being unable to track down a cable. But … why did I then go and read a review on it, which was not complimentary about the PSU! If I hadn't have read it, I wouldn't have known, but now I do I'm not sure. Damn you "generic search engine" !
Quote:
"Antec ISK 300-150 is a small case targeted to users that want to build the smallest PC around. The main problem with this case is the power supply that comes with it, which provides a lousy efficiency below 80% all the time. Therefore we can’t recommend it." -
Ok. The test is from 2010. My powersupply has a 80 Plus silver sticker as far as i recall (mid 2015, running 24/7 since). Whatever that means ;)
-
Like Natalie Imbruglia, I'm "Torn" on which case/PS to go for now!
-
Like Natalie Imbruglia, I'm "Torn" on which case/PS to go for now!
If you are really unsure, I would go with the M350 because this is 1000 times used to build a small
router or firewall with success by many customers or users. You can´t anything wrong with it. -
If you are really unsure, I would go with the M350 because this is 1000 times used to build a small
router or firewall with success by many customers or users. You can´t anything wrong with it.Wise advice - I'll order the kit tomorrow !