I swear availability of HW suitable for a small firewall for 500 - 1000 Mbit/s is really bad.
What's available, what's affordable, ... preferably in Germany.
Any suggestions?
"There will be no end to the troubles of humanity, until philosophers become kings, or kings become philosophers.", Plato.
"Hyperbole will destroy us all.", Matt Dillahunty.
"The hyperbole, the demonization of the other opinion and the unwillingness to even read the opposing opinion destroys the so important political discussions necessary for the well functioning of society.", Couleur
what i hate about the bigger nucs is that they still use sodims ... when the case and motherboard is big enough to fit normal size ram , is it cause normal ram cant be mounted sideways/flat ?
Last edited by PickupArtist on Mon, 10th Apr 2023 12:25; edited 1 time in total
I find it awkward that those ASRock nucs and mini PCs with Ryzen embedded processors are not really available.
ASRock links to shops in your country, but those again don't publish prices, they look like they don't take private customers (only businesses) and you have to "ask for a price".
But why the brand the AMD matter if a $350-450 device is already 50x more power than necessary to run pfsense, IDS, Proxy, DNSBlocking etc. etc. etc.
Not true. You need a top-class celeron or a lower class "regular" CPU from Intel or AMD (quad core is safe) to do true 1Gbit filtering, which would be ok, IMHO.
Referencing the specs my one has below it's definately one of the "Qotum" i linked from Amazon above. I've had for probably 5 or more years. It's been rock solid and I'm running far more services with it than most users would (4 separate networks, multiple VPN's etc, multiple web services). Passive cooling is fine, the temps rarely exceed 30.
Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
8GB RAM, (it uses 15% of that so you could easily get away with 4GB).
Current: 2400 MHz, Max: 2601 MHz
4 CPUs: 1 package(s) x 2 core(s) x 2 hardware threads
AES-NI CPU Crypto: Yes (active)
These were all the options from the Minisforum (only 2x LAN devices):
I tend towards the EliteMini HM80 option, because it comes with 32, instead of 16 Gb RAM for the same price or less.
They all fulfill my requirements and some... the only way to chose is for future proof-ness and "what else" you can dow ith them.
What do you think? They're all available and in stock from EU, so it's 3-4 days delivery to Germany. (Expect NAB6, that's from HongKong, but I think it's overkill...)
Prices are ok-ish.
16GB of RAM is something what datacenter level firewalls have. You absolutely do not need such amount for home usage let alone 32GB.
Fell free to load all Suricatas, Snorts, Squids (which none of them I recommend in the first place) and you will barelly exceed 8GB.
See what the problem with "not wasting money" is now?
You're not wasting any...
Please watch my video.
With Netgate devices you are getting 100% hardware/software compatibility, option for additional tech support, you support Netgate to continue developing FreeBSD drivers (which is done by just a few companies btw) etc. Sure it is up to you to decide how much do you value these things.
Ryzen 9800X3D CO ~-26/+200 | Freezer III 360 A-RGB & 3x Phanteks T30 | Strix X670E-F WiFi | Zotac RTX 4090 AMP Extreme AIRO | Fury Beast 64GB (2x 32GB) DDR5 5600MHz C40 @ 6000MHz C28 | 970 EVO Plus 2 TB | 38GN950-B | S.M.S.L RAW-MDA1 & HiFiMAN Arya Organic | Lancool III Snow White + 4x be quiet! Silent Wings Pro 4 140mm | RM1000x (2021) Gold | G Pro X SUPERLIGHT 2 & POWERPLAY | Win 11 Pro | Logitech MX MECHANICAL
Yeah I would buy a netgate device to support them but it's hard to find the gear here and much more expensive. If it's readily available around 350-400 I'd probably do that. Otherwise quick lookup on "amazon.de", i'd look at the "Micro Firewall Appliance / HUNSN" variety of devices
4gb, 4x nic model is probably all you need but they come in 10-20 variants if you want to spend more and want a more powerful device. Just bare in mind in a simple setup or home lab environment, your going to allocate:
1nic WAN, 1nic into switch (can be a good one or shitty $30 TP-link) for your primary network. That leaves you two other NIC's on the firewall for separate networks (or you could bridge all 3x NICs to one network if you want).
Bumping the thread because edit (don't know if edits notify). Another thing I will say about pfsense:
Pro's:
It's really good and does everything you need (I would depend on it for small clients). It suits a lab environment perfectly allowing you test many corporate oriented services etc.
Con's:
It was never designed and built with an API, so that is lacking and a bit disappointing. There's no native way to centralise config of many devices. You can hack around it using SSH and other tools but it's not good for production environments.
I think OPNSense (fork of pfSense) does have an API though which probably makes it better if it's for lab oriented stuff.
Signature/Avatar nuking: none (can be changed in your profile)
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
