Hardware for pfsense

[BigT]

I've used a USB NIC on a pfSense install prior to the chassis I now have and it worked. I didn't stress it much though so no idea if there's any performance issues under load.

 

[Caged]

You could always go crazy http://blog.fosketts.net/2015/06/05/adding-a-second-ethernet-port-to-an-intel-nuc-via-mini-pcie/

 

[ChrisD.]

Well I guess I've gone a little crazy as I've spent more than I'd like by ordering a SG-2200. At least I 100% know it will work.

 

[SirJinks]

Do bear in mind when shopping around for a cheap pfsense box that apparently v2.5 of pfsense will require your cpu to support AES-NI instructions so check your CPU if that's important to you.

 

[Steve_bullockuk]

Well I guess I've gone a little crazy as I've spent more than I'd like by ordering a SG-2200. At least I 100% know it will work.

This was my line of thinking aswell. Mine has been great so far.

Make sure you check out the pfSense subreddit. Some really good stuff on there.

 

[ChrisD.]

This was my line of thinking aswell. Mine has been great so far.

Make sure you check out the pfSense subreddit. Some really good stuff on there.

Cheers. I'll have a go at setting it all up tonight. Should be interesting.

 

[ChrisD.]

Had a quick go at setting it all up tonight. I followed the wizard and got a WAN connection and all LAN seems to be working fine using the DHCP scope. However I can't get any LAN to WAN traffic.

Everything I've read suggests it should just work out of the box after the config wizard. Anything I've likely missed?

 

[Caged]

Presume you've set outbound NAT and declared an interface on the WAN side of things?

 

[ChrisD.]

Presume you've set outbound NAT and declared an interface on the WAN side of things?

No, as everything I read suggests it should be ready to work after the wizard. I'll have a look at NAT tonight.

Impressed with it so far, the GUI is miles better than the ER-L one.

 

[ChrisD.]

Came home, plugged the pfsense box back in, changed nothing and it all came to life.

 

[ChrisD.]

The TBB graph looks good:

Got some basic rules on the Firewall now and the network seems to run more than fine. Need to set up an OpenVPN server on it which will be this weekends task.

 

[Steve_bullockuk]

The TBB graph looks good:

Got some basic rules on the Firewall now and the network seems to run more than fine. Need to set up an OpenVPN server on it which will be this weekends task.

Glad to see you got sorted.

I followed this guide for setting up the OpenVPN server which is helpful https://www.youtube.com/watch?v=ybcc-OBi7kQ

 

[ChrisD.]

Nice one, I'll take a look.

 

[moogle]

What do you guys use the pfsense box for anyway?

 

[DIABLO]

I'm not trying to sound dense but what you think they use it for? It's a Router.

 

[moogle]

I'm not trying to sound dense but what you think they use it for? It's a Router.

Well that is dense, I know it's router software.

Maybe I should have said what are they using it for, what uses or advantages does it have over a normal router, what benefits does it bring, why would one build one.
Is that easier to read for you?

 

[ChrisD.]

Well that is dense, I know it's router software.

Maybe I should have said what are they using it for, what uses or advantages does it have over a normal router, what benefits does it bring, why would one build one.
Is that easier to read for you?

It's fast, secure, it has lots of features, it's probably one of the best firewalls on the market. I have no need for wireless as I run Ubiquiti kit and I am generally not a fan of regular consumer routers. Plus I like to tinker and learn as it may come in useful in my job.

I had an RT-N66U for a long time and while it was good, the CPU usage used to sit quite high which caused a few problems. I then tried a Draytek router and it was garbage, then Edgerouter Lite which was good but a bit of a beta feel to it.

 

[BigT]

Maybe I should have said what are they using it for, what uses or advantages does it have over a normal router, what benefits does it bring, why would one build one.
Is that easier to read for you?

For me personally I'd guess the following appeal:

• Using my own hardware that is more powerful than consumer routers allows me to keep up high speeds while running a network wide VPN
• Again, because I use my own more powerful hardware, the router is much better at handling the number of network clients I have. With IoT, mobile devices, VMs as well as physical devices, I found consumer routers started to struggle with 25+ devices on the network
• I have two WAN connections and soon a third which allows me to do a lot of policy based routing. Not many consumer routers handle multiple WAN connections and certainly to handle three I think you'd have to go to enterprise kit.
• The interface and analysis tools available are very comprehensive indeed and allow me to spot easily bandwidth hogs etc. And not just the machine/device but the process and where it's talking to out on the internet etc. ntopng is a great tool on pfSense
• AV at the router level is something you don't find with consumer routers but can have with pfSense.

 

[moogle]

It's fast, secure, it has lots of features, it's probably one of the best firewalls on the market. I have no need for wireless as I run Ubiquiti kit and I am generally not a fan of regular consumer routers. Plus I like to tinker and learn as it may come in useful in my job.

I had an RT-N66U for a long time and while it was good, the CPU usage used to sit quite high which caused a few problems. I then tried a Draytek router and it was garbage, then Edgerouter Lite which was good but a bit of a beta feel to it.

I haven't reached the limits of my ASUS router yet , but I have been thinking of messing about with an old computer and making it a pfsense box, the caching aspect of it interested me quite a bit. Not that I needed to save bandwidth, but the idea of optimising it certainly appealed.

For me personally I'd guess the following appeal:

• Using my own hardware that is more powerful than consumer routers allows me to keep up high speeds while running a network wide VPN
• Again, because I use my own more powerful hardware, the router is much better at handling the number of network clients I have. With IoT, mobile devices, VMs as well as physical devices, I found consumer routers started to struggle with 25+ devices on the network
• I have two WAN connections and soon a third which allows me to do a lot of policy based routing. Not many consumer routers handle multiple WAN connections and certainly to handle three I think you'd have to go to enterprise kit.
• The interface and analysis tools available are very comprehensive indeed and allow me to spot easily bandwidth hogs etc. And not just the machine/device but the process and where it's talking to out on the internet etc. ntopng is a great tool on pfSense
• AV at the router level is something you don't find with consumer routers but can have with pfSense.

I can see it's for very specific and advanced usage requirements. The AV part is a nice feature true, still doesn't stop your PC from scanning it again right?
I'll probably have a mess about in a VM with it to see what else it might have that's useful, thanks for that.

Any reason to buy those specialised hardware boxes instead of using an old PC? Other than compatibility and power saving?

 

[bremen1874]

Any reason to buy those specialised hardware boxes instead of using an old PC? Other than compatibility and power saving?

No. The hardware requirements are listed on the pfsense website.

Trying it out in a VM or on spare hardware makes a lot of sense.