Hardware for pfsense

ChrisD. · 12 May 2017 at 17:05

As per the title, anyone recommend a box that I can stick pfsense on off the shelf? Only needs two gig ports as I have a tonne of switches at home.

bremen1874 · 12 May 2017 at 17:36

I would imagine that the required hardware will depend on how you're planning to use it and the amount of bandwidth it'll need to handle.

ChrisD. · 12 May 2017 at 17:39

Nothing too heavy, vpn server, dyndns, some port forwarding, dns, dhcp and my broadband rarely gets above 50mbit. But I'd like to futurproof if I ever get FTTP etc.

Caged · 12 May 2017 at 19:15

One of those Netgate things

Such as https://www.netgate.com/products/sg-1000.html

BigT · 12 May 2017 at 20:57

I have this Hamsing box running pfSense

Caged · 12 May 2017 at 21:09

That looks a far better option for the money.

ChrisD. · 12 May 2017 at 22:55

How much was it?

Caged · 12 May 2017 at 23:05

Type "firewall pc" into Amazon

Conanius · 12 May 2017 at 23:36

A lot of people I've spoken to have shared the same experience as me, but decent performance on pfsense seems to be directly correlated to the network cards it has on offer.

I ran pfsense as a VMs on KVM through Ubuntu and I could never get it running properly and kept having weird throttling issues.

I'd recommend finding a box that people are definitely using and read up on any issues that exist.

Caged · 13 May 2017 at 00:12

pfSense throughput seems to depend on single-thread performance of the CPU chosen, and I would try and use Intel NICs over Realtek/Broadcom.

ChrisD. · 13 May 2017 at 08:59

I'm wondering about switching from my Edgerouter Lite because I don't really know the config or CLI and I'm not sure I'm willing to learn it as it isn't all that widely used. I figure a lot of people and organisations use pfsense plus I'm a Linux nerd so it'd be something nice to sink my teeth into.

Steveocee · 13 May 2017 at 10:26

Have a look for "PC Engines Alix PC" very nice little boards built for this kind of thing. The APU models have higher specs but also a higher price. They have some really nice brushed aluminium cases as well.

BigT · 13 May 2017 at 11:20

ChrisD. said:
How much was it?

Just under £200 from memory, once I added RAM and a small SSD. They sell them in various states of configuration on Amazon.

Caged · 13 May 2017 at 13:32

The other option if you have a switch already that can do VLANs is to tag your WAN and LAN onto a single interface, which gives you a billion more choices for an appropriate PC to run pfSense on. Like an Optiplex Micro from eBay or similar.

Steve_bullockuk · 13 May 2017 at 18:48

I recently bought a NetGate SG-2200. I was looking around for months at different hardware and read the horror stories about NIC incompatibility. Eventually I decided to stump up the cash for the NetGate. It wasn't cheap (£360incVAT) but I don't have a Virtual environment and wanted to buy something with tried and tested hardware.

It's been flawless so far.

My setup is OpenReach HG612 > NetGate SG-2200 > Managed switch > AP.

From looking on Reddit, it quickly became apparent that pfSense doesn't play nicely with RealTek NIC's which is what comes bundled in the majority of small chassis "firewall" PC's on Amazon.

Firestar_3x · 14 May 2017 at 10:32

Steve_bullockuk said:
pfSense doesn't play nicely with RealTek NIC's which is what comes bundled in the majority of small chassis "firewall" PC's on Amazon.

Was a little worried about the RealTek NIC issue, however all seems to be fine with my build (Rack mounted Gigabyte N3150N-D3V with 2gb ram and 500gb HDD). Running Snort / Squid / ClamAV hammers the CPU on big downloads but always get full bandwidth from my 70mb line.

Steve_bullockuk · 15 May 2017 at 14:17

ChrisD. said:
***Quoted post removed***

Looks good to me. I'd research AES-NI if you are wanting to run VPN's and see if there are known issues running it with those hardware components. I'd suspect not.

Obviously you'll need RAM and some kind of storage.

pc-guy · 15 May 2017 at 14:39

I have a zotac box for £120 from a german place before Pound tanked. and bought some second hand ram for £20 and a HDD for £20 on MM. I had a spare wifi dongle to use as a secondary wifi connection. The inbuilt intel wireless card was not recognised by pfsense or openBSD. the network cards are by realtek. i have had no problems with them

I chose the zotac box specifically because of the CPU - celeron with AES-NI instruction for openVPN.

only issue is I was planning on running the machine as a VM (with SSD) so i can have NAS/Media Server and Firewall in one box. but the cpu has a problem with VMware and there is workaround. I just haven;t got time to sit down and sort it out yet. Also I am kinda hoping VM will have their software updated to cater for the cpu.

https://www.zotac.com/us/product/mini_pcs/zbox-ci323-nano

ChrisD. · 15 May 2017 at 14:40

I actually have an Intel NUC at home, I could get a USB to NIC dongle and try it out?

It's being used to run OpenPHT at the moment but I have a Pi I could put in its place while I test.

Steve_bullockuk · 15 May 2017 at 16:31

ChrisD. said:
I actually have an Intel NUC at home, I could get a USB to NIC dongle and try it out?

It's being used to run OpenPHT at the moment but I have a Pi I could put in its place while I test.

Its definitely worth a shot but i know USB NIC's are not "recommended".