pfsense/opnsense

[Conanius]

I'm tempted to swap out my Unifi UDM for a opnsense box, mainly to make use of the full breadth of my ISP capacity (Virgin Gig 1) - I'm peaking at just under 900 when testing behind my UDM with IPS turned on, and I get just over 1.1Gbit when using the Superhub directly.

I'm wanting to make sure I have plenty of juice in the box. I will want to run suricata, and Ideally I'd like enough headroom for VPN and future ISP increases.

I assume something off AliExpress with an i5-1240p CPU would be enough grunt?

I'll look for something with the i226 controller for the 2.5Gbit nics. Has anyone tried one with an SFP port (Thinking I could put an RJ45 10Gbit capable SFP in to run upstairs to the study switch).

Edit - Also interested if anyone here runs the build in Unifi controller on Opnsense too.

 

[Simon42]

Kind of annoying that these devices as you go up the specs also increase the ports seemingly unnecessarily. I mean 2 would be plenty then, why do I need 4 or 6.

In my case I use three ports for WANS (FTTP, VM and mobile 4G), two for a LAGG for the trunk connection to my main switch and the last one for ease of accessing pfSense via its web interface if the rest of my (Unifi) kit is offline.

Using all 6 port is probably not a common use case, but having more than two ports does make dual WAN an option.

 

[Avalon]

I'm tempted to swap out my Unifi UDM for a opnsense box, mainly to make use of the full breadth of my ISP capacity (Virgin Gig 1) - I'm peaking at just under 900 when testing behind my UDM with IPS turned on, and I get just over 1.1Gbit when using the Superhub directly.

I'm wanting to make sure I have plenty of juice in the box. I will want to run suricata, and Ideally I'd like enough headroom for VPN and future ISP increases.

I assume something off AliExpress with an i5-1240p CPU would be enough grunt?

I'll look for something with the i226 controller for the 2.5Gbit nics. Has anyone tried one with an SFP port (Thinking I could put an RJ45 10Gbit capable SFP in to run upstairs to the study switch).

Edit - Also interested if anyone here runs the build in Unifi controller on Opnsense too.

The Everything Fanless Home Server Firewall Router and NAS Appliance

This fanless server might have everything including an Intel Atom C3758, 4x SFP+ 10GbE, 2.5GbE, SSD slots, and external HDD connections

www.servethehome.com

The 4c version of that is under £200 delivered barebones on Ali, the i226/N100 Topton etc. is about the same price kitted out with 16GB/500GB NVMe and can do cake at roughly 1.4Gb at 40% load on all cores.

Flr op’s port comment - Interface wise between LAN, Guest, Wifi, DMZ and multi-WAN 4 ports is about the minimum unless you want to virtualise which will buy you breathing space if you aren't hitting the VLAN’s enough to cap the physical port. Either way, switching in software is horribly inefficient compared to doing it in hardware and scales poorly.