What's new

Finally made a major upgrade to my firewall router

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Maverick009

Senior Member
I have been talking about an upgrade I have been wanting to do to my firewall router and due to a recent issues with the hardware including internet connectivity issues today while working, I decided the time was now to upgrade instead of by next weekend (I bought the board open box and it was missing the backplate, with a new one due to arrive this week.). Below are the previous specs and the new specs. The biggest part is the CPU/Motherboard/Memory upgrade. The rest I just kept and moved the new board. The biggest benefits, I received was a significant boast in CPU performance and more efficiency with less heat generated. The old Intel Proc ran hot and stayed near the 68-80 degree marker depending on season and ambient temperature with a tdp of 105W (I believe it was sucking more power than that). The Ryzen chip on the other hand runs at a cool 41.2 degrees with a +/- of about 4-7 degrees thanks to its more efficient design and node process plus it has a 65W limit and coupled with the Asus B550M Tuf platform settings, is tweaked for stability and efficiency. The 1700 I had sitting around for a while and finally put it back to use once I found out the B550 chipset could unofficially support the Ryzen 1st/2nd gen CPUs and Asus has the best interface to work with. Overall, the platform is now very efficient, and I do not hear what was like a wind tunnel swirling sound when I open the closet to the servers, so that is a plus too. I do eventually plan on adding a Dual Intel 10G NIC and I may get a Quad 2.5G NIC to fully complete the upgrades for a firewall router that should last me quite some time. For anyone wondering, the OS is Opnsense. I am happy with this upgrade overall, and if anyone is looking for advice, I can certainly provide it based off my own experience.

Old hardware Specs.
CPU: Intel Q6600 2.4Ghz Quad-Core Processor
Motherboard: GA-GM41MT-USB3
Memory: Corsair 4GB DDR3 1600Mhz Dual-Channel Memory
Intel I350-T4 Quad Port Gigabit NIC
Realtek 8125b Dual 2.5G NIC
240GB SATA SSD for the OS

Upgraded Hardware Specs
CPU: AMD Ryzen 1700 3.0Ghz/3.7Ghz base/boost 8C/16T Processor (Had it sitting around as it was part of my first Ryzen gaming system upgrade)
Motherboard: Asus B550M Tuf Plus WiFi with latest bios (Got the board for a fraction of the price due to being openbox)
Memory: 16GB Corsair DDR4-3600Mhz Dual-Channel Memory running at DDR4-2666Mhz for stability
Integrated 2.5G NIC
Intel I350-T4 Quad Port Gigabit NIC - 1 port is plugged into a Netgear CM1200 Multigig Cable Modem and 1 port is plugged into a TP-Link 24/28 Port Managed Switch
Realtek 8125b Dual 2.5G NIC 1 Port is plugged directly into my Gaming Computer's 2.5G LAN and 1 port is plugged directly into an Asus GT-AX11000 Wireless Router's 2.5G port and running in AP mode and with a mesh wired connection to an Asus RT-AC3100 Wireless Router in another part of the house connecting both wired and as a wireless mesh.
240GB SATA SSD for the OS
 
I'm a little in doubt you'll see any significant performance differences on your home network. It's a good PC, but waste of hardware for what you are using it for. I can guess you'll stay under 5% utilization most of the time. Firewall with 8C/16T and 16GB RAM is perhaps good for your entire neighborhood.
 
I personally would never do that. First, for security reasons - your firewall is better on separate device. Second, for reliability reasons - if this swiss knife PC goes down it takes down everything with it.
 
I'm a little in doubt you'll see any significant performance differences on your home network. It's a good PC, but waste of hardware for what you are using it for. I can guess you'll stay under 5% utilization most of the time. Firewall with 8C/16T and 16GB RAM is perhaps good for your entire neighborhood.

I am actually seeing a nice performance increase off the bat just thanks to the updated CPU tech alone. I also will see the benefits of power savings due a more efficient cpu and node process it is on. This also was about future proofing and I only had to purchase the board, as I already had the CPU and memory, so no real waste of hardware. I also did not list out my full network as I have more connected including a hybrid multirole Windows Server 2022 powered game/NAS/DHCP server that will see a lot of traffic, especially as I add game caches to the server. Overall it is efficient hardware with performance overhead.
 
One big benefit here , if it goes wrong you only have yourself to blame ))
 
Consider installing Proxmox and share the hardware among some virtual machines.
Not sure if I will do it on this machine as it is designed more for a purpose. I do have my Windows Server 2022 unit and have used the VMs there. I also have a laptop converted to Fedora Server that is a mini NAS and Asterisk VOIP server. I am thinking of adding another possibly 1U server for virtualization and that I may get Proxmox or a similar install than.
 
I personally would never do that. First, for security reasons - your firewall is better on separate device. Second, for reliability reasons - if this swiss knife PC goes down it takes down everything with it.
That was my thinking. It is more purpose built than a Swiss army knife do it all machine. That is why I even kept the memory speed 1 to 1 with what was the max memory clock supported on. The Ryzen 1st Gen chips. All about stability and security for this device.
 
One big benefit here , if it goes wrong you only have yourself to blame ))
True but that can be said of any device really. I have been doing this for a while and experimenting with both pfsense and Opnsense. This was just a major hardware upgrade. No need to even reinstall the OS. I also keep backups of the configuration.
 
I personally would never do that. First, for security reasons - your firewall is better on separate device. Second, for reliability reasons - if this swiss knife PC goes down it takes down everything with it.
i second that opinion. A router/firewall is like the traffic warden of your network. That should always be on bare metal and stand alone.
 
True but that can be said of any device really. I have been doing this for a while and experimenting with both pfsense and Opnsense. This was just a major hardware upgrade. No need to even reinstall the OS. I also keep backups of the configuration.

Yes, i have done some hardware upgrades several times already an issue except when i added the X550-T2 it was giving me some trouble with reassigning the WAN/LAN from em0/1 to ix0/1. The beauty of FreeBSD. What i like about Opnsense in that respect is that you can backup to various destinations including Nextcloud. For pfSense, it backs up to its own servers only unless you do it manually yourself.
 
Yes, i have done some hardware upgrades several times already an issue except when i added the X550-T2 it was giving me some trouble with reassigning the WAN/LAN from em0/1 to ix0/1. The beauty of FreeBSD. What i like about Opnsense in that respect is that you can backup to various destinations including Nextcloud. For pfSense, it backs up to its own servers only unless you do it manually yourself.
That is good to know. I at one point thought Pfsense was going to be the OS I stick with, but in the end ended up switching back and staying with Opnsense due to some limitations I ran into and configuration quirks. Have been using Opnsense for quite a while now and not any major issues. I was suspecting and prepared for a possible OS crash due to the hardware I was changing was not only an upgrade, but also a complete platform changes from Intel to AMD, but Opnsense powered right up as and connected everything as though nothing had changed.
 
in that respect, i am working on a little experiment. I have a small i3 NUC lying around here that i am in the process of expanding with an i350-T4 and then installing pfSense on it. The aim is to get the full config of my current pfSense router loaded on the NUC as a plug and play replacement as i want to pull out my supermicro to perform some maintenance, clean the fans, cooler and interior and maybe even change the hardware without my whole network going down. Thinking about either changing the CPU to an E3-1256L v2 or even the whole motherboard by a X10SDV-6C-TLN4F which is currently being offered 2nd hand on a local site. Not sure yet.
 
Both opnsense and pfsense don’t work very well with Realtek gear, especially the newer 2.5Gbit. In my case, pfsense works fine with Realtek 1Gbit butI would avoid using them if I had the chance.
 
Both opnsense and pfsense don’t work very well with Realtek gear, especially the newer 2.5Gbit. In my case, pfsense works fine with Realtek 1Gbit butI would avoid using them if I had the chance.
The current Gen 23.1 and last gen build of Opnsense 22.7 both worked fine with the 2.5G cards. I currently have a Dual 2.5G NIC powered by the RealTek RTL8125 chipset and it is working well without issues and I have owned it since Nov. 2020. With that said, the Intel server grade cards do have more tasks or queues per port, that makes them more efficient under load. I also plan on a couple mini upgrades with getting a Quad 2.5G Intel NIC and Dual 10G Intel NIC along with a multigig 10G switch (once price is right on them) and possibly a POE+ Switch upon purchasing a house.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top