pfSense vs. OPNsense AFA offloading logging, database etc to other hardware

[slackjaw99]

So I'm currently running OPNsense on a no-name micro pc with a J4125 processor which has proven to be anemic afa running any optional applications that are cpu/memory intensive. It runs the core firewall stuff just fine, but there's a lot of analysis I'd like to do to get a good picture of how things like various IoT devices phone home, ways my wife puts our network security at risk, etc and so on. There are a number of reasons I went with O vs P - mostly political/behavioral differences among the core maintainers. But one area where OPNsense absolutely sucks is in terms a how easy it is to set up remote logging and database hosting as there is no reason all that sort of processing must be done on the FW box proper. About the only thing that was easy was offloading dhcp.

I'm upgrading my primary FW box to a used Dell Optiplex next week, and that would be a good time to make a switch to pfSense, but wanted to ask those who use it a lot how easy it is to set up remote logging, database writes, plus other application pieces that can take place on other boxes. ie does the gui have much support for doing that, or is it relatively straightforward by CLI?

 

[coxhaus]

I bought a Dell Optiplex 3020 i3-4130T PC for $75 used. I use it with pfsense. The difference in $75 and $500 is I can use an awful lot of electricity for years before I spend that much.

I also added a Broadcom 10 gig dual port NIC to my Dell 3020 PC which burns a little more electricity. pfsense 23.01 has drivers for it. I think high clock rates are best for pfsense over lots of cores with low clock rates.

I only have 4 gig of ram right now which burns less electricity than higher ram counts.

I started with an Intel dual gig port NIC because pfsense 2.6 CE has drivers and not for my 10 gig NIC. Once I upgraded to 23.01 I changed NICs. The Intel NIC ran real hot for me as it was too close to the power supply and there was no active air flow. My 10 gig NIC has a fan which keeps it cooler in my way of thinking.

I don't think the micros are a good solution with small CPUs for firewalls.

 

[ddaenen1]

I'm upgrading my primary FW box to a used Dell Optiplex next week, and that would be a good time to make a switch to pfSense, but wanted to ask those who use it a lot how easy it is to set up remote logging, database writes, plus other application pieces that can take place on other boxes. ie does the gui have much support for doing that, or is it relatively straightforward by CLI?

I have remote logging set up where i use my Synology as a syslog server. I am sure there are better options but i actually only log system events. Traffic logs i look at on pfsense itself but rarely.

 

[Adooni]

not sure what issue you have with OPNsense and remote logging and db hosting a lot tutorials about it.

As you are using OPNsense now I would try pfSense before removing OPNsense - pfSense have very long time to add new feature or update modules, hand in same operations like LAN bridge, forced to reset router every few weeks and performance dropped, loosing ISP ONT Internet connection etc. I tried 2 times to move to pfSense and will not try 3rd time. You just need to test it for yourself just keep old firmware before you made decision. It could be good idea to set for example proxmox and put both firewall systems as VM and test stability.

I would say that pfSense have better documentation but OPNsense have much better community and it is much easier to get support.

 

[coxhaus]

not sure what issue you have with OPNsense and remote logging and db hosting a lot tutorials about it.

As you are using OPNsense now I would try pfSense before removing OPNsense - pfSense have very long time to add new feature or update modules, hand in same operations like LAN bridge, forced to reset router every few weeks and performance dropped, loosing ISP ONT Internet connection etc. I tried 2 times to move to pfSense and will not try 3rd time. You just need to test it for yourself just keep old firmware before you made decision. It could be good idea to set for example proxmox and put both firewall systems as VM and test stability.

I would say that pfSense have better documentation but OPNsense have much better community and it is much easier to get support.

I think security is key nowadays so being on the latest FreeBSD is more important than being on an older "secure" version that has security issues that have already been fixed in the latest version but not in the older version.

To me, pfsense is beating Opensense because pfsense is on version 14 of FreeBSD whereas Opensense is on version 13 FreeBSD.