Recommendations for discrete Gw/Fw etc. Router

[jalyst]

Well it took me bloody long enough, but I'm about to setup pfsense on this...

I was going to run it atop a bare-metal hypervisor etc. But knowing me, carefully researching all of that & being 100% happy with my short-listed contenders, will be consuming enough in itself!*

Plus, I have a NAS/Home-server build I'm putting the finishing touches on soon too, so it makes more sense to play with that kind of stuff on it! And thus keep this build more narrowly focused/"appliance like", at least for now.

Can anyone point to some excellent resources out there for pfsense on this hw?
Aside from the obvious/well-known ones that I've already noted, ofc.
I'll detail all of the hw tommorrow, if the older posts here are a bit outdated.

It's a build thread! Making a start tomm (Fri 3rd Jan AustEDST).

Good night
*& I'm way too busy nowadays w.a new job/career path

 

[ddaenen1]

Well it took me bloody long enough, but I'm about to setup pfsense on this...

I was going to run it atop a bare-metal hypervisor etc. But knowing me, carefully researching all of that & being 100% happy with my short-listed contenders, will be consuming enough in itself!*

Plus, I have a NAS/Home-server build I'm putting the finishing touches on soon too, so it makes more sense to play with that kind of stuff on it! And thus keep this build more narrowly focused/"appliance like", at least for now.

Can anyone point to some excellent resources out there for pfsense on this hw?
Aside from the obvious/well-known ones that I've already noted, ofc.
I'll detail all of the hw tommorrow, if the older posts here are a bit outdated.

It's a build thread! Making a start tomm (Fri 3rd Jan AustEDST).

Good night
*& I'm way too busy nowadays w.a new job/career path

So did you post this in a separate thread? I am very anxious to learn about your experience with pfsense. I myself am thinking of replacing my Mikrotik RB3011 with a supermicro server running pfsense.

 

[jalyst]

No, bloody life, again. I won't make any promises or set any timeline. But I hope to get this all finished soon, when I do, I'll check-in here.

Rgds,
J
130am must sleep!

 

[Trip]

Interesting that this is a 4 1/2 year old thread and you're still on your quest. Godspeed!

 

[jalyst]

Yeah, quite awkward/embarrassing, to my defence, a truckload has been going on in that time. The holy grail shall be mine.

 

[ddaenen1]

No, bloody life, again. I won't make any promises or set any timeline. But I hope to get this all finished soon, when I do, I'll check-in here.

Rgds,
J
130am must sleep!

Well, i couldn't wait and installed pfsense today on an old Supermicro server with Xeon X5420 and 4GB RAM that is collecting dust in my basement. I haven't spent much time other than checking if it was working and that seemed fine. On Friday my plan is to get the basic setup, firewall and stuff configured and do some throughput testing. Will keep you posted.

 

[ddaenen1]

Well, i couldn't wait and installed pfsense today on an old Supermicro server with Xeon X5420 and 4GB RAM that is collecting dust in my basement. I haven't spent much time other than checking if it was working and that seemed fine. On Friday my plan is to get the basic setup, firewall and stuff configured and do some throughput testing. Will keep you posted.

In the mean time, i spent some more time on pfsense. Initially, i wasn't very impressed but having played around with it a little in the meantime, i must say performance is impressive, even on old hardware such as the Xeon E5420 with 4Gb RAM.

 

[jalyst]

Had a massive data loss issue from last Fri night, fun times, luxuries like this had to be delayed, yet again, but thanks for sharing your progression, tuning in when I can!

 

[Val D.]

i must say performance is impressive, even on old hardware such as the Xeon E5420 with 4Gb RAM

The only problem with that old hardware is the power consumption. Otherwise it's actually faster than quite a few current Netgate appliances up to $1000 price point.

I'm running pfSense on a modified HP Elite 8300 Ultra Small Desktop PC. Managed to add a second Gigabit NIC to it using the Mini PCIe slot inside, originally intended for a WiFi adapter. Had to remove the DVD and place the SSD on a caddy in order to fit everything in the limited space available. A Dremel tool helped to modify the NIC bracket and to make a nice cut at the back to accommodate the connector. The final product looks like it always had 2 x NICs, really clean. The CPU is a quad-core i5-3570 up to 3.8GHz boost with AES-NI support, the RAM is 2 x 4GB Kingston DDR3 SO-DIMM modules. This small DIY appliance is a killer. With PowerD Adaptive the CPU runs most of the time at 1.6GHz and the power consumption is ~40W as per my UPS.

 

[ddaenen1]

The only problem with that old hardware is the power consumption. Otherwise it's actually faster than quite a few current Netgate appliances up to $1000 price point.

I'm running pfSense on a modified HP Elite 8300 Ultra Small Desktop PC. Managed to add a second Gigabit NIC to it using the Mini PCIe slot inside, originally intended for a WiFi adapter. Had to remove the DVD and place the SSD on a caddy in order to fit everything in the limited space available. A Dremel tool helped to modify the NIC bracket and to make a nice cut at the back to accommodate the connector. The final product looks like it always had 2 x NICs, really clean. The CPU is a quad-core i5-3570 up to 3.8GHz boost with AES-NI support, the RAM is 2 x 4GB Kingston DDR3 SO-DIMM modules. This small DIY appliance is a killer. With PowerD Adaptive the CPU runs most of the time at 1.6GHz and the power consumption is ~40W as per my UPS.

So how would you rate reliability of pfsense? There are currently 2 things that are withholding me from replacing the Mikrotik by pfsense:

1. my supermicro servers have their UTP connections on the back which is impractical but not a job stopper.
2. Mikrotik RouterOS is rock-solid. The only time i touch it is when an update needs to be installed.

Are there, in your experience other advantages of pfsense?

 

[Val D.]

So how would you rate reliability of pfsense?

Reliability depends entirely on your hardware. The software is rock solid, can go forever without restart.

 

[coxhaus]

It was not my cup of tea but I agree pfsense was rock solid when I ran it. It was only when the updates came out did you have to work on it.

 

[ddaenen1]

It was not my cup of tea but I agree pfsense was rock solid when I ran it. It was only when the updates came out did you have to work on it.

Why wasn't it your cup of tea?

 

[coxhaus]

Why wasn't it your cup of tea?

I like running a layer 3 switch and I don't think pfsense works well with a layer 3 switch. It will work. It is just pfsense is built to control the whole network which works fine at home but not with large networks.

Plus their updates are rough. It takes a lot of work and you never know when it will break something.

 

[Val D.]

It is just pfsense is built to control the whole network which works fine at home but not with large networks.

This is really an interesting description of one of the most popular enterprise class firewalls, backed up by commercial hardware and support from Netgate. How large is your network?

 

[coxhaus]

This is really an interesting description of one of the most popular enterprise class firewalls, backed up by commercial hardware and support from Netgate. How large is your network?

This is just my opinion and I was directly asked. To me pfsense wants to be in charge and in a large network it is a division of duties. In a large network there are many L3 switches and routers. No one device is in charge.

If you compare pfsense to Untangle I think you will come to the same conclusion. I have run both for over a year. I run neither now. To me I think Untangle is built to run in a large environment but not pfsense. At home it probably does not matter. This is my opinion and do what you want. I spent many years working on 2 big networks. One was 7000 desktops and the other was 4000 desktops. This is not counting mobile phones, iPads, or etc. Where you draw the line in the sand for a large network I am not sure.

There is a thread where I setup pfsense to run with my layer 3 switch on pfsense's forum probably under installing. I was using the same username as here.

 

[Val D.]

At home it probably does not matter.

Exactly...
I would suggest @ddaenen1 two things:

1. Try pfSense, OPNsense, Sophos, Untangle, etc. and decide which one covers personal expectations better
2. Avoid advice from people who worked for many years on 2 networks, probably before iPad was invented

If you plan to use lots of VLANs with heavy traffic between them, look at L3 options. Otherwise you'll loose partially pfSense capabilities. I would still route VLANs through pfSense, even if hardware upgrade is needed and 10Gb NICs. If my home network grows to some form of data center over time with >1000 devices, then I may think about other options.

 

[coxhaus]

If you plan to use lots of VLANs with heavy traffic between them, look at L3 options. Otherwise you'll loose partially pfSense capabilities. I would still route VLANs through pfSense, even if hardware upgrade is needed and 10Gb NICs. If my home network grows to some form of data center over time with >1000 devices, then I may think about other options.

Another pfsense point for me. pfsense should not need to control all VLANs nor have to route all VLANs, bad form. This relates to I don't like the way pfsense handles L3 switches. I think pfsense should be a boarder router controlling the internet gateway not the local network.

 

[Val D.]

I think pfsense should be

It can be many things, depending on configuration. It's security works better when controlling everything. And this is what I personally like in a home network. I'm pretty sure you don't have Gb traffic between VLANs and you don't really need an L3 switch. The probable reason you are using one is because the 2 networks you have worked on for many years were setup this way. The difference is they had thousands of active clients, you probably have up to 10. With your L3 switch you basically solved a non-existing problem and created a bunch of other problems. I know, the satisfaction of multiple blinking lights is there.

 

[coxhaus]

It is true. I know what I know.

If you want the best security I don't think pfsense is better than Untangle. Running pfsense at home should work fine as I stated above.

So what problems do you think I created with my L3 switch? None come to my mind.