Recommendations for discrete Gw/Fw etc. Router

[Val D.]

So what problems do you think I created with my L3 switch? None come to my mind.

Unnecessarily complicated design for a home network with specific networking knowledge requirements for setup, support and eventual modifications; split security between multiple devices; split control and monitoring; much higher initial cost; taking up more space; consuming more electricity. It's like going for a morning coffee to Starbucks with a tractor trailer, just in case, like you never know how big that coffee is going to be.

 

[coxhaus]

Unnecessarily complicated design for a home network with specific networking knowledge requirements for setup, support and eventual modifications; split security between multiple devices; split control and monitoring; much higher initial cost; taking up more space; consuming more electricity. It's like going for a morning coffee to Starbucks with a tractor trailer, just in case, like you never know how big that coffee is going to be.

LOL. no problems.

 

[ddaenen1]

Exactly...
I would suggest @ddaenen1 two things:

1. Try pfSense, OPNsense, Sophos, Untangle, etc. and decide which one covers personal expectations better
2. Avoid advice from people who worked for many years on 2 networks, probably before iPad was invented

Things have evolved since then. Got myself a Dell R210 server with a Xeon X3430, 2 x 100GB SSD's and only today, 16GB ECC RAM, all of that, for roughly 150 USD. I found another sigificant reason to drop my Mikrotik and move over to pfsense and that is the ability to set up a reverse proxy with HAproxy and letsencrypt. I have recenty set up my own Nextcloud on a Freenas server but that doesn't support SSL out of the box so i need another solution to have secure access to the cloud from outside of my LAN. There are some guides but setting this up in Freenas is a big hassle. I have looked at Mikrotiks capability to take care of this but unfortunately, nothing came up. Pfsense on the other hand, can take care of that easily.

If you plan to use lots of VLANs with heavy traffic between them, look at L3 options. Otherwise you'll loose partially pfSense capabilities. I would still route VLANs through pfSense, even if hardware upgrade is needed and 10Gb NICs. If my home network grows to some form of data center over time with >1000 devices, then I may think about other options.

I am actually planning for 2 VLAN's in the near future. One connecting the LAN as it does now and one to set up a guest wifi network. I guess when you say "many VLAN's", 2 or 3 is not really what you are referring to, correct?

 

[Val D.]

Got myself a Dell R210 server with a Xeon X3430, 2 x 100GB SSD's and only today, 16GB ECC RAM, all of that, for roughly 150 USD.

This is a killer hardware for pfSense, power sucker old school tech.

Expect about 70W power consumption on idle and possibly higher noise/dust accumulation. I had 240GB Kingston SSD in my box, but replaced it with unused 160GB WD Black HDD for the following reasons - 1. I don't run caching proxy, only OS, installed packages and logs are stored on on the drive; 2. Found a better use for the SSD in a laptop. From 8GB available in my box the system uses about 3GB running pfBlockerNG and Suricata with "wife safe" settings, your 16GB should be plenty until year 2050, I guess. You shouldn't have issues processing Gigabit traffic with this beast, no matter what you torture it with. The maximum throughput is limited by the NICs actually. Same in my setup.

I am actually planning for 2 VLAN's in the near future.

L3 switch does routing and helps with heavy traffic between VLANs, doesn't matter how many they are. The more VLANs with high traffic, the more benefits. If your combined traffic doesn't saturate Gb trunk though, you should be fine with your pfSense doing the routing. If you can get an L3 switch for $150 though, definitely go for it. The setup @coxhaus is using is by the book. To invest in something like this for home use doesn't make much sense, but if you can get off-lease equipment for peanuts - why not? Share experience with @coxhaus though, if you go this way with L3 and pfSense. I just know some things, he is the pro.

 

[ddaenen1]

This is a killer hardware for pfSense, power sucker old school tech.

Expect about 70W power consumption on idle and possibly higher noise/dust accumulation. I had 240GB Kingston SSD in my box, but replaced it with unused 160GB WD Black HDD for the following reasons - 1. I don't run caching proxy, only OS, installed packages and logs are stored on on the drive; 2. Found a better use for the SSD in a laptop. From 8GB available in my box the system uses about 3GB running pfBlockerNG and Suricata with "wife safe" settings, your 16GB should be plenty until year 2050, I guess. You shouldn't have issues processing Gigabit traffic with this beast, no matter what you torture it with. The maximum throughput is limited by the NICs actually. Same in my setup.

Well, since this is a core element in my home network, it has to be rock-solid. I will install pfsense in ZFS mirror on the two 100 GB SSD's. Currently, it needs to be able to process 1Gbps as this is my ISP subscription but as i wanted it to be a bit future proof and i would still be able to add 10Gbe NIC's later if required. Since it will be in my server rack in the basement utility room, no issues with noise nor dust. As for power, i don't mind too much as we have about 7200 Wp photovoltaic solar panels on the roof generating about 6.5 MWh per annum

 

[ddaenen1]

Well, since this is a core element in my home network, it has to be rock-solid. I will install pfsense in ZFS mirror on the two 100 GB SSD's. Currently, it needs to be able to process 1Gbps as this is my ISP subscription but as i wanted it to be a bit future proof and i would still be able to add 10Gbe NIC's later if required. Since it will be in my server rack in the basement utility room, no issues with noise nor dust. As for power, i don't mind too much as we have about 7200 Wp photovoltaic solar panels on the roof generating about 6.5 MWh per annum

The pfsense router went online today! very little to no nuisance. Everything is running fine and i instantly have noticed some thing are faster. Plex for example is way faster and responsiveness in general. Speedtest is on par. I have set up ACME and generated my own let's encrypt cert an over the weekend going to set up HAproxy as a reverse proxy. All of that to enable my to access my nextcloud externally. For the rest everything swell.

 

[Val D.]

The pfsense router went online today!

Yes, I see the power disruption in my UPS log...

 

[ddaenen1]

Yes, I see the power disruption in my UPS log...

Another advantage of pfsense, you can install apcupsd for a graceful shutdown in case of power disruption.

 

[Val D.]

Another advantage of pfsense, you can install apcupsd

Yes, I have that running too.