Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - spl1fter

Pages: [1]
1
Hardware / Which CPU / Mobo for enthusiast home network
« on: February 09, 2018, 04:40:28 pm »
Hey Guys,

I know these kinds of questions are asked over and over again and I am sorry for bringing it up yet again BUT at this point i have no idea what is going on anymore.

For the last couple of years, building pfsense box came up my mind again and again but it always came down to the question "which CPU / mainboard or hardware configuration do i need". There are so many different possibilities to choose from and meanwhile it feels like I read every hardware recommendation post on these forums and even reddit like twice.

Some information of what i want to do or want to be able to do:
In general I want to build a proper network perimeter firewall, mostly because with the setup i have currently there is always something that seems off. So this project should help me in terms of security but of course for learning as well.
This is gonna be for my home network which is connected to a 400mbits/40mbits cable connection with only a few clients. Full fiber 1gbits/1gbits are more and more common where I live so the system that I build should be able to handle this kind of throughput as well. Based on what I read over and over again it seems to me that when it comes to routing gbits (routing only) it might not even matter and probably all CPU´s that came out in the last decade would be able to handle it. But of course this system wont do routing only.

I definitely want to use packages such as snort, clam-av and squid. (deep packet inspection would be cool but might not even be feasible with more and more sites featuring HTTPS and certificate pinning?)
So i guess it comes down to the packages installed and running and it seems like that the mentioned ones are especially hungry when it comes to hardware (might consider suricata instead of snort because of single/multi threading, maybe you can provide a recommendation on this as well

Up until now i never really felt the need to use VPN connections but of course I might in the future.

Hardware wise it should of course consume as little power as possible and this is why I was really interested in Intel Atom (c2xxxx and c3xxxx) or maybe even xeon d 15xx. So of course the question is which of those platforms would cut it? Id probably go for c3xxxx but with issues for support of these platforms it doesn´t make sense.

So in the end the questions, based on the information above and the listed packages, use cases, which platform would you propose or recommend. At this point I am open for everything, maybe there are chips that will get the job done easily and wont cost like 600 bucks. On the other hand I always love having some air to breath when it comes to hardware, making it just a little more future proof. So the main focus should be "bang for the watt" when it comes to power consumption and budget could be up until 700-800 for the whole system (is it really necessary to spend that much on a router, or rather "security appliance" that protects the assets in my network? ;).

I would really appreciate honest feedback and experience.

Thanks,
spl1fter

Pages: [1]