Netgate SG-1000 microFirewall

Author Topic: Coming back to pfSense, hardware questions  (Read 471 times)

0 Members and 1 Guest are viewing this topic.

Offline Grin

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Coming back to pfSense, hardware questions
« on: December 28, 2017, 11:30:52 am »
I am going to be getting 1gig fiber soon ish. i have a sfp to 1gig rg45 converter already.

i set up pfSense on an older core 2 computer to replace the Unifi usg-3 that i am sure will not be powerful enough.

but i have my doubts it will be able to handle it as well. i like to play with all the things on my home network, so snort, pfblocker, anything i feel i would like to experiment with.

I have been looking at the Qotom's, supermicro, netgate, and i am not sure at all what to buy or build.

I just want to be able to maintain max throughput while still running IDS and/or bandwidth monitoring. there is around 20 devices on my network. 4 to 6 could be using netflix/youtube at the same time.

let me know what else i can provide to narrow down the choices.



Also i am in canada, so i would prefer to order this stuff from basically anywhere in the world except the USA. the import fees and shipping costs from the US have skyrocketed and its way cheaper to order from somewhere like australia or UK.

Offline Grin

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: Coming back to pfSense, hardware questions
« Reply #1 on: December 28, 2017, 12:49:38 pm »
Still reading through this sub forum, i think Qotom-Q355G4 will do the job i need.

any reason to think otherwise?


Offline chpalmer

  • Hero Member
  • *****
  • Posts: 1787
  • Karma: +93/-3
    • View Profile
    • Home of Cablenut
Re: Coming back to pfSense, hardware questions
« Reply #2 on: December 28, 2017, 12:57:12 pm »

Nope.  That seems to be working for allot of people here..   :)

Ive done a few of these now..   AES-NI and small form factor..     You can find them for under $300 new quite regularly.

https://www.ebay.com/sch/i.html?_from=R40&_trksid=p2047675.m570.l1313.TR1.TRC0.A0.H0.XHP+t730.TRS0&_nkw=HP+t730&_sacat=0

https://www.amazon.com/gp/product/B003TLAUPC/ref=od_aui_detailpages00?ie=UTF8&psc=1
P.S. statements made by me are not necessarily condoned by the management of this fine organization.  http://badmodems.com

Offline johnkeates

  • Hero Member
  • *****
  • Posts: 752
  • Karma: +58/-1
    • View Profile
Re: Coming back to pfSense, hardware questions
« Reply #3 on: December 29, 2017, 04:55:38 pm »
The Q355G4 is fine. If it turns out your IDS/IPS stuff is taxing the CPU too much, check to see if you have the rules and engines configured correctly. Most of the time, you won't  need to scan Netflix traffic etc. It's the nonstandard stuff you want to know about, not the well known data slurpers.

Something else to keep in mind, if you use a load of rules, you'll need more RAM, and if you log a lot, get a disk that can handle it (i.e. not a tiny SSD).

Offline newabc

  • Jr. Member
  • **
  • Posts: 32
  • Karma: +0/-0
    • View Profile
Re: Coming back to pfSense, hardware questions
« Reply #4 on: December 29, 2017, 11:26:18 pm »
If you want more RAM for IDS/IPS usage, try MiniSys i3-7100u in aliexpress. It has 2 so-dimm DDR4 slots, maximum 32gb.
My Qotom Q355G4 has only 1 DDR3 slot and maximum 8gb.

Offline Grin

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: Coming back to pfSense, hardware questions
« Reply #5 on: December 30, 2017, 08:19:34 pm »
Thanks for the reply's, i did order a bare bones q355g4.

i do like to tinker, so my plan right now is 8gig ram, 128 msata ssd. Esxi 6.5 with pfsense, sophos utm 9 and sophos xg.

i of coarse will only run one at any time, it is just a quick way to play with what ever i feel like.

if it doesn't work out i will find a use for it and look into a more custom mini.