pfSense English Support > Hardware

Which CPU / Mobo for enthusiast home network

(1/3) > >>

Hey Guys,

I know these kinds of questions are asked over and over again and I am sorry for bringing it up yet again BUT at this point i have no idea what is going on anymore.

For the last couple of years, building pfsense box came up my mind again and again but it always came down to the question "which CPU / mainboard or hardware configuration do i need". There are so many different possibilities to choose from and meanwhile it feels like I read every hardware recommendation post on these forums and even reddit like twice.

Some information of what i want to do or want to be able to do:
In general I want to build a proper network perimeter firewall, mostly because with the setup i have currently there is always something that seems off. So this project should help me in terms of security but of course for learning as well.
This is gonna be for my home network which is connected to a 400mbits/40mbits cable connection with only a few clients. Full fiber 1gbits/1gbits are more and more common where I live so the system that I build should be able to handle this kind of throughput as well. Based on what I read over and over again it seems to me that when it comes to routing gbits (routing only) it might not even matter and probably all CPU´s that came out in the last decade would be able to handle it. But of course this system wont do routing only.

I definitely want to use packages such as snort, clam-av and squid. (deep packet inspection would be cool but might not even be feasible with more and more sites featuring HTTPS and certificate pinning?)
So i guess it comes down to the packages installed and running and it seems like that the mentioned ones are especially hungry when it comes to hardware (might consider suricata instead of snort because of single/multi threading, maybe you can provide a recommendation on this as well

Up until now i never really felt the need to use VPN connections but of course I might in the future.

Hardware wise it should of course consume as little power as possible and this is why I was really interested in Intel Atom (c2xxxx and c3xxxx) or maybe even xeon d 15xx. So of course the question is which of those platforms would cut it? Id probably go for c3xxxx but with issues for support of these platforms it doesn´t make sense.

So in the end the questions, based on the information above and the listed packages, use cases, which platform would you propose or recommend. At this point I am open for everything, maybe there are chips that will get the job done easily and wont cost like 600 bucks. On the other hand I always love having some air to breath when it comes to hardware, making it just a little more future proof. So the main focus should be "bang for the watt" when it comes to power consumption and budget could be up until 700-800 for the whole system (is it really necessary to spend that much on a router, or rather "security appliance" that protects the assets in my network? ;).

I would really appreciate honest feedback and experience.


Do u have a generic old PC sitting around that u can load Pfsense and play with? That way (1)U know what you want loaded, (2)Then u have a base line whether u need more cpu power/ram/storage.

I used an old PentiumIII single core, PassMark 500, 55 watt, as my play box, and after a couple of months playing with it, I knew what my target was then moved to a dedicated 10 watt box Atom E3845 PassMark 1500.

Gigabit speed am thinking an i3 cpu to be perfectly comfy, in a dedicated box <20 watts.

Well when it comes to "spare" parts i only have my old desktop pc which is running on the  LGA1155 platform and features a i7-2600k so not the best solution when it comes to low power consumption :)
Another option would be to run it within a VM but this would serve testing and "playing around" needs. So in the end I would need to get dedicated hardware.

And have you even looked at the offerings from netgate and get an official appliance?  The SG-3100 prob be a nice fit.. And they are coming out with some new stuff. 

When I went away from running on my VM, went with the sg-4860 and call tell you does everything I want without breaking a sweat..   And uses nothing for power..

You have made no comment to budget...  When you compare up the bost of building your own or buying some china box..  How much are saving?  If any.. And buying an appliance gets you gold, you are supporting the product your using to keep them going and new stuff. And you can be sure its going to work flawless, etc.

Yes i check the offers and they seem great but to me, prices seemed to be bit high for what you get. The sg-4860 you mentioned features the C2558.
Does it still make sense to buy the c2xxx chips in 2018 especially if you had to compare it to the c3xxx (which is not fully supported yet..) and the xeon d-5xxx?
Working as a system engineer i love to build stuff and tinker with it ;) So the question is not only if you save or spend more money if you DYI but would you get newer hardware that is maybe in the same range and has more power.
Do you have any details regarding new stuff coming to the market and when?

Budget wise it should be well within 400 - 600 bucks (there is some wiggle room of course).


[0] Message Index

[#] Next page

Go to full version