Looking for (wired) router/firewall recommendation

I think you're just glorifying the reality here really... Longetivity based on what? Irregardless of what you get I'm sure you wouldn't find a 5y old PC/Router/Whatever as reliable as new hardware. Most consider PCs and such to have reached their lifetime after just 3 years. If I said that pfsense would run on lets say the EdgeRouter Lite would you consider that compared to a PC? Many of your x86 platforms are just power hogs and doesn't outperform MIPS or ARM SoCs these days, they're just clinging onto old experiences from 6+ years ago.
Click to expand...

Again you are making assumptions that are not true and strictly relative to yourself. Your rebuttal of using old hardware is asinine and was never the point. As I stated in a previous post the hardware I selected proved your thermal and electric statement to be untrue and incorrect-multiple times.

The option for an individual to to use a system is all fine if so desired by them for whatever means. But the concept of your idea of usefulness is easily again disproved and relative. But again I will mention my experience. I spent a few hundred dollars, the same for a simple over the counter router now these days, and have a more capable router. That I can later turn into a small system for a guest room, HTPC, whatever. Longevity it seems to have, but that's relative to me

Many is a generalization as I said before. My AMD A4-5000 is low wattage (15w). Interesting that its power draw can equal a ARMv7 router, but far-far more powerful and capable, upgradable options, etc.

ARM and MIPS are not great performers, they are more of convenient performers. Good thermal qualities (usually) and acceptable performance in comparison, but do not equal to the ability of x86. If that were to be the case we would obviously be seeing a different eco-system. Which has happened to a degree because particular processing does not require more "umph." It just needs to serve. Therefore you have Xeon-D and Atom C2000 family. Even AMD's Opteron A1100, does not beat the C2758-AMD admitted it. BTW, The A1100 draws 32W and the C2758 is 22W.
 
Whatever your using to measure it's off, the SoC is rated 15W a full system for sure doesn't draw that from your power outlet.
http://benchmarks-tests.com/reviews/processors/amd_a4-5300_review/power_consumption/
http://www.kitguru.net/components/graphic-cards/ian-stevenson/amd-a4-3400-apu-review/19/
That looks very resonable however that's an additional video card.
Hell, even a NUC doesn't do what you're claiming...
http://www.bit-tech.net/hardware/cpus/2013/12/12/intel-nuc-d54250wyk-d54250wyb-review/5
//Danne
 
Last edited:
That was not a measure that is TDP. I said my draw can equal a ARMv7 router. I previous stated that the pfSense system and my R7000 equals running a light bulb.

For me, all peripherals are disabled; sound, secondary AHCI controller, etc. Just an Intel i350-T2 is installed. The integral Ethernet, and mini-PCIe are not used at the moment. System is fanless, and an SSD for storage. So it is not much wattage. I do not notice a difference at all in power bill, and I am very conservative about that.

Measurements from websites will be a system default and a bit skewed to compare what I'm using (http://www.asrock.com/mb/AMD/QC5000-ITXPH/). However, from Tom's web page article, a low wattage was measured: http://www.tomshardware.com/reviews/kabini-a4-5000-review,3518-13.html
 
diizzy said:
Whatever your using to measure it's off, the SoC is rated 15W a full system for sure doesn't draw that from your power outlet.
http://benchmarks-tests.com/reviews/processors/amd_a4-5300_review/power_consumption/
http://www.kitguru.net/components/graphic-cards/ian-stevenson/amd-a4-3400-apu-review/19/
That looks very resonable however that's an additional video card.
Hell, even a NUC doesn't do what you're claiming...
http://www.bit-tech.net/hardware/cpus/2013/12/12/intel-nuc-d54250wyk-d54250wyb-review/5
//Danne
Click to expand...


you took the wrong review :p

I hava itx a4-5000, maximum total powercounsumption is 20W max from power outlet!!! with 1 SM blower fan, 2X40mm fans, + dual nic i340, and 80G intel ssd sata 3, and 2 sticks of 4G DDR3L.

the system is running proxmox and running Virtualized router , and 1 VM running vpnclient, and 1 VM for housekeeping (such as DDNS and other minor tasks)


your review is utilizing a4-500 GPU in total.

in headless system, GPU is useless since only boot on textmode only.

bought last year for $36. pretty fast compare my prv j1800 since A4-5000 has hardware AES-IN (used for openvpn on virt router/firewall, and virt openvpn client)

baytrail d is 5w less than A4-5000.
 
Shikami said:
That was not a measure that is TDP. I said my draw can equal a ARMv7 router. I previous stated that the pfSense system and my R7000 equals running a light bulb.

For me, all peripherals are disabled; sound, secondary AHCI controller, etc. Just an Intel i350-T2 is installed. The integral Ethernet, and mini-PCIe are not used at the moment. System is fanless, and an SSD for storage. So it is not much wattage. I do not notice a difference at all in power bill, and I am very conservative about that.

Measurements from websites will be a system default and a bit skewed to compare what I'm using (http://www.asrock.com/mb/AMD/QC5000-ITXPH/). However, from Tom's web page article, a low wattage was measured: http://www.tomshardware.com/reviews/kabini-a4-5000-review,3518-13.html
Click to expand...

x86 or Risc low power is getting in the same point as today..
intel braswell N series low power, is very amazing, but pricey compared with A4-500 mini-itx :) .

on my exp:
you do not need to disable everything since disabling is not turning off the un-needed hardware in motherboard. just make KIS (keep it simple)...

I am satisfied with a4-500 performance as "mini" baremetal :).... 16W-20W (max). for baremetal running virt router/firewall and extra 2 VMs...

have fun!...
 
I disabled the peripherals because it is power consumption, but also just completely unnecessary for pfSense. I am very satisfied with my build also.
 
After a certain point you can't be too miserly about power, my router is an E3-1245v2 (aka ivy i7) and runs a busy OpenVPN link over fiber 24/7
 
While I seriously doubt your claims about the AMD A4 since no one seems to have gotten your numers using a non laptop as far as I can tell but oh well...

@ Aluminum
I run OpenVPN on my MIPS boxes to an external backup source without issues, in these cases the connection is what's limiting the speed rather than the boxes themselves. But yeah, you need an i3 or better if you want to push 50+ reliably using OpenVPN.
 
doubt is OK
I can posted watt-meter consumption too .. and internal guts...

I had doubt on A4 before...
I picked j1800 due on $35 price mini itx, and alas... AES was needed later.. and seems j1800 dual core was handling very good.

I picked again with A4-5000. and satisfied with that. 5W more.. but A4-5000 mini-itx $36.

tested and tracked down power consumption, 20W max...
my previous assumption ~ 30W was wrong...

if you have doubt, try for yourself!!

I am in RISC and Intel world for making $$$ at work.

I am waiting AMD RISC motherboard that seems goes to nowhere. that has pci-e lanes many enough.

you should now, RISC and X86 low power processor is getting neck to neck.
the issue on RISC is expansion is limited especially pci-e lanes with need additional extra chipset to support. Plus more power consumption
 
Aluminum said:
After a certain point you can't be too miserly about power, my router is an E3-1245v2 (aka ivy i7) and runs a busy OpenVPN link over fiber 24/7
Click to expand...

totally true!!!!

e3 is good,
the issue on openvpn is single thread... not multithread..
 
Shikami said:
I disabled the peripherals because it is power consumption, but also just completely unnecessary for pfSense. I am very satisfied with my build also.
Click to expand...

well, this is up to you..

in reality, hardware can not be disabled, the BIOS only blocks hardware functionality, the hardware still consume the same power.

for blocking unnecessary functinalities, that make sense in real world.
 
diizzy said:
Nowdays I'd personally look at the Turris Omnia
Click to expand...

Wait. SERIOUSLY?

You're going to recommend an unfinished, UNSHIPPED Indiegogo project router?

:rolleyes:

I'm not saying the Ubiquiti routers are necessarily a good choice. But they're a good, vigorous step up from something that's still nodding acquaintances with the Phantom Console in Vaporware-land.
 
diizzy said:
Turris Omnia: On the contrary people do know what to expect, please read their compaign and about the Turris project before making claims that aren't true.
Click to expand...

Like what? That it isn't available yet?
That all we've really got so far are promises?

What parts of these are untrue? Elaborate.

His advice about giving it a year to see how the initial roll-out, and follow-up are handled (unless one likes playing guinea pig) is actually pretty good.
 
diizzy said:
Actually you seem to have skipped quite a bit that they've had the Turris project running for years and already been providing the service they're promising for free. :)

net5501 --> Hello 96, and VIA ethernet on top of that (you can find much better platforms in that regard).
net6501 --> Better, but you can still do better and performance is well not that great.
Click to expand...

The point is, the Turris Omnia router is not a shipped project.

Hit 1:29 in the video "Okay, we only have the prototype for now."
 
Wow! Way to avoid what's actually being said.

Sure. The Turris project has been around a while.
Sure. They currently have two shipping routers.

However you keep avoiding the following fact.

The Turris Omnia Router is currently vaporware.
(Emphasis for your convenience.)

The Turris Omnia is neither their 1.0 or 1.1 router.

So please, turn down the fanboy.
 
Agree with Chas 100%. Use something with at least some track record. For $400 you will be limited on the Sonicwall front (I don't recommend the SOHO devices currently). If you had a slightly larger budget, I would recommend the Sonicwall route. To be honest, a Netgear Nighthawk with the wireless disabled (if you don't need it) would do what you are asking. The next best within your budget would likely be the Ubiquiti or pfSense. They will give you the basic necessities that you are looking for, with a decent UI.

Personally, I won't touch Mikrotik or Watchguard with a 10' pole.

This doesn't sound like it's for business, or I would suggest a bigger budget.
 
boss6021 said:
Agree with Chas 100%. Use something with at least some track record. For $400 you will be limited on the Sonicwall front (I don't recommend the SOHO devices currently). If you had a slightly larger budget, I would recommend the Sonicwall route. To be honest, a Netgear Nighthawk with the wireless disabled (if you don't need it) would do what you are asking. The next best within your budget would likely be the Ubiquiti or pfSense. They will give you the basic necessities that you are looking for, with a decent UI.

Personally, I won't touch Mikrotik or Watchguard with a 10' pole.

This doesn't sound like it's for business, or I would suggest a bigger budget.
Click to expand...

In fact I was just looking at the SonicWall SOHO model. Or how about a Zyxel USG40?
 
They have released a beta firmware that corrects most of the issues I have with the SOHO line, so just be aware if you do get one, to update it before testing. If you do end up using one, I would be more than happy to help you with any questions you may have. I don't work for Dell, but I am Sonicwall certified.
 
diizzy said:
Not so sure about the vaporware, they did get another prototype just a few hours ago.
https://www.indiegogo.com/projects/turris-omnia-hi-performance-open-source-router#/updates

Oh well, they've been doing quite a talks about this project and been invited by vary large conferences it's not some hacking in someones backyard.

https://www.youtube.com/watch?v=UHCfVC01HR0 (just google, you can find a lot more)
Click to expand...

Christ on a crutch son! :rolleyes:

The

Product

Has

Not

Shipped


Nobody

Owns

One

Yet



Talk is cheap. Until the product ships, it's vaporware.

Until the product is in multiple independent hands, and has some testing done, recommending it is irresponsible at best, with "flat-out-stupid" being a better description.

It's like someone asking about buying a sport utility vehicle in the next 30 days, and you're recommending they go out and buy a Grand Cherokee Hellcat, which won't be out for at least another year!

HELLO?

CLUE?
 
I think you've missed the point with kickstarters/indiegogo since they managed to raise almost 1 million. I agree that some campaigns are more questionable than others but this one is a very low-risk one. This is pretty much exactly what he's asking for and they are very qualified to pull this off.

I was one of the original backers of the WiTi board which was a much more questionable campain but the groundwork was already there and it turned out just fine. Hell, they're even going for a version 2. :)

That said, I honestly feel sorry for you having such a distrust to people.
 
diizzy said:
I think you've missed the point with kickstarters/indiegogo since they managed to raise almost 1 million. I agree that some campaigns are more questionable than others but this one is a very low-risk one. This is pretty much exactly what he's asking for and they are very qualified to pull this off.

I was one of the original backers of the WiTi board which was a much more questionable campain but the groundwork was already there and it turned out just fine. Hell, they're even going for a version 2. :)

That said, I honestly feel sorry for you having such a distrust to people.
Click to expand...

Are you kidding me??? How many companies that over promise, and under deliver does it take to want solid evidence that something works as intended? If you support/design these kinds of solutions for customers, I feel sorry for them.

I have watched you troll almost every thread regarding Ubiquiti (which is 100% better at this point due to physical availability), and come in here to suggest using a product that has yet to become available. Then talk about not trusting people as a whole based on this half assed suggestion that wasn't received with the same unrealistic enthusiasm. Some nerve!
 
diizzy said:
I think you've missed the point with kickstarters/indiegogo since they managed to raise almost 1 million.
Click to expand...

Yeah? AND? There's been crowdfunding failures every bit as big as this (if not bigger).

Sure, the chances are somewhat lower. But that doesn't mean they're not there.

Seriously, look at Ouya. They raised EIGHT MILLION PLUS!
Look at the aforementioned Phantom console. They burned through more than SIXTY TWO MILLION in private funding.

Yet Ouya's basically crashed and burned.
And Phantom never existed outside of a bunch of display shells.

Hell, look in the game space. How many game projects at EA have burned through millions of dollars, only to ship half-working or get kiboshed before release?

Again, until it ships, it's vaporware.

And until it's in independent hands and tested, recommending it as an option against other proven solutions is irresponsible at best.

That said, I honestly feel sorry for you having such a distrust to people.
Click to expand...

Don't. I'm a realist. And, on the off chance that I happen to call something wrong, I'm always pleasantly surprised.
 
@ boss6021
Didn't follow the Ouya but given their starting point I'd say that you were promised a lot more than what large manufacturers didn't even fix at the time (that would set of the alarm in my case) but oh well. This isn't something overly complicated, the platform (SoC) is already ported to OpenWRT (WR1900acs etc) so they don't really need to spend any time of writing drivers and such in general. I fail to see the point were the software is an issue in general, all the written software is portable and available (Github) for the Turris project. Sure it'll need a few adjustments but nothing major. No one ever said that is was a business solution except you.

I'd love to see your actual claims, there are issues with the ERL, hell... people even wrote scripts to format and rewrite the USB flash for this very reason. The first batches had horrible QA, interestingly my boxes (two) didn't suffer from dodgy memory. Hardware acceleration only works with basic functions. The ERX is fine for what it is but limited compared to other hardware that uses the same SoC in the same price rage. As far as security concerns goes, feel free to link where they openly document updates as I didn't find any such page.

I didn't know that suggesting something upcomming was taboo, in fact I see it all the time over at the hardware forums. Go there and write your heart out :)

@ Chas
I honestly think you need to consider the scope of the projects in that regard, creating a game console out of nothing is very hard. Many renowned companies have failed and I would highly doubt a fundraiser would help a handful of people doing that unless they're former staff or similar in the same industry.

One kickstarter that I'm a bit sad about even though I actually never funded it is the plugaway kickstarter which seemed like a very nice idea.

There are however ones that are very successful, such as Little Witch Academia by Studio Trigger is one that I can think of (if I only managed to back it time :-/ ) .

This is going to be an interesting one :)
https://www.kickstarter.com/projects/ysnet/shenmue-3

Anyhow, I guess time will show. In the meantime some interesting stats...
http://www.cnbc.com/2015/12/10/9-percent-kickstarter-projects-fail-to-deliver.html
 
Last edited:
You keep repeating two limited impact (some usb failure) or mostly resolved (hardware accel) issues on the edgerouters. Frankly i dont think they are the end all be all, but stop spreading FUD.

The facts are this. The edgerouters are faster than most users will ever need. Support plenty of features including many found only on much more expensive routers, and have rock solid uptime. I have clients on over a year of uptime already.

Saying an unrelased router is better is just dumb. Its not better today or tomorrow or next week because I cannot even get one in my hands yet. Not to mention the testing pool is limited and there is no reason you have stated it is better than other solid released hardware.

This reminds me of benchmark or speedtest wars. Try real world use on more than one or two samples, thats how you really learn what is good or not and reliable or not.
 
What bugs me the most is the flawed arguments that people here use and doesn't mention drawbacks, ERL does Gigabit under some limited scenarios however I think it's fair to point out that it does have limitations (which makes it more than 50% slower) and other "good things to know". I'm also getting really tired on the incorrect claim that it's more or less the only router than can have good uptime. Here's a "lowly" TP-Link that runs does, openvpn, ntp and a few other things as an example.

Code: 
TP-Link TL-WDR3600
Uptime: 257d 0h 18m 29s
OpenWrt Chaos Calmer r45385 / LuCI (git-15.100.60956-5ef2946)

And yes, none of these boxes should actually have these kinds of uptime as all have security issues that should be addressed promptly. The claim that it's UBNT is enterprise hardware in general (not the software) compared to anything else in the 100$ segment is well uhm... unfounded at best. They use pretty much the same components as many other routers out there. They do have pretty good software depending product type, obviously some disagree that EdgeOS is the next best thing since sliced bred and therefore the hardware is getting ported to other platforms.

I'm not sure what the deal is about the Turris Omnia and this forum, that particular product isn't out yet and I've never said it were. It's upcoming as any other products and not that far away either. However, the SoC and pretty much everything else is out and it does show superiour performance on existing products. If you want something simiar but more expensive you have the https://www.solid-run.com/product/clearfog-pro/ . Let's say if the Turris software isn't mature at release time, you'll have the option of running OpenWRT which has been used on that SoC for months. If it bugs people calling it better (since the SoC does have better performance) let's rephrase it to protentially better? So can we stop this silly bashing please?
 
Its not enterprise, but it is closer to it than a lot of other offerings. I have spent over a decade supporting consumer grade AP/router and other network hardware for clients and the UBNT stuff is towards the top. I also have spent time supporting true enterprise hardware (Cisco/Juniper/etc.) and the UBNT is not even close to that. With that said, the UBNT stuff comes the closest to the full enterprise at a consumer price point that I have been able to find and reliably use. (that goes beyond just setting up one project, it is supporting it, distribution, firmware upgrades, etc.)

The scenarios are also not all that limited. Geeks online testing the crap out of things and doing benchmarks is not the same as real-world. Can you please name the normal scenario that you lose hardware acceleration? A normal NAT/firewall/VPN setup does not lose it, and that is what 99% of consumer setups are using. Plus, even if it is off in those limited scenarios, the damn little thing does 250+ which is faster than most peoples connection.

I actually don't buy the edgerouters because of their speed potential. I buy them because they are cheap, reliable, easy to setup, easy to support, and have flexibility of features to meet most scenarios. I have supported my fair share of the other items like I have said, many are quite decent and work well, but I have also had an easier time supporting the edgerouters over the long haul.

If you want pure geeky speed and features, there are many other solid platforms. But all have their pros and cons.

Example: I consider Microtiks shit GUI and difficultly to setup for normal users more of a detractor than hardware offload not working in fringe cases on the edge router. Its all about pros and cons.
 
Last edited:
diizzy said:
I'm not sure what the deal is about the Turris Omnia and this forum, that particular product isn't out yet and I've never said it were. It's upcoming as any other products and not that far away either. However, the SoC and pretty much everything else is out and it does show superiour performance on existing products. If you want something simiar but more expensive you have the https://www.solid-run.com/product/clearfog-pro/ . Let's say if the Turris software isn't mature at release time, you'll have the option of running OpenWRT which has been used on that SoC for months. If it bugs people calling it better (since the SoC does have better performance) let's rephrase it to protentially better? So can we stop this silly bashing please?
Click to expand...

Because when someone comes to a forum asking for a recommendation of what to buy NOW to solve a problem. Talking about projects and things that are not released or only released in parts and need to be a project is a different thing. I am actually cool with that. But then to go and bash existing solutions that are proven...that is just :confused:
 
diizzy said:
I'm not sure what the deal is about the Turris Omnia and this forum, that particular product isn't out yet and I've never said it were.
Click to expand...

There's no "deal" with the Turris Omnia router.

The problem people (myself included) had was with you recommending it to the original poster.

diizzy said:
In your case I'd recommend the Turris Omnia which pretty much does exactly what you're looking for and doesn't eat electricity.
Click to expand...

When someone asks for recommendations for currently available devices, you don't recommend an unfinished, unshipped, untested, unavailable device to them.

Period.
 
There's no "deal" with the Turris Omnia router.

The problem people (myself included) had was with you recommending it to the original poster.
Click to expand...

THIS!!! I make recommendations to address the use case that has been presented. Not provide useless links to products that can't be purchased that same day.

Its not enterprise, but it is closer to it than a lot of other offerings. I have spent over a decade supporting consumer grade AP/router and other network hardware for clients and the UBNT stuff is towards the top. I also have spent time supporting true enterprise hardware (Cisco/Juniper/etc.) and the UBNT is not even close to that. With that said, the UBNT stuff comes the closest to the full enterprise at a consumer price point that I have been able to find and reliably use. (that goes beyond just setting up one project, it is supporting it, distribution, firmware upgrades, etc.)

The scenarios are also not all that limited. Geeks online testing the crap out of things and doing benchmarks is not the same as real-world. Can you please name the normal scenario that you lose hardware acceleration? A normal NAT/firewall/VPN setup does not lose it, and that is what 99% of consumer setups are using. Plus, even if it is off in those limited scenarios, the damn little thing does 250+ which is faster than most peoples connection.

I actually don't buy the edgerouters because of their speed potential. I buy them because they are cheap, reliable, easy to setup, easy to support, and have flexibility of features to meet most scenarios. I have supported my fair share of the other items like I have said, many are quite decent and work well, but I have also had an easier time supporting the edgerouters over the long haul.

If you want pure geeky speed and features, there are many other solid platforms. But all have their pros and cons.

Example: I consider Microtiks shit GUI and difficultly to setup for normal users more of a detractor than hardware offload not working in fringe cases on the edge router. Its all about pros and cons.
Click to expand...

This has been my experience as well. Do I use Ubiquiti ERLs in enterprise environments, NO! Do I use them for cheap, reliable solutions to some customers, YES!

As far as security concerns goes, feel free to link where they openly document updates as I didn't find any such page.
Click to expand...

I believe this is what you are looking for https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/bg-p/Blog_EdgeMAX
 
@ Grentz, Chas, bos6021
Here's the thing... If you read the first post you're doing your own interpretation, please stop making up
statements. If you have opinions please state those objectively and at least somewhat professionally.
Something along the lines like: The Turris Omnia is an unreleased product and a kickstarter projects therefore availability and support might be an issue that might not be worth the risk.

I'm sure metropole is fine on his/her own regarding requirements and questions.

@ boss6021
That's just a release list...

I'm asking about something like these lists
http://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES
https://www.vmware.com/security/advisories
https://www.freebsd.org/security/advisories.html

OpenWRT uses their mailing-lists so there isn't a page but I'm not aware of UBNT keeping a list or something similar anywhere.
 
That's just a release list...

I'm asking about something like these lists
http://kb.juniper.net/InfoCenter/ind...ITY_ADVISORIES
https://www.vmware.com/security/advisories
https://www.freebsd.org/security/advisories.html
Click to expand...

They keep advisories in their forums under each respective product.

Here's the thing... If you read the first post you're doing your own interpretation, please stop making up
statements. If you have opinions please state those objectively and at least somewhat professionally.
Something along the lines like: The Turris Omnia is an unreleased product and a kickstarter projects therefore availability and support might be an issue that might not be worth the risk.

I'm sure metropole is fine on his/her own regarding requirements and questions.
Click to expand...

I responded, and have continued to respond objectively and professionally.
 
diizzy said:
@ Grentz, Chas, bos6021
Here's the thing... If you read the first post you're doing your own interpretation, please stop making up statements. If you have opinions please state those objectively and at least somewhat professionally.
Click to expand...

Okay. Now I KNOW you're trolling. I won't waste any more time on you. Thanks for clarifying that.
 
You must log in or register to reply here.
Back
Top