Best Box for pfSense

[ChrisKC]

I'd like to run pfSense for my home network. What box would you recommend? I've reviewed the hardware recommendations, but there are a number of choices online.


Below are several I found. Thoughts?


Compact Small UTM from MiniServer

http://www.firewallhardware.it/en/compact_small_utm.html


SG-2220 from Netgate

https://www.netgate.com/products/sg-2220.html


J1900 Quadcore Celeron

https://www.amazon.co.uk/gp/aw/d/B01GBHCCD8/ref=cm_cr_arp_mb_bdcrb_top?ie=UTF8


Any other models or additional things to consider? The setup needs to support OpenVPN and TOR. I also require dual-band wi-fi. I prefer an Intel cpu and dual-core is probably sufficient.

 

[vr.]

When I was shopping for pfsense hardware I saw lots of problem threads on the pfsense community where it's hit or miss so best of luck with wi-fi inside your pfsense box.

The SG-2220 you linked does not list wifi inside the box. Their wifi option on the "buy" page looks like it's this separate Ubuquiti AP. If that's the case you could save some money and go with another AP.

The third unit you listed looks like a Qotom unit. There's a thread on the pfsense community forums with people's experiences on them. I almost bought that style but at the time I was shopping, the one I bought was a few bucks cheaper.

 

[Eickst]

The best box is one you already have, unless you are paying 50c per kwh for electric or something.

 

[ChrisKC]

The best box is one you already have, unless you are paying 50c per kwh for electric or something.

Like I said, I DON'T have one. Which is why I asked...

 

[longblock454]

Don't forget the Celeron based stuff doesn't support AES-NI, required for pfsense 2.5+.

https://www.netgate.com/blog/pfsense-2-5-and-aes-ni.html

 

[goodcooper]

if you're willing to wait a month or so theres the up squared boards

http://www.up-board.org/upsquared/

 

[vr.]

if you're willing to wait a month or so theres the up squared boards

http://www.up-board.org/upsquared/

Cool little board for some projects. Realtek networking in general is sprinkled all around the pfsense forums with slowness problems, buffer problems, connection problems.... works for some but having experienced it myself in a Zotac CI321 nano plus, I'd recommend against Realtek if you want reliability in pfsense.

 

[ChrisKC]

When I was shopping for pfsense hardware I saw lots of problem threads on the pfsense community where it's hit or miss so best of luck with wi-fi inside your pfsense box.

The SG-2220 you linked does not list wifi inside the box. Their wifi option on the "buy" page looks like it's this separate Ubuquiti AP. If that's the case you could save some money and go with another AP.

The third unit you listed looks like a Qotom unit. There's a thread on the pfsense community forums with people's experiences on them. I almost bought that style but at the time I was shopping, the one I bought was a few bucks cheaper.

So what would you suggest, vr?

 

[vr.]

Look for hardware with support for AES-NI like longblock454 suggests, that is within your budget.

 

[Eickst]

Does it have to be a prebuilt box? Do you have requirements for it being low power or small form factor? Do you have to have the built in switch?

The reason i ask is you can often get refurbished business desktops for under $100 that will outperform any of those boxes

 

[Farva]

Why not look at setting up a VPS of pfsense (pfsense in the cloud)?

 

[ChristianVirtual]

I run my pfSense on a ASUSTeK Intel Celeron N3150 N3150M-E ; as per ARK support AES-NI ( http://ark.intel.com/products/87258/Intel-Celeron-Processor-N3150-2M-Cache-up-to-2_08-GHz )

On the free PCIe slot I put an Intel-NIC with so I have one NIC for the WAN/Fiber cable and one NIC for the internal LAN. The WiFi is routed via a dedicated access point (Apple).

I use OpenVPN to connect from my iOS devices ; but not using TOR.

Happy with it and its 20W/h.

PS: there was/is from graphic issue on the MB (I guess) but it don't impact its performance and mostly headless anyway

 

[jardows]

So many options available, if you are not confined to a form factor, and can build yourself. I'm using an AM1 processor on an ASUS mAtx motherboard - cost me about $40 for processor and board with Microcenter discounts. Purchased an HP dual gig ethernet server pull from ebay for $10.00. Thew in a spare 2gig RAM stick, and in a spare case, and now I have full functioning router for less than $100.00. With AES-NI (since AMD doesn't remove features just for product segmentation like Intel). This is just one option available, but the AM1 stuff is getting harder to find.

 

[Nexillus]

I purchased the SG-2220 from Netgate couple months back and it has been fantastic. Even with several devices over an Open VPN it handles speeds upwards of 60MB/s down with AES 256CBC and for non vpned traffic maxes my ISP around 330/MB/s down and 30MB/s up.

 

[vr.]

This popped up on my YouTube recommendations earlier

 

[Stugots]

I'm running my pfSense home firewall on a PCEngines APU2. I think I got mine up and running for around $175.

http://pcengines.ch/apu2c4.htm

 

[mwarps]

Internet connection speed? What do you do with the connection? Will you need VPN? Will you be hosting services behind the router? Do you expect near-wireline routing speeds from the box or over a VPN?

All things that help in sizing a box.