Building custom UTM appliance, need hardware recommendations

yep, this was one of those memorable threads... happy to see it alive again... and iirc that asus has dropped in price... i think when you first linked it it was 4 something, now its 305 with 21 bucks shipping...

not bad at all
 
They're especially desirable due to the low noise. Come time to build, i'll probably pick one of these up as well.
 
newegg reviewers seem to say pretty darn quiet...

and that isn't the type of thing that they're ridiculously stupid about...
 
Now I am considering pitching my IBM x345 for that.. But on the other hand, I have a lot of Optiplex GX620 SFF's laying around...
 
Now I am considering pitching my IBM x345 for that.. But on the other hand, I have a lot of Optiplex GX620 SFF's laying around...

I just did another UT box with one of those models (eh maybe not a 620..but close) last week for a nursing home. Worked well, slapped an Intel Pro PCI NIC in the riser for the secondary NIC. Some RAM, a new hard drive..she's good to go.
 
Good to know! That is exactly what I had planned on doing.

Most of my UT boxes are actually running on small form factor business desktops. Either Compaq/HP, or IBM, or Dell Optis. I do have two running on 1U servers, one is a Dell R200, another is an IBM X330 model. But the way I look at it..they don't run hard, as long as I have good RAM, and a new hard drive in them....they'll last.

I have a Compaq Evo SFF running Untangle for the network that is based in this thread..
http://hardforum.com/showthread.php?t=1273396
 
That is pretty much how I've felt; I've been very intrigued by Untangle ever since you showed it to me a while back. I have two of these desktops, and I intend on using another one at my in-law's house because they need a router that can actually handle VPN pass-through.
 
Matter of fact...since I just picked up a new laptop that I'm typing on now, I'm going to retire my prior laptop and slap Untangle on it, to run at home. It will retire by even older laptop that has been running PFSense at my house.
 
How loud is that Asus box?

It's loud as hell when you first fire it up, then it is whisper quiet once it finishes POST. Right now the box in the picture is being quite literally ASS-HAMMERED by these college kids that live in the place. There are around 75-100 active users at peak times. Daily bandwidth usage was around 14GB/day for the last week. Then I realized that there were some updates when 5.3 came out, went and looked through the protocol control and discovered about 7 different P2P things that I didn't have blocked yet, checked those last night and now the traffic has died down to about 10GB/day so far. That and I setup QoS and limited the up/down traffic to 90%, so that probably helped, too. :D

So, even when this thing is getting it's ass handed to it it is still quieter than the Cisco Express500 POE switch and the UPS that's in the rack.

For an SMB you could stick this thing in the office where people work and they wouldn't hear it over their own computers.
 
It's loud as hell when you first fire it up, then it is whisper quiet once it finishes POST. Right now the box in the picture is being quite literally ASS-HAMMERED by these college kids that live in the place. There are around 75-100 active users at peak times. Daily bandwidth usage was around 14GB/day for the last week. Then I realized that there were some updates when 5.3 came out, went and looked through the protocol control and discovered about 7 different P2P things that I didn't have blocked yet, checked those last night and now the traffic has died down to about 10GB/day so far. That and I setup QoS and limited the up/down traffic to 90%, so that probably helped, too. :D

So, even when this thing is getting it's ass handed to it it is still quieter than the Cisco Express500 POE switch and the UPS that's in the rack.

For an SMB you could stick this thing in the office where people work and they wouldn't hear it over their own computers.

Good to know for the future. Just recycled a p4 compaq desktop for an untangle install at a christian school I'm working on.
 
Doesn't baby jesus save their computers from the evil intarwebs?? :D

This is a school for troubled youth. Yea fun thing is these kids will not know what hit them. Right now have vnc setup on every machine where they can't disable it and on the teachers machines I'm going to have a link to view anyones desktop. They never had this feature and the kids don't know they are getting it. Would have rather gone with a better solution but we got brought into this at the last minute and well vnc is free.

Still got to figure out a way to block https sites better as untangle doesn't seem to be able to do this. Any ideas other then just blocking https(which I'm thinking about)? I'm guessing I'll have to end up forwarding the dns from the server to hit the untangle box so it can redirect them to it when they ask for the ip.

The kids move over to this new building in like 2 weeks and the content filtering has been something I haven't had a chance to really screw with yet.
 
Hmmmm . . . yeah, I guess I don't know how well the UT does against HTTPS proxying sites. That's a good point. Astaro does pretty well defeating them, but then its also quite a bit more expensive . . . .
 
Hmmmm . . . yeah, I guess I don't know how well the UT does against HTTPS proxying sites. That's a good point. Astaro does pretty well defeating them, but then its also quite a bit more expensive . . . .

Yea but even with it I'm guessing it is just using dns to redirect the https site to itself if it blocks it no? Since it really can't see whats going on I figure thats where it checks the list.

Anyway this setup is a little weird. They bought a new sonicwall for this but were going to use an ipcop box as well. I said lets use untangle as I'd rather have a single solution then something like ipcop where you have to load a bunch of 3rd part addons to make it do the same thing. Right now we have both the sonicwall and the untangle box on the network as 2 seperate gateways. Everything is going to the untangle box except the server which is hitting the sonicwall right now. A few other things will go through it but it will for the most part just be a vpn server to the other building. If I had it my way I wouldn't have had it ordered and would have ordered something like you built instead and saved a few hundred bucks and had a new box for the router. I'm thinking I need to just send the servers dns pointer to the untangle box and let it forward the requests. That way the dns requests hit it which should stop the https issue as the untangle box just won't give out the ip for the site if it is blocked. Just haven't had the chance to screw with it yet. Was going to mess with it over the last 2 days or so but have been dealing with other issues and the wiring wasn't finished yet. Ended up having some jumper cables running from the networking/server closet to a table in the next room with the server, routers, and switches on it as well as a few machines we were using to make images for the rest of the computers.
 
No I didn't prompt for a price, odd that they don't post prices on the site either (at least..not that I could find)

Searched ebay and Google for that part number also...nada.
 
No I didn't prompt for a price, odd that they don't post prices on the site either (at least..not that I could find)

Searched ebay and Google for that part number also...nada.

I'll post the price when they get back to me.
 
I'll post the price when they get back to me.

Thanks..that'd be cool. I'm gonna guess towards a G note. Making it comparable in price with a 1U rack server...but this might have have less power consumption. But if it were towards the 600-700 range..that would be great.
 
Thanks..that'd be cool. I'm gonna guess towards a G note. Making it comparable in price with a 1U rack server...but this might have have less power consumption. But if it were towards the 600-700 range..that would be great.

The XD is right around $1000 too. Can't say I see the advantage of going third party when theres no cost benefit.

EDIT: The XD and XD+ aren't on their site any more... I guess they dropped out of the hardware game completely? The 24 hour preconfigured replacement bit was pretty sweet.
 
Yeah..it (those XD units) was basically a small form factor tower...full blown PC.

The hardware platforms designed to run as firewall appliances are hard to find with the higher power requirements. By these platforms, I mean the slim 1U boxes you can hang on a rack with ears..that have built in switch ports up front, a WAN, plus a couple of built in LAN ports. In theory..smaller and less power requirements than a full blown PC. Would be nice to see the above platform come powered by Intel Atom. :cool:
 
Yeah..it (those XD units) was basically a small form factor tower...full blown PC.

The hardware platforms designed to run as firewall appliances are hard to find with the higher power requirements. By these platforms, I mean the slim 1U boxes you can hang on a rack with ears..that have built in switch ports up front, a WAN, plus a couple of built in LAN ports. In theory..smaller and less power requirements than a full blown PC. Would be nice to see the above platform come powered by Intel Atom. :cool:

Why the switchports? Any place big enough to have a rack should atleast have a switch or two laying around? LogicSupply has a few microitx offerings which can run a C2D Mobile and a SSD. However, the prices quickly approach the $1000 mark. For smaller clients you might be able to squeeze by with one of those 1ghz Via offerings. I've heard of people running untangle on them successfully for home use, atleast.

I also found a reseller for the NexCom box. Looks like its a last generation product http://www.orbitmicro.com/global/build.php?products_id=5024&ref=googlebase but it should support a P4-M which would give it enough balls to run Untangle.
 
Yeah..it (those XD units) was basically a small form factor tower...full blown PC.

The hardware platforms designed to run as firewall appliances are hard to find with the higher power requirements. By these platforms, I mean the slim 1U boxes you can hang on a rack with ears..that have built in switch ports up front, a WAN, plus a couple of built in LAN ports. In theory..smaller and less power requirements than a full blown PC. Would be nice to see the above platform come powered by Intel Atom. :cool:

if you'd like me to start building them and selling them to you i can ;) just let me know what level of support you'd like for them and i'll send you a price :p
 
Why the switchports? Any place big enough to have a rack should atleast have a switch or two laying around? .

I like the ethernet ports on the front of the unit so that I can mount the UTM appliance along with the switches and patch panel (like I do with Juniper SSL appliances for example)...in the com rack. Not throw some more cables across to the APC NetShelter for a full blown server.
 
Ah, I thought you meant specifically a unit with an integrated switch similar to a soho router. Have you looked at Some of Rackable System's products? 15" deep servers which have everything but power up front. I've got a collection of midrange P4's I use for stuff just like this. They go for right around $100 on ebay. For a little more you can throw a ULV or Mobile chip with a ssd or CF card in there and have a nice low power solution. Obviously, theres no warranty on fleabay gear but even if you went with something from Asus or Nexcom, you'd want to keep a cold spare on the shelf.
 
Ah, I thought you meant specifically a unit with an integrated switch similar to a soho router. .

Ahh..yeah, no having 4x LAN ports isn't really what's important to me, just a unit more fitting for a com rack instead of a full blown PC/server. Something I can run headless, smaller, light, all access up front, etc. SSD/cf cards instead of a drive would be nice...but bigger UTM distros like lots of space...bigger install, room for swapfile and log files, etc. Should be at least 20 gigs to begin with. Larger networks with lots of mail flow will need several times that.
 
Like I said, check out Rackable Systems. The C1000's that I have have two intel nics on board, out of band management (Although I haven't played with it), and a PCI slot if you want to run a blue or orange interface.
214178802990a540343dvk5.jpg
 
I like the ethernet ports on the front of the unit so that I can mount the UTM appliance along with the switches and patch panel (like I do with Juniper SSL appliances for example)...in the com rack. Not throw some more cables across to the APC NetShelter for a full blown server.

ditto. most of our clients don't have real server racks. They have an ML350/370 or two in a tower form factor and maybe a wall-mount telco rack. Something like the asus I built was perfect except for the ports being in the back. I do like the Rackable Systems, especially this one here: http://www.rackable.com/products/c10001u.aspx?nid=servers_00
My guess is that is probably really expensive, though.
 
Ya may have seen my post over on UTs forums...but just in case someone here recognizes these boxes...

Endian (another older UTM *nix distro..quite good in fact)..sells their preconfig'd boxes on these..
http://www.endian.com/en/products/hardware/

Click on the Mercury and Macro model links on the left side...

I'd love to find who makes those boxes. No listing of CPU that I could find..but seeing beefy RAM, and fast performance stats....I'd imagine they are beefy enough.
 
Thanks..that'd be cool. I'm gonna guess towards a G note. Making it comparable in price with a 1U rack server...but this might have have less power consumption. But if it were towards the 600-700 range..that would be great.

Got the price back from them on the NSA 1042N8. They gave me a quote of $740 for the unit with a celeron m 1.5, 1gig of ddr2(single stick), and an 80gig sata drive. Leadtime of 2-3 weeks to get one. 2 year warranty on it as quoted. Seems like a pretty good deal to me although I'd want them to quote it out with a full blown pentium m if I was going to buy one(I just asked for a price and didn't give them specs).

Might have to take a hard look at one of these for next time.

Edit:

These suckers have 2 dimm slots and dual sata ports on them. Also have an internal ide port. Also have a minipci slot and can have a pci slot in them with an external hookup so you can add more ethernet to the back or something like a pcmcia adapter to run an evdo card.
 
Back
Top