Sophos XG or pfSense/OPNsense

[Burner27]

hey fellow networking people! I have a question. I currently use a Meraki MX64 as my router at home (got it free with taking a webinar), but it’s coming up for renewal and I am not sure if I should do it or not. The service I have now is 200/10 from Spectrum and I am not planning on going higher unless they really have some super deal. I have the following hardware available at my disposal for a router and was wondering if anyone had any experience or recommendations for software. I was considering Sophos XG or pfSense/OPNsense.

Dell Optiplex 3010 with the following specs

I5-3570 cpu
8GB ram
120GB SSD
Quad port GbE PCIe card

Probably a little overkill for a router, but it’s what I have.

Thanks for your input!

 

[Farva]

That setup will work for Gb internet.

I vote for pfsense because that's what I've used for nearly 10 years.

 

[Keljian]

Pfsense, or just get a decent consumer router solution and save some money on power bills.

 

[Burner27]

Pfsense, or just get a decent consumer router solution and save some money on power bills.

Not going back to consumer level routers. They are crap and always will be. I know the setup I want to use is a lot more power gobbling than my Meraki, but i want to build my own.

 

[FNtastic]

When I was looking at the Meraki devices, there was talk about an open source firmware for them. Can't remember if it was the switch, firewall, or other devices. Might be worth checking out before you move on to something else or potentially replacing hardware.

 

[IdiotInCharge]

Also look at Untangle. Probably the easiest to set up, and you can try the 'premium' levels of software for a month before deciding what's worth purchasing.

 

[Cmustang87]

When I was looking at the Meraki devices, there was talk about an open source firmware for them. Can't remember if it was the switch, firewall, or other devices. Might be worth checking out before you move on to something else or potentially replacing hardware.

That was OpenWRT on the Meraki APs.

 

[Cmustang87]

hey fellow networking people! I have a question. I currently use a Meraki MX64 as my router at home (got it free with taking a webinar), but it’s coming up for renewal and I am not sure if I should do it or not. The service I have now is 200/10 from Spectrum and I am not planning on going higher unless they really have some super deal. I have the following hardware available at my disposal for a router and was wondering if anyone had any experience or recommendations for software. I was considering Sophos XG or pfSense/OPNsense.

Dell Optiplex 3010 with the following specs

I5-3570 cpu
8GB ram
120GB SSD
Quad port GbE PCIe card

Probably a little overkill for a router, but it’s what I have.

Thanks for your input!

If you go over 200/10 from your carrier you'd need to upgrade the MX64 anyway. Meraki MX64 with all security features enabled only supports 200Mbps throughput.

 

[Burner27]

If you go over 200/10 from your carrier you'd need to upgrade the MX64 anyway. Meraki MX64 with all security features enabled only supports 200Mbps throughput.

Yeah i know. I just think I can do better than the Meraki feature wise.

 

[Cmustang87]

Yeah i know. I just think I can do better than the Meraki feature wise.

For sure - I was just letting you know to hopefully help justify the purchase

 

[Burner27]

For sure - I was just letting you know to hopefully help justify the purchase

Appreciate your advice. Thank you.

Tried installing sophos xg. Looks nice. Going to run it for a while. Did read that people who try to install it on modern amd hardware are running into issues. Is sophos Intel hardware only?

 

[thebufenator]

I run pfsense on an AMD AM1 Athlon setup and it runs great with snort and a bunch of other stuff running.

 

[Burner27]

I run pfsense on an AMD AM1 Athlon setup and it runs great with snort and a bunch of other stuff running.

Have you tried OPNsense? Is that 'fork' good?

 

[Stugots]

As someone mentioned above, that system should handle 1Gb/s without a problem. I have a similar speed connection and I'm running pfSense on a PCEngines APU2 (https://pcengines.ch/apu2.htm). Only uses about 8-10W.

I prefer pfSense, but I've been thinking about giving OPNSense a try. I prefer to stick with BSD over Linux, especially for a firewall. I have a few coworkers who run firewalls on OpenBSD also. Don't expect a fancy web UI for configuring it though.

 

[Burner27]

As someone mentioned above, that system should handle 1Gb/s without a problem. I have a similar speed connection and I'm running pfSense on a PCEngines APU2 (https://pcengines.ch/apu2.htm). Only uses about 8-10W.

I prefer pfSense, but I've been thinking about giving OPNSense a try. I prefer to stick with BSD over Linux, especially for a firewall. I have a few coworkers who run firewalls on OpenBSD also. Don't expect a fancy web UI for configuring it though.

What's the issue running a Linux based Firewall vs a BSD based firewall?

 

[Stugots]

What's the issue running a Linux based Firewall vs a BSD based firewall?

I prefer and trust BSD more than Linux.

 

[bman212121]

I know the setup I want to use is a lot more power gobbling than my Meraki, but i want to build my own.

It's probably not as bad as you think. If you are using the onboard video, 2 sticks of memory, and an SSD, that system should pull right around ~20W from the wall (Idling most of the time). At 10 - 12 cents per KWH, it's in the neighborhood of 10W 24/7 = $1.00 per month. So really only costs about $2.00 a month to power one of those. (And a side note a stick of memory is only about 1W per stick, so not even worth worrying about)

That said, if you do have some kind of power meter, you definitely want to check the system with and without that quad port card. I've come across quad port cards that draw 20 - 25W by themselves. IIRC a typical dual port card like the old Intel Pro 1000 is around 3W per card. So using that Quad port card might cost another $2.00 a month and it warrant replacing with something cheaper.

I don't know what that Meraki draws, but generally even soho devices are like 4 - 5W, so it's not nearly as big of a deal as it used to be. A Core2Duo setup could easily pull 60W+, and I've had other systems that were around 100W idle. What you have to use is already quite a bit ahead of what we used to have available.

 

[Burner27]

I used a 'Kil-a-watt' device and found the PC pulls ~55w most of the time.

 

[jardows]

I like going the pfsense/opensense route primarily due to the fact that you get all features without having to pay extra or a yearly subscription. That way, even if you aren't using all those features, you can experiment with them any time you want.

 

[Burner27]

So I reduced my hardware for this build to something more eco-friendly:

Intel Pentium G4560 CPU
MSI B150 Bazooka mobo
8GB DDR4-2666
650W Thermaltake PSU
Intel Quad Port NIC

Case arrives tomorrow and I will put it all together over the weekend

I’ll see what the power draw is. I don’t think it will match the Meraki, but it’ll be much cheaper than the license for it.

 

[Joust]

I'm very late to the party, but I use a Sophos box, XG. I'm a fan.