Small firewall recommendations

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

cadamwil

Member
Jan 16, 2014
52
9
8
44
Nashville, TN
I’m near Nashville TN, my only real concern is the dew point on overnights causing condensation. It gets cold, but doesn’t stay that way. It gets hot, but not too crazy.
 

rotor

New Member
Sep 16, 2013
10
1
3
I feel like you *exactly* described the Mikrotik Hex with your requirements. I just checked and it has been tested -40C to 60C.

 

oneplane

Well-Known Member
Jul 23, 2021
844
484
63
The downside to a lot of MikroTik stuff (including the hex) is MMIPS architecture, it's basically a security hole you cannot patch since almost no low-end MIPS cores have basic things like NX. Other than that, like their RB450Gx4 there are good options there, and that one even has POE-in + POE-out (and -40°C to 70°C rating). Case is cheap as well so overall you get a reasonable $150 package. You can opt to use their RouterOS but OpenWRT runs on it as well. It also has IPSec acceleration.
 
  • Like
Reactions: rucksense

newabc

Active Member
Jan 20, 2019
465
243
43
The Mikrotik RB4011 and RB5009 series are using ARM cpu now.
What I appreciate these 2 is the layer-7 packet filter on them and they have a lower cost than pfSense hardware. But they don't have IDS/IPS.
 
  • Like
Reactions: rucksense

zac1

Well-Known Member
Oct 1, 2022
432
358
63
I’d love to go supermicro, but they are too big for the space I have.
Ah, I see your earlier reply about the small space already being 70% occupied. I suppose the E302 at 11.6" x 3" x 8.1" wouldn't fit.

There's also the SC101F @ 1.7" x 7.6" x 8.9" but not sure how that would do in that environment.
 

wulfy23

New Member
Jan 27, 2023
2
0
1
wg over nanopi / cm4(likely cooler) or the mikro suggestion above for something a bit more turnkey
 

rucksense

New Member
Sep 4, 2020
1
3
3
I'd go with OpnSense considering a more recent OS base is used, or OpenWRT. VyOS would be an option if you don't mind the Cisco-style CLI and no WebUI.

But the software isn't all that exciting, it's more of a hardware thing at this point. If you need only a handful of ports, an EdgeRouter might be a good choice. Since you are already familiar with them, I'd say it fits in your setup nicely.

As for crashes etc. just make sure it has a watchdog timer and make sure it is not disabled.
pfSense is using a very recent base for the version that is supposed to be released soon. Personally, as long as my hardware is supported and their aren't any outstanding vulnerabilities that will affect pfSense/OPNSense, I don't really care what version of the base OS they use. That's like with a recent version of Sophos XG I was on the console of this morning. It's running a 4.something (4.14?) version of the Linux kernel. That's not really recent either, but I don't think many people are bothered by it because they're going for the overall package, not the kernel or OS it's running on.

As far as hardware compatibility goes, this is for a firewall, not a gaming system. It's very easy to get bog-standard hardware that's well-supported by pfSense or OPNSense. All it takes is a little research prior to purchasing. :)
 

oneplane

Well-Known Member
Jul 23, 2021
844
484
63
pfSense is using a very recent base for the version that is supposed to be released soon. Personally, as long as my hardware is supported and their aren't any outstanding vulnerabilities that will affect pfSense/OPNSense, I don't really care what version of the base OS they use. That's like with a recent version of Sophos XG I was on the console of this morning. It's running a 4.something (4.14?) version of the Linux kernel. That's not really recent either, but I don't think many people are bothered by it because they're going for the overall package, not the kernel or OS it's running on.

As far as hardware compatibility goes, this is for a firewall, not a gaming system. It's very easy to get bog-standard hardware that's well-supported by pfSense or OPNSense. All it takes is a little research prior to purchasing. :)
The issue with base OS versions and kernel versions was mostly for 2.5G network interfaces, and 5G in some cases. Classic speeds (1G/10G) are pretty well supported for quite a while, but those 'in between' speeds are a bit more recent making a lot of older distributions not work with them.