Recent content by Frank Bello

  1. F

    Hardware to run pfsense ?

    I seem to have opened a can of worms. I didn't expect so many replies, TBH. I'm just not paranoid enough to go and buy a sparcstation to use as a firewall. If I have got their attention then I should assume they have already exfiltrated all the data they want (considering, for example, the flap...
  2. F

    Hardware to run pfsense ?

    I have one server for ESXi and an Asrock Deskmini which serves DNS and acts as a repository for ESXi backups (I cannot store those on my FreeNAS VM, since that runs on ESXi, so it's a vicious circle type of problem). But I digress... Putting ESXi interfaces on the internet doesn't pass the...
  3. F

    Hardware to run pfsense ?

    You make some very good points... I've pretty much decided to buy some dedicated hardware, plus I'm fairly unhappy about the thought of connecting ESXi directly to the internet.
  4. F

    Multi Gig switch

    Hi, the QNAP QSW-1208-8C has a mix of RJ45 and SFP+ ports; up to 12 can be in use at a time including up to 8 RJ45 ports. From QNAP's website: "The 10GbE SFP+ ports are backward compatible with 1GbE SFP; the RJ45 (copper) combo port supports up to five speeds (10G/5G/2.5G/1G/100M)". It costs...
  5. F

    Looking for a small/compact/home 10GbE L3 switch

    If you only need L3, and no firewalling, you could look at TNSR ? (TNSR Home+Lab)
  6. F

    SG550 LACP to Fortigate 60E Issue, Fortigate 60E Forwarding capacity

    As a suggestion, try to find out if both traffic streams are going down the same cable (check port counters). That seems the most likely scenario. If so then it just means that the load-balancer has picked the same link for both combinations of IP+MAC. Unfortunately, this is a problem with link...
  7. F

    Looking for a small/compact/home 10GbE L3 switch

    That CRS309 was reviewed here on STH: https://www.servethehome.com/mikrotik-crs309-1g-8sin-review-inexpensive-8x-10gbe-switch/. In summary, it's a line-rate device at L2, but not at L3.
  8. F

    Hardware to run pfsense ?

    Thanks! I had a quick look at the Jetway website as well and it's well organised, with drivers, manuals, etc.:)
  9. F

    Hardware to run pfsense ?

    Suricata is a nice-to-have. I don't know whether it does the re-encrypt part. Thank you. That's exactly the sort of information I was hoping for. Not sure if Passmark is a reliable indicator here, but that CPU gets a Passmark score about 1.3x higher than the Core I5-7200U I was originally...
  10. F

    Hardware to run pfsense ?

    Thanks! - will take a look. There are loads of options to consider... I gave some more thought to your previous post as well. Actually, I only really need separate hardware for the public internet. Internal VLAN-to-VLAN firewalling (if required) probably can run on pfsense on ESXi... if I cut...
  11. F

    Hardware to run pfsense ?

    Well, $1500 is certainly above my budget. I'm just looking at pricing for that SuperMicro X10SDV-4C-TLN2F. A US seller has one on offer 2nd hand and will ship to the UK for $229, $19 shipping and $57 import; total $305. Case £50, nano 12V PSU and AC/DC adapter block, £79, 2x8GB unbuffered ECC...
  12. F

    Hardware to run pfsense ?

    Thanks - the Qotom offerings are similar to the Kettop box that I mentioned at the top of the thread. There are a few of these vendors doing cheap 4x1G or 6x1G boxes, specifically for pfsense and similar uses. I wouldn't have a bonding issue on the upstream side, as my ISP delivers their...
  13. F

    Hardware to run pfsense ?

    Erm, it's not just a router... the more advanced firewalls are doing SSL/TLS inspection - decrypt/packet inspection/re-encrypt, so the CPU load is way more than just L3 forwarding. What $60 hardware are you using that can do 1G symmetric with firewalling, IDS and IPS enabled ? I'm genuinely...
  14. F

    Hardware to run pfsense ?

    Thanks - was looking at that unit earlier today. Anandtech seemed happy with it, which is encouraging.
  15. F

    Hardware to run pfsense ?

    Thanks! I get the point about vendor lock-in with proprietary hardware. But there is another side to the decision which is that the self-build option will probably not be compact and fanless like the Netgate and OpnSense solutions (WAF problem), and by the time I've added in a case, fans, PSU...