Search results

  1. F

    Hardware to run pfsense ?

    I seem to have opened a can of worms. I didn't expect so many replies, TBH. I'm just not paranoid enough to go and buy a sparcstation to use as a firewall. If I have got their attention then I should assume they have already exfiltrated all the data they want (considering, for example, the flap...
  2. F

    Hardware to run pfsense ?

    I have one server for ESXi and an Asrock Deskmini which serves DNS and acts as a repository for ESXi backups (I cannot store those on my FreeNAS VM, since that runs on ESXi, so it's a vicious circle type of problem). But I digress... Putting ESXi interfaces on the internet doesn't pass the...
  3. F

    Hardware to run pfsense ?

    You make some very good points... I've pretty much decided to buy some dedicated hardware, plus I'm fairly unhappy about the thought of connecting ESXi directly to the internet.
  4. F

    Multi Gig switch

    Hi, the QNAP QSW-1208-8C has a mix of RJ45 and SFP+ ports; up to 12 can be in use at a time including up to 8 RJ45 ports. From QNAP's website: "The 10GbE SFP+ ports are backward compatible with 1GbE SFP; the RJ45 (copper) combo port supports up to five speeds (10G/5G/2.5G/1G/100M)". It costs...
  5. F

    Looking for a small/compact/home 10GbE L3 switch

    If you only need L3, and no firewalling, you could look at TNSR ? (TNSR Home+Lab)
  6. F

    SG550 LACP to Fortigate 60E Issue, Fortigate 60E Forwarding capacity

    As a suggestion, try to find out if both traffic streams are going down the same cable (check port counters). That seems the most likely scenario. If so then it just means that the load-balancer has picked the same link for both combinations of IP+MAC. Unfortunately, this is a problem with link...
  7. F

    Looking for a small/compact/home 10GbE L3 switch

    That CRS309 was reviewed here on STH: https://www.servethehome.com/mikrotik-crs309-1g-8sin-review-inexpensive-8x-10gbe-switch/. In summary, it's a line-rate device at L2, but not at L3.
  8. F

    Hardware to run pfsense ?

    Thanks! I had a quick look at the Jetway website as well and it's well organised, with drivers, manuals, etc.:)
  9. F

    Hardware to run pfsense ?

    Suricata is a nice-to-have. I don't know whether it does the re-encrypt part. Thank you. That's exactly the sort of information I was hoping for. Not sure if Passmark is a reliable indicator here, but that CPU gets a Passmark score about 1.3x higher than the Core I5-7200U I was originally...
  10. F

    Hardware to run pfsense ?

    Thanks! - will take a look. There are loads of options to consider... I gave some more thought to your previous post as well. Actually, I only really need separate hardware for the public internet. Internal VLAN-to-VLAN firewalling (if required) probably can run on pfsense on ESXi... if I cut...
  11. F

    Hardware to run pfsense ?

    Well, $1500 is certainly above my budget. I'm just looking at pricing for that SuperMicro X10SDV-4C-TLN2F. A US seller has one on offer 2nd hand and will ship to the UK for $229, $19 shipping and $57 import; total $305. Case £50, nano 12V PSU and AC/DC adapter block, £79, 2x8GB unbuffered ECC...
  12. F

    Hardware to run pfsense ?

    Thanks - the Qotom offerings are similar to the Kettop box that I mentioned at the top of the thread. There are a few of these vendors doing cheap 4x1G or 6x1G boxes, specifically for pfsense and similar uses. I wouldn't have a bonding issue on the upstream side, as my ISP delivers their...
  13. F

    Hardware to run pfsense ?

    Erm, it's not just a router... the more advanced firewalls are doing SSL/TLS inspection - decrypt/packet inspection/re-encrypt, so the CPU load is way more than just L3 forwarding. What $60 hardware are you using that can do 1G symmetric with firewalling, IDS and IPS enabled ? I'm genuinely...
  14. F

    Hardware to run pfsense ?

    Thanks - was looking at that unit earlier today. Anandtech seemed happy with it, which is encouraging.
  15. F

    Hardware to run pfsense ?

    Thanks! I get the point about vendor lock-in with proprietary hardware. But there is another side to the decision which is that the self-build option will probably not be compact and fanless like the Netgate and OpnSense solutions (WAF problem), and by the time I've added in a case, fans, PSU...
  16. F

    Hardware to run pfsense ?

    ... and none of the roll-your-own options get close to it in terms of compactness and passive cooling (both major WAFs). It's very tempting, despite the price. On the other hand, OpnSense has not been around for as long as Netgate and has 3 employees versus Netgate's 75. Decisions, decisions...
  17. F

    Hardware to run pfsense ?

    Yes - that problem is especially acute with Supermicro. Very hard to find 2nd hand.
  18. F

    Hardware to run pfsense ?

    Thanks! Both the Netgate and the OpnSense box claim to support (at least) 10Gbit/s for rules-based firewalling (not IPSEC) so I'm tempted to say I'll future-proof to that level - given that the 1G solution (option #1) is $550 and 10G from Netgate is $699, I'd take the 10G option as a no-brainer...
  19. F

    Hardware to run pfsense ?

    Thanks! That's about £700 locally so the cost is in the same ballpark as the C3758. 60W versus 25W though... might be worth it for better performance however. What kind of throughput do you get from the Xeon D ?
  20. F

    Hardware to run pfsense ?

    Hi RTM, thanks for the detailed reply. I don't really want to buy anything more expensive than the OpnSense DEC840. My internet feed is 300Mbit/s at the moment, but it could easily exceed 1Gbit/s in the next year or two, and if it does then I don't want to have to start over. That's probably the...