Budget dedicated pfsense box

[RobertFontaine]

Requirements:
175 Mbps Up / 16 Mbps Down - CPU that can handle 200 Mbps
Open VPN - CPU with hardware AES (client and/or server)
Filtering/Update Caching ala Squid - 4 GB RAM, SSD for caching - 128GB.
Monitoring - Snort (maybe)
Intel NICs - Min 2. - I have a dedicated 1GB switch (procurve 1810-g) downstream
Homelab - Needs to be quiet / power consumption not terribly important
Wifi - Will do this with a separate device for location and Pfsense.

I've been looking at the various solutions and think I've come down to a choice of 4:

Qotom Q190G4 Intel Celeron Processor 3215U Dual Core Processor Barebone Mini PC

Amazon.com: Qotom Q190G4 Intel Celeron Processor 3215U Dual Core Processor Barebone Mini PC: Computers & Accessories

Has 4 Intel NICS and would be very quiet
Intel Celeron Processor 3215U Dual core (2M Cache, 1.70 GHz, Broadwell

Needs additional 4gb and an 128 gb ssd

Netgate SG-2220
SG-2220 Desktop Network Firewall Router Hardware Appliance

PCEngines APU2C4
PC Engines apu2c4 product file

Used Dell Optiplex
Dell Optiplex 990 4GB Ram 250GB HDD Intel Core i5-2400S 2.5 Ghz Win 7 Ent

The optiplex seems like a bargain but would require an additional intel nic card.


I am pretty sure any of the 4 would meet my requirements. Is there a good reason that most of the online discusion focuses on the qotom or pc engines options? From a price and performance perspective the used sff i5 computer seems like a slightly better deal with probably better reliablity (?). From a tested, works, and supported perspective the Netgate SG-2220 seems like an easy purchase.

Am I missing criteria that make the Qotom/CPU2C4 preferable for a home lab?

Thanks,
Robert

 

[Evan]

Yes those 3 systems are super low power and fanless, the dell will Use more power and create more noise also it's much larger.

 

[fractal]

I have the netgate. I am not sure I would want to put a hard drive in it and try to run snort. The UI gets slugish with my crappy 40 down / 16 up cable. I don't want to think what it would be like at 200 mbps.

I have an optiplex 790 / i5 in the other room that is between projects. At 18 watts idle I would not say it uses a lot more power than the netgate. Your post has me thinking I should shove a couple of low profile 2 port intel server nic in it and replace the netgate.

 

[voodooFX]

I had the PCEngines APU and I found the need to install it with a serial cable connection very annoying, but is just my opinion, if they sell them like that probably the rest of the world of perfectly fine with the serial

 

[sd11]

I got fed up with my Ubiquiti ERL. It was fast and stable, but the confit was inconsistent and didn't have the reporting I wanted.

I went with the Qotom Q190G4N-S07. It has been great. No stability issues. I put a 2.5" HD in. I remember reading about SSD disks getting killed, so I held off putting one in for now. I've never seen the CPU spike very high.

I'm sure you've seen the pfsense forums... lots of people there have the qotom.

The only downside is it takes a few more seconds to boot than what I would like.

 

[Patrick]

The J1900 will be fine for most things pfSense.

I will say that if you are doing IPsec QAT may be worth it.

I have a friend that is now using my old S1260 Atom with 8G RAM as a pfSense appliance with OpenVPN setup and he is having no issues with his 112 mb down WAN.

I like the two pfSense appliances that Netgate sent for review. They have worked well and are low power. One other, minor point, getting access to the AWS VPN feature and such is a good feature on the pfSense appliances.

I have had to do a recovery on one of them. That required hands-on time because it was not hooked up to a console server. When I build my own appliances, and those for family and friends, I always get IPMI because otherwise remote troubleshooting is a PITA without it, especially with the Web GUI is down as is SSHD. Relatively, it add as lot of power using IPMI. (4-7w) Not having to dig for a serial console cable, having remote reboot functions and etc. is worth it to me.