Dedicated pfSense/firewall hardware solution for mid/late 2018?

Discussion in 'Networking' started by namike, Sep 7, 2018.

  1. namike

    namike Member

    Joined:
    Sep 2, 2014
    Messages:
    62
    Likes Received:
    16
    What is everyone using for dedicated firewall solution these days? I was previously using a Zotac CI323 running ESXi with a pfSense VM on it until lightening from the tropical storm took out both my cable modem and the interface I was using for my WAN port in one shot.

    While I liked the ESXi route on the Zotac box, it still presented a challenge when it came to patching the hypervisor due to the FW VM being run on that box. Also, the lack of IPMI is no fun should issues ever arise with the hypervisor.

    I have another dedicated ESXi AIO box (E5-2648L v3, 128GB DDR4, etc) that I have built a new VM on to get me going again, because of course, my home LAN is is broken to different VLANs and all the L3 gateways are on the pfsense box.)

    Current network hardware:
    Unifi AP-AC-Lite
    Unifi 16XG 10GbE switch
    Juniper EX2200-c

    Internet:
    150Mbit/10Mbit

    Requirements:
    1GbE minimum due to L3 gateway for VLANs currently
    Low noise/heat/cost <$200 USD

    Items I'm considering:
    APU2C4 - Dedicated hardware, Intel NICs, for pfsense
    Supermicro ITX board to throw in a spare ITX case (this would give me the option of throwing a 10GBe NIC to connect to Unifi switch) to throw pfsense back on
    Used FW from ebay (SRX240 maybe?, suggestions)?
    Unifi USG (are these things still pretty gimped with features)?
    Dell R210ii 1u server

    tldr; looking for dedicated firewall suggestions in 2018
     
    #1
    Last edited: Sep 7, 2018
  2. nthu9280

    nthu9280 Well-Known Member

    Joined:
    Feb 3, 2016
    Messages:
    1,417
    Likes Received:
    354
    check the threads on HP T730 & T620 Plus. No IPMI though
     
    #2
  3. ehorn

    ehorn Active Member

    Joined:
    Jun 21, 2012
    Messages:
    333
    Likes Received:
    51
    Since your running unifi throughout, you might enjoy the usg pro 4. its a decent piece of kit for the price. and should not gimp you on bandwidth running IPS.
     
    #3
  4. mstone

    mstone Active Member

    Joined:
    Mar 11, 2015
    Messages:
    505
    Likes Received:
    117
    The apu2 is probably the cheapest, lowest power, reliable solution available as long as it meets your needs. (And at 150/10 that's not an issue.)
     
    #4
    EcLiPsE likes this.
  5. namike

    namike Member

    Joined:
    Sep 2, 2014
    Messages:
    62
    Likes Received:
    16
    @nthu9280 I actually remember reading a little bit on those threads about those boxes. Cool idea. The only thing I might get stuck with is the built in realtek NIC for the WAN side of pfsense, unless I threw a 2-4 port copper card in the PCIe slot and didn't worry about uplinking back via 10GbE.

    @ehorn $300 USD is not bad, but how they do the firewall rules looks like it leaves a lot to be desired coming from my enterprise experience with Junos, ScreenOS and ASA.

    @mstone It is definitely still an option. My buddy had one until his lost a NIC due to storms as well, damn Florida.
     
    #5
  6. StammesOpfer

    StammesOpfer Active Member

    Joined:
    Mar 15, 2016
    Messages:
    378
    Likes Received:
    122
    Right now I like the HP Thin Clients with a 2 port intel nic.
     
    #6
  7. MiniKnight

    MiniKnight Well-Known Member

    Joined:
    Mar 30, 2012
    Messages:
    2,927
    Likes Received:
    854
    Just get a LP 4 port NIC and skip the Realtek. It's like $30 more.
     
    #7
Similar Threads: Dedicated pfSense/firewall
Forum Title Date
Networking [Question] Network Speed Issues (Dedicated Circuit) - Hardware Problem? Oct 8, 2016
Networking How to provide networking for dedicated machines? Mar 6, 2016

Share This Page