Dedicated pfSense/firewall hardware solution for mid/late 2018?

namike

Member
Sep 2, 2014
67
17
8
42
What is everyone using for dedicated firewall solution these days? I was previously using a Zotac CI323 running ESXi with a pfSense VM on it until lightening from the tropical storm took out both my cable modem and the interface I was using for my WAN port in one shot.

While I liked the ESXi route on the Zotac box, it still presented a challenge when it came to patching the hypervisor due to the FW VM being run on that box. Also, the lack of IPMI is no fun should issues ever arise with the hypervisor.

I have another dedicated ESXi AIO box (E5-2648L v3, 128GB DDR4, etc) that I have built a new VM on to get me going again, because of course, my home LAN is is broken to different VLANs and all the L3 gateways are on the pfsense box.)

Current network hardware:
Unifi AP-AC-Lite
Unifi 16XG 10GbE switch
Juniper EX2200-c

Internet:
150Mbit/10Mbit

Requirements:
1GbE minimum due to L3 gateway for VLANs currently
Low noise/heat/cost <$200 USD

Items I'm considering:
APU2C4 - Dedicated hardware, Intel NICs, for pfsense
Supermicro ITX board to throw in a spare ITX case (this would give me the option of throwing a 10GBe NIC to connect to Unifi switch) to throw pfsense back on
Used FW from ebay (SRX240 maybe?, suggestions)?
Unifi USG (are these things still pretty gimped with features)?
Dell R210ii 1u server

tldr; looking for dedicated firewall suggestions in 2018
 
Last edited:

ehorn

Active Member
Jun 21, 2012
342
52
28
Since your running unifi throughout, you might enjoy the usg pro 4. its a decent piece of kit for the price. and should not gimp you on bandwidth running IPS.
 

mstone

Active Member
Mar 11, 2015
505
118
43
45
The apu2 is probably the cheapest, lowest power, reliable solution available as long as it meets your needs. (And at 150/10 that's not an issue.)
 
  • Like
Reactions: EcLiPsE

namike

Member
Sep 2, 2014
67
17
8
42
@nthu9280 I actually remember reading a little bit on those threads about those boxes. Cool idea. The only thing I might get stuck with is the built in realtek NIC for the WAN side of pfsense, unless I threw a 2-4 port copper card in the PCIe slot and didn't worry about uplinking back via 10GbE.

@ehorn $300 USD is not bad, but how they do the firewall rules looks like it leaves a lot to be desired coming from my enterprise experience with Junos, ScreenOS and ASA.

@mstone It is definitely still an option. My buddy had one until his lost a NIC due to storms as well, damn Florida.