Hardware to run pfsense ?

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

Frank Bello

Member
Nov 14, 2018
36
12
8
Good lord this thread is full of weird advice! :p
I seem to have opened a can of worms. I didn't expect so many replies, TBH.
I'm just not paranoid enough to go and buy a sparcstation to use as a firewall.

I'm a 20+ year Security nerd, and specialize in firewalls, advanced threats and malware etc.
You either "need" very moderate security for your home internet, or you know you're doing really shady stuff and should take whatever precautions you can dream up.
You would be an absolute idiot if you were doing things from your house that would get the attention of nation states
If I have got their attention then I should assume they have already exfiltrated all the data they want (considering, for example, the flap about spy chips on Supermicro boards):).

This is my setup, and I'll hand out my public IP for anyone that thinks they can hack it :D

Lenovo M920Q
Onboard Intel i219
Mellanox CX3
USB3 network adapter for mgmt
...
This setup is dead silent, tiny, and easily does 1G symmetric :D
Thanks! - that's exactly the sort of information I was looking for. Just checked and it looks like you can put a quad i350 card in the M920. Looks ideal.
 
  • Like
Reactions: abq

zer0sum

Well-Known Member
Mar 8, 2013
849
473
63
I seem to have opened a can of worms. I didn't expect so many replies, TBH.
I'm just not paranoid enough to go and buy a sparcstation to use as a firewall.


If I have got their attention then I should assume they have already exfiltrated all the data they want (considering, for example, the flap about spy chips on Supermicro boards):).


Thanks! - that's exactly the sort of information I was looking for. Just checked and it looks like you can put a quad i350 card in the M920. Looks ideal.
You definitely can, and then you will have the onboard i219 you can use for vPro (terrible ipmi)
The only reason I didn't use a quad port card like that is I wanted to be silly and run 10G on the inside :)
 
Last edited:

zogthegreat

Member
Jan 20, 2019
40
9
8
Maybe I'm missing something...

I can do any pfSense package you can think of with symmetric gigabit routing, and a tiny system at that, with < $60 worth of hardware. Is it fanless? Nope. So what? It (among other things in my rack) sits in a corner of my basement, away from anything else. Why are we spending 100s if not thousands !! for a router??

The top left board in this system is my pfSense box. Other boards do other things.

@kapone

You wouldn't mind giving us a breakdown of your hardware, would you? Nice setup. BTW!
 

kapone

Well-Known Member
May 23, 2015
1,095
642
113
@kapone

You wouldn't mind giving us a breakdown of your hardware, would you? Nice setup. BTW!
Nothing special, other than some creative engineering to pack 3x systems in a 1U chassis... :)

- At the top are two Gigabyte B75TN thin mini motherboards. These motherboards can take direct 12v in. The one on the left is my pfsense box with 8GB RAM (all I had in SO-DIMMs) with an i5-3570s, and a Mellanox single port 10g NIC. The right side box is my Domain controller, with just a i3-3220/4GB RAM.
- At the bottom is my "critical" ESXI server running on a Supermicro X9SRL-F motherboard with an E5-2650 v2/64GB RAM and another Mellanox 10g nic. This runs a number of my always on/critical VMs. This motherboard has actually been replaced with a different one, but the concept is still the same.
- On the PSU side is a "miner" breakout board that takes HP PSUs and that is an HP 460w platinum PSU. The Supermicro board was using a pico-psu for powering itself.

All told, all three system idle under 60w, with the biggest draw being the ESXI server. The two ITX boards combined take less than 20w.
 

unmesh

Active Member
Apr 17, 2017
200
55
28
65
@kapone

How did you put the pfsense portion together for $60? Or did I misunderstand the cost in your original post?
 

kapone

Well-Known Member
May 23, 2015
1,095
642
113
@kapone

How did you put the pfsense portion together for $60? Or did I misunderstand the cost in your original post?
That Gigabyte motherboard + CPU was ~$35. I already had the RAM and Mellanox card, which I estimate ~25-30. So, yeah, around $60.
 

Frank Bello

Member
Nov 14, 2018
36
12
8
It's been a while... the day job has been taking up my time. For anyone interested in this topic, here's what I bought in the end:

Lenovo M920q i5-9500t (6C/6T, base 2.2GHz, turbo 3.7GHz) 8GB 256GB SSD £334 ebay
Lenovo PCIE4 Riser Card 01AJ929 £26.40, ebay (note this is the PCIE x4 version of the riser)
Intel I350-T4 Quad port gig E card (Dell branded) £38.99, ebay
The back bracket for the quad-port card came from China, £6.62 plus postage, delivery £5.13

To make space for the quad-port card, you have to remove the SATA SSD and its carrier... so I bought an M.2 card for booting and local logging:
Gigabyte 256GB PCIe 3.0 x4, £30.98 (just wanted a cheap drive from a well-known brand).

Total cost £442.12. This box would also make a reasonable Windows PC for light duties, if I ever bought another firewall. I've shrunk the Windows 10 partition so as to keep that option open in the future.

I've tested the quad card from Windows - works fine. Next step is to install pfsense.

I just wanted to say "thanks" to all who contributed to this thread. This is a quiet, low power system... the power brick is rated for 90W but I'm sure the average load will be much lower. Also it's easily going to fit into the space I have, which was an important point, since I don't have space for a rack.

Lenovo M920q w quad gig E.jpg