Is is a good MB for a PFSense box?

[Dww0311]

Excellent. I was looking at a R210ii for a dedicated pfsense box and noticed the R210s are substantially cheaper. I may just get one of them for cost savings.

Just conducted an informal test using my iPhone and Decibel 10th / Decibel Meter. With 4 servers (2 x R210 & 2 x R210 II) currently running (I'm waiting on a 9286CV-8e to replace the 9200-8e I ordered without bothering to check if it could handle hardware RAID, so the 5th box - a R210 & my SA120 DAS are powered down), I registered between 46dB and 51dB - somewhere between what you'd expect to hear from a desktop and from a refrigerator

 

[Rodskii]

Just conducted an informal test using my iPhone and Decibel 10th / Decibel Meter. With 4 servers (2 x R210 & 2 x R210 II) currently running (I'm waiting on a 9286CV-8e to replace the 9200-8e I ordered without bothering to check if it could handle hardware RAID, so the 5th box - a R210 & my SA120 DAS are powered down), I registered between 46dB and 51dB - somewhere between what you'd expect to hear from a desktop and from a refrigerator

Well that makes me excited. I can easily handle that along side my DL380 G6.

Another quick question. I currently have an Intel DH61BE motherboard with an I7-2600 CPU in it that's laying around. I was planning on getting a cheap 2u case from rosewell and using it as my pfsense box with a quad gigabit NIC i'm not using. I noticed the i7-2600 is almost identical specs to the e3-1240v2 that comes in most R210ii servers except the 95tdp vs 69tdp and no ECC support. Would it be beneficial to just get a case and make due with what I have? I figure at such a low CPU use the power difference would be minimal.

 

[Dww0311]

Well that makes me excited. I can easily handle that along side my DL380 G6.

Another quick question. I currently have an Intel DH61BE motherboard with an I7-2600 CPU in it that's laying around. I was planning on getting a cheap 2u case from rosewell and using it as my pfsense box with a quad gigabit NIC i'm not using. I noticed the i7-2600 is almost identical specs to the e3-1240v2 that comes in most R210ii servers except the 95tdp vs 69tdp and no ECC support. Would it be beneficial to just get a case and make due with what I have? I figure at such a low CPU use the power difference would be minimal.

That i7 comes in on Passmark about 8,200, vs the E3-1240 v2 around 9,200. It really depends on what you're using it for. Simple home traffic - either one would more than accomplish the purpose & then some with just a pfSense firewall running. In fact either of them running just pfSense would be overkill.

For comparison, I run an entire Sophos UTM 9 platform - firewall, IPS, web filtering, SMTP & POP3 proxies, endpoint protection for 9 boxes, dual antivirus (Avira and Sophos), antispyware and antispam - on a R210 II E3-1280 v2 with 32GB servicing a 2 link load balanced 800/800 WAN and that's overkill. (which brings up another question - why just a firewall vs unified threat management?)

Frankly, you could run just pfSense acting as a firewall on most home connections with a Pentium 4 & 4GB. We set up my next door neighbor's installation on an old Sun UltraSparc box he had lying around and it's bored most of the time. I ran it as a test case (to establish a benchmark) on my WAN setup for a week or so on an old Optiplex Core 2 Duo desktop with 4GB and it wasn't really stressed. pfSense is not exceptionally resource intensive.

 

[Rodskii]

That i7 comes in on Passmark about 8,200, vs the E3-1240 v2 around 9,200. It really depends on what you're using it for. Simple home traffic - either one would more than accomplish the purpose & then some with just a pfSense firewall running. In fact either of them running just pfSense would be overkill.

For comparison, I run an entire Sophos UTM 9 platform - firewall, IPS, web filtering, SMTP & POP3 proxies, endpoint protection for 9 boxes, dual antivirus (Avira and Sophos), antispyware and antispam - on a R210 II E3-1280 v2 with 32GB servicing a 2 link load balanced 800/800 WAN and that's overkill. (which brings up another question - why just a firewall vs unified threat management?)

Frankly, you could run just pfSense acting as a firewall on most home connections with a Pentium 4 & 4GB. We set up my next door neighbor's installation on an old Sun UltraSparc box he had lying around and it's bored most of the time. I ran it as a test case (to establish a benchmark) on my WAN setup for a week or so on an old Optiplex Core 2 Duo desktop with 4GB and it wasn't really stressed. pfSense is not exceptionally resource intensive.

I was going to go pfsense since it's open source and has decent packages for threat detections. I hadn't looked into any UTM's because I figured it would be overkill for a home network but now thinking about it I would love to get hands on configuring something like that. I may just try out the Sophos UTM Home Edition and see what it's like (SG UTM has a cost associated with it).

 

[markarr]

I was going to go pfsense since it's open source and has decent packages for threat detections. I hadn't looked into any UTM's because I figured it would be overkill for a home network but now thinking about it I would love to get hands on configuring something like that. I may just try out the Sophos UTM Home Edition and see what it's like (SG UTM has a cost associated with it).

The SG version doesnt have a cost associated with it. It is free to use at home only limits are 4cores and 6gb of ram. So UTM limit of 50 ips, SG hardware limit.

 

[Rodskii]

The SG version doesnt have a cost associated with it. It is free to use at home only limits are 4cores and 6gb of ram. So UTM limit of 50 ips, SG hardware limit.

Really? Well that's pretty awesome. I will definitely have to do some more research. Thank you!

 

[Dww0311]

I was going to go pfsense since it's open source and has decent packages for threat detections. I hadn't looked into any UTM's because I figured it would be overkill for a home network but now thinking about it I would love to get hands on configuring something like that. I may just try out the Sophos UTM Home Edition and see what it's like (SG UTM has a cost associated with it).

The SG appliances cost $$. The software that they run - either UTM 9 or XG - is downloadable and can be licensed for home use (the parameters of the home use license are more than enough for most any home network) for free.

(anticipating the question: they give it away for free to home users because doing so builds a telemetry army that enables them to much better protect the folks who are paying mondo spacebucks for Sophos commercial stuff). The software is protecting you, but it also reports back to Sophos on the threats that it encounters, so you're essentially helping each other.

 

[Rodskii]

The SG appliances cost $$. The software that they run - either UTM 9 or XG - is downloadable and can be licensed for home use (the parameters of the home use license are more than enough for most any home network) for free.

Markarr mentioned that. I've already registered and received my UTM license information for home use. Pretty excited to jump into this now. Thanks for everything!

 

[T_Minus]

@Dww0311 do you have a pdf or URL to the limitations / home use information specifically vs. retail/$ ? Just curious about playing around with it myself.

 

[Dww0311]

Markarr mentioned that. I've already registered and received my UTM license information for home use. Pretty excited to jump into this now. Thanks for everything!

No problem. Word of advice - the fresh install is configured to pass exactly zero traffic - between anything - so there can be a bit of a learning curve to getting it working if you have a weak background in firewalls. Let one of us know if you get stumped.

 

[Rodskii]

@Dww0311 do you have a pdf or URL to the limitations / home use information specifically vs. retail/$ ? Just curious about playing around with it myself.

Here's a screenshot of the licensing information for the account I just registered.

 

[Rodskii]

No problem. Word of advice - the fresh install is configured to pass exactly zero traffic - between anything - so there can be a bit of a learning curve to getting it working if you have a weak background in firewalls. Let one of us know if you get stumped.

Mainly have experience using Mikrotik products and pfsense. Some basic cisco stuff too.

I will definitely take you up on that offer if I run into issues.

 

[markarr]

@T_Minus They dont really specifically spell restrictions. This is the link for the XG version
Free Firewall for Home Users | Free Home Security Appliance Download | Sophos XG Firewall

 

[Dww0311]

@Dww0311 do you have a pdf or URL to the limitations / home use information specifically vs. retail/$ ? Just curious about playing around with it myself.

I'll look around to see if I downloaded any documentation. Basically with a home use license on UTM 9 you're limited to:

50 users

32,000 concurrent connections

You get standard support vs premium

no Basic Guard and no Sandstorm

XG is limited to 4 cores and 6GB of RAM. You can give it a box with more, but it won't use them.

 

[Dww0311]

Here's a screenshot of the licensing information for the account I just registered.

Yea, you're good to go.

Another piece of advice: you'll be prompted to install the license file during initial setup, but it doesn't always work perfectly. Once you've completed the initial setup, check the licensing tab under Management. You'll probably find that the expiration dates are wrong and need to reinstall the license.

Note also that internal VLAN addresses which aren't routed by the appliance do not count towards your 50 IPs. For example, all of my VLANs are routed internally, either by virtue of living on the same switch or by virtue of inter-switch routing being handled through my 2901. The only IP address that counts towards my 50 is the port on the 2901 that is connected to the internal interface of the UTM. So I'm "charged" for one IP address, despite having nearly 100 of them active within my network.

 

[Rodskii]

Yea, you're good to go.

Another piece of advice: you'll be prompted to install the license file during initial setup, but it doesn't always work perfectly. Once you've completed the initial setup, check the licensing tab under Management. You'll probably find that the expiration dates are wrong and need to reinstall the license.

Note also that internal VLAN addresses which aren't routed by the appliance do not count towards your 50 IPs. For example, all of my VLANs are routed internally, either by virtue of living on the same switch or by virtue of inter-switch routing being handled through my 2901. The only IP address that counts towards my 50 is the port on the 2901 that is connected to the internal interface of the UTM. So I'm "charged" for one IP address, despite having nearly 100 of them active within my network.

Oh wow that's awesome. I will never use that more than 50 but my setup will be Cable Modem -> Sophos UTM -> Mikrotik CRS109 Switch -> all other devices.

 

[mackle]

I've seen barebone R210 II's for $50 and have sticks of 2GB DDR3 ram sitting around doing nothing. If I was to upgrade my lowly Celeron G540 desktop to a second hand Ivy i5/i7 (about 4 years later than I was intending to), would it make sense to use that G540 in a R210 II pfsense client?

 

[T_Minus]

G540 is a bad choice because it's way too power hungry for what it provides, and missing instruction set for pfsense going forward.

 

[mackle]

G540 is a bad choice because it's way too power hungry for what it provides, and missing instruction set for pfsense going forward.

Yeah, from the other (similar) thread I noticed shortly after my post that AES-NI is important going forward and probably rules it out. Though watts wise, this chip has always impressed me with how little it draws.