Is this setup for Pfsense as a router for 1000Mbps WAN?

maxermaxer

Active Member
Oct 28, 2016
269
41
28
47
I happened to have a chance to buy this fanless router but I am not sure how good it is to use it for Pfsense for a 1000Mbps WAN internet. Can someone shed some light? Thank you!

Gargoyle x86 3215U
- Intel Celeron 3215U
- ADATA AM1L16BC2P1-B1FS 2GB DDR3L-1600MHz SO-DIMM
- BIWIN M6225 8GB SSD
- Intel I211 Gigabit LAN *4
- Juniper OEM Delta EADP-60KB B 12V 5A AC Adapter
With pre-installed Koolshare LEDE_X64_fw867
 

BoredSysadmin

Not affiliated with Maxell
Mar 2, 2019
786
291
63
it depends on how you intend to use it, for simple nat and stateful firewall, dhcp - it would be fine. If you expect to get near 1gig speed VPN and/or heavy use of IDS (Suricata) then you'd need something with more power.
I recommend Dell Wyse 5070 extended client based on J5005
 

maxermaxer

Active Member
Oct 28, 2016
269
41
28
47
it depends on how you intend to use it, for simple nat and stateful firewall, dhcp - it would be fine. If you expect to get near 1gig speed VPN and/or heavy use of IDS (Suricata) then you'd need something with more power.
I recommend Dell Wyse 5070 extended client based on J5005
Thank you! That's helpful!
 

zer0sum

Well-Known Member
Mar 8, 2013
692
352
63
Lenovo M720/920Q devices are awesome little firewall boxes.

You should make the switch to OPNsense though :p
 

newabc

Active Member
Jan 20, 2019
240
89
28
Lenovo M720/920Q devices are awesome little firewall boxes.
Agree. For Suricata(IDS/IPS) and VPN, more high frequency cores mean more allowable bandwidth.
Of course, if only for 1gbps IDS and without VPN, the Wyse 5070 extended should be enough.
 

BoredSysadmin

Not affiliated with Maxell
Mar 2, 2019
786
291
63
Agree. For Suricata(IDS/IPS) and VPN, more high frequency cores mean more allowable bandwidth.
Of course, if only for 1gbps IDS and without VPN, the Wyse 5070 extended should be enough.
5070 with J5005 was tested to be pushing near gig speeds with Wireguard and VyOS, but yeah with heavy IPS/IDS one would need something beefier.
 

maxermaxer

Active Member
Oct 28, 2016
269
41
28
47
Lenovo M720/920Q devices are awesome little firewall boxes.

You should make the switch to OPNsense though :p
Am I missing something? Isn't Lenovo m920q a single LAN port PC? I don't see PCIE expansion slot that I can add LAN card to it. With just 1 LAN port how can it be a pfsense router/firewall?
 

BoredSysadmin

Not affiliated with Maxell
Mar 2, 2019
786
291
63

newabc

Active Member
Jan 20, 2019
240
89
28
Am I missing something? Isn't Lenovo m920q a single LAN port PC? I don't see PCIE expansion slot that I can add LAN card to it. With just 1 LAN port how can it be a pfsense router/firewall?
Both m920q/m720q and 5070 extended have a PCIE expansion slot for a PCIE nic.
 

zer0sum

Well-Known Member
Mar 8, 2013
692
352
63
Am I missing something? Isn't Lenovo m920q a single LAN port PC? I don't see PCIE expansion slot that I can add LAN card to it. With just 1 LAN port how can it be a pfsense router/firewall?
M720 and M920 can both take a PCIe card if you grab yourself the little 90 degree extender :)

I'm running a dual port Mellanox CX3 that can do 10/40/56G, but a lot of people run quad port 1G cards as well.

Using Lenovo M720q tiny PC as a router | norbertas.com
 

maxermaxer

Active Member
Oct 28, 2016
269
41
28
47
Thank you for telling me, a network newbie, this trick! :)

If I would like to get a upgraded Supermicro based system (from my current Supermicro A1SAi-2750F - Intel(R) Atom(TM) CPU C2750 @ 2.40GHz), what SM model system are available in the market that is not too expensive and suitable for pfsense? 2nd hand is definitely fine.

On the other hand, I want to make sure I understand which tier Lenovo M720Q/Dell 5070 goes to. Should they belong to tier 2 below?
1) Basic firewall/router
2) Medium level of VPN use
3) Heavy level of VPN use