MiniPC firewall in replacement of Sophos SG310

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

ChristTheGreat

New Member
Feb 16, 2024
4
1
3
Hello guys!

I have a Sophos SG 310 (with an I3 4330, 12gb of ram, 120gb SSD) running Sophos XG Home, which is working very well. I was looking at changing the sophos hardware, as it's getting old and wanting to have more recent hardware, with less power consumption :)

I've been searching alot, and alot, to find the best deal, but can't decide which one to take.

Qotom, Protectcli, minisforum, there is alot of choice! Basically, I'm looking to have similar performance to the i3 4330, since it can handle my 1gbps Internet (and with IPS, most device are ok with 300-400mbps). I was looking at maybe switch to OPNSense.

So Basically, requirements:
-Similar performance with i3 4330
-2c/4t or 4 cores +
-Are I226-V NIC still have issue? cause if yes, I210 would be my choice
-4x NIC 1gbps (1 for WAN, 1 for LAN, 1 for IoT/Guest/Camera)
-Can be with SFP, I have 2 SFP on my switch or I can also use GLC-T SFP.
-AES-NI

So What you guys use / recommend?

Protectli Vault FW6C with I5 7200U or with i7-8550U I saw, the Minisforum MS-01 but the I226 is holding me... Qotom I've seen on amazon with i5 5200U but I think this CPU is slower.

Thanks :)
 

tubs-ffm

Active Member
Sep 1, 2013
197
66
28
Did you found something in the meantime?

I am asking because I am considering to upgrade my OPNsense firewall to a Sophos SG 310 or SG 330 as used hardware you can get for low prices.
Or is it blast from the past that cannot compete any longer if you also consider the price to pay?
 

louie1961

Active Member
May 15, 2023
277
116
43
Protectli Vault FW6C with I5 7200U or with i7-8550U I saw, the Minisforum MS-01 but the I226 is holding me... Qotom I've seen on amazon with i5 5200U but I think this CPU is slower.
I would shoot for an N100 or if you want more horsepower, an i3-N300 cpu. Devices with these CPUs will be cheaper than the MS-01 and certainly more performant than the I5-7200U or i5-5200U, about the same performance as the i7-8550U at half the power consumption
 

ChristTheGreat

New Member
Feb 16, 2024
4
1
3
Well, finally, I found à Partaker 1U S21 on aliexpress, with an i7-10810U. Device is niee, using a MSATA 128gb I found in my stuff (since I have no idea of that sata power conenctor haha), and put 16gb of ram.

I had an issue, with it on OPNSense. Device was rebooting with no crash dump. I tried booting HBC, prime95, memtest, anything, not crashing. I need to retest with the CPU microcode in FreeBSD (I went from F8 to FA), to see if it helps.

For now, I run OPNsense on the Sophos SG310, and it runs perfectly, just consume more power, and more noise from the fans. I'm about to test again with the S21 during my vacation.
 

tubs-ffm

Active Member
Sep 1, 2013
197
66
28
Well, finally, I found à Partaker 1U S21 on aliexpress, with an i7-10810U.
Do you have a link to the spec?
Using the search in Google, Aliexpress and eBay I cannot find anything about this device. The 1U form factor looks interesting to me.

EDIT: Or is it a typo? Partaker 1U S12 maybe?

For now, I run OPNsense on the Sophos SG310, and it runs perfectly, just consume more power, and more noise from the fans. I'm about to test again with the S21 during my vacation.
Keep us informed about this device.
 
Last edited:

kapone

Well-Known Member
May 23, 2015
1,278
734
113
I've never understood the point of many many ports (of whatever kind) on a firewall appliance. I'd much rather have a managed L3 switch and a firewall with a single port in a home/homelab setting.
 
  • Like
Reactions: coxhaus

ChristTheGreat

New Member
Feb 16, 2024
4
1
3
I've never understood the point of many many ports (of whatever kind) on a firewall appliance. I'd much rather have a managed L3 switch and a firewall with a single port in a home/homelab setting.
Well, Having multiple port on a Firewall (at least for Enterprise), let you separate for multiple purpose. Exemple: you have multiple 1gbps Internet, multiple uplink for different network. We do have at work, Firewalls with like 5 Port-channel to different stack of switch (MAN, WAN, server farm), also, you can have HA ports.

As for the topic, I finally found my issue with the Partaker 1U S21 on aliexpress. I had to disable PowerD in OPNSense, and let the bios control normally. been like 16 days without any reboot. Maybe a little more heat, and consumption, as the CPU doesn't go often on low speed.

1720190892509.png
 
Last edited:

USSZulu

New Member
Nov 22, 2022
2
0
1
I've never understood the point of many many ports (of whatever kind) on a firewall appliance. I'd much rather have a managed L3 switch and a firewall with a single port in a home/homelab setting.
If you are using VLANs for security, it is better to use the firewall to handle that segregation, since L3 switches really are not the place to do VLAN security. Of course you can if you have a switch that uses ACLs, but that is a pain and not always foolproof.
 

kapone

Well-Known Member
May 23, 2015
1,278
734
113
Well, Having multiple port on a Firewall (at least for Enterprise), let you separate for multiple purpose.
But, this is not for an enterprise...it's a home/homelab application.

Exemple: you have multiple 1gbps Internet, multiple uplink for different network
Umm...that's what switches are for. You terminate all your networks on...switches. The firewall is for cross-network access, whether between internal networks, or internal-external.

also, you can have HA ports
Again...that's what switch stacks are for. Having HA ports on a firewall doesn't do anything, since they share the same chassis/PSU etc. Two separate switches, with two different PSUs (and potentially two within each switch), connected to two independent power buses...

it is better to use the firewall to handle that segregation, since L3 switches really are not the place to do VLAN security
er...that is exactly what an L3 switch is for. Ever heard of AWS? It's L3 routed. Wonder how they do that...
 

USSZulu

New Member
Nov 22, 2022
2
0
1
er...that is exactly what an L3 switch is for. Ever heard of AWS? It's L3 routed. Wonder how they do that...
I'm guessing you never heard of VLAN hopping? You missed where I said you can use ACLs if you have a switch that supports that, but it's not foolproof.

Regardless, there is more than one way to do things and that does not make another method is useless. There are plenty of end users that use the firewall for VLAN segregation and cross-VLAN access.
 

kapone

Well-Known Member
May 23, 2015
1,278
734
113
I'm guessing you never heard of VLAN hopping? You missed where I said you can use ACLs if you have a switch that supports that, but it's not foolproof.

Regardless, there is more than one way to do things and that does not make another method is useless. There are plenty of end users that use the firewall for VLAN segregation and cross-VLAN access.
If VLAN hopping is a problem in an appliance specifically designed for VLANs...you think software based VLAN segregation is going to be more secure??

And I don't know of any L3 switches that don't support ACLs. That's their whole point.
 

sic0048

Active Member
Dec 24, 2018
173
136
43
But, this is not for an enterprise...it's a home/homelab application.
That's exactly right. Setting up a switch to handle L3 functionality is not something the average home user knows how to do.... So while an "IT professional" will have no problem setting their home network up with this functionality, it's not something that just anyone is going to feel comfortable tacking.