New 1U pfSense build - Can't decide on hardware

link470

New Member
Mar 26, 2017
4
1
3
32
I'm working on a new pfSense build to replace a SuperMicro 1U D525 build (which of course, doesn't have AES-NI support and will therefore be incompatible with future pfSense releases).

I've decided on the SuperMicro SC505-203B as the case because of the front facing I/O. Comes with a PSU, which I may swap for the 160w Pico I have in the D525 right now (because it's 100% silent), and install a couple 40mm fans in there for airflow. Hard drive and RAM are easy; I'll find something and install 'em.

The real question is which board to get. I'm between 4 at the moment with the 1U form factor in mind (so it'll fit nicely in my enclosed wall rack in a closet). I'm very open to another suggestion as well; I'm not limited to these boards in any way. This is just what I've found. Also, if one of these pros or cons isn't actually a pro or con to you, please explain! It might help me decide and learn.

Board 1: SuperMicro X11SBA-LN4F (Pentium N3700)

Pros:
•Quad gigabit ethernet with dedicated IPMI interface
•Low price
•6w TDP chip

Potential Cons:
•Intel i210; I've heard the i3xx is better and should be the one to aim for over the i2xx because of queue handling and the potential for pfSense to take better advantage of that down the road
•No QuickAssist
•Installation problems - I'm sure many of you are familiar with this post on pfSense forums where 'Engineer' is working extremely hard to find a solution and runs into issues with board revisions that require a hardware fix.

Board 2: SuperMicro A1SRi-2558F (Atom C2558)

Pros:
•Quad gigabit ethernet with dedicated IPMI interface
•Intel i354 NIC
•QuickAssist

Potential Cons:
•C2000 series. As much as this board seems like it's used for pfSense builds all over the place, the fact that it has a potential time bomb of its life is concerning.
•Oldest of the 4 board chipsets here

Board 3: SuperMicro A2SDi-4C-HLN4F (Atom C3558)

Pros:
•Quad gigabit ethernet with dedicated IPMI interface
•QuickAssist
•New chip that doesn't seem to be affected by the C2000 bug
•Still keeping the heat relatively low with a 16w TDP, just 3w TDP higher than my rather toasty D525

Potential Cons:
•New C3000 based Intel network chipset (X553 I believe) which it sounds like the next version of pfSense will support, but not sure how stable this technology is right now. Thoughts appreciated.
•Rather pricy, but I'll put the money into it if it's worth it

Board 4: SuperMicro A2SDi-LN4F (Atom C3850)

Pros:
•Quad gigabit ethernet with dedicated IPMI interface
•QuickAssist
•New C3000 chip
•Well known i350 NIC

Potential Cons:
•Pricy
•Highest CPU TDP at 25w

Thanks for your time in advance everyone!
 

Rand__

Well-Known Member
Mar 6, 2014
4,558
909
113
So you have a nice list of options, but over that you totally forgot the most important information:

What are your (specific) requirements;) ?
Was the D525 sufficient and you just need a future save replacement? Was it lacking in any way?

Whats up&down, features you are currently using/will be, user count etc?
 

link470

New Member
Mar 26, 2017
4
1
3
32
So you have a nice list of options, but over that you totally forgot the most important information:
You're absolutely right, my apologies. I had the list of parts on my mind so much that I completely forgot that.

What are your (specific) requirements;) ?
It needs to be able to handle traffic from a relatively small number of devices (less than 50) on a 150/150 connection, which may be a 300/300 connection down the road. The biggest thing is that it doesn't sound like a jet, and the D525 with 2x 40mm fans has been great.

Was the D525 sufficient and you just need a future save replacement?
This is essentially what I'm after, yes. The D525 will very soon be unsupported by pfSense for future versions as well. Other than that, it's been good.

Was it lacking in any way?
To be honest, since I implemented it a year and a half ago, there's always been something "not quite right" since, but I think a lot of it comes down to the fact that IPMI was on a shared port and enabled by default, and I now have the jumper disabling IPMI on the board, and also, I'm now no longer using either the DNS forwarder or DNS resolver (or with forwarding enabled) services because no matter how hard I tried, my internet response performance somehow seemed quicker with my 12+ year old Linksys consumer router. I've never had this issue before and install pfSense in many other environments and haven't run into that problem, but it's working pretty well now just bypassing pfSense as DNS and pushing my ISP DNS servers to clients directly.
 

Robert Fontaine

Active Member
Jan 9, 2018
113
28
28
53
I'm looking at the same question:

I picked up
- a couple of the iStarUSA D-118V2-ITX-DT for about 50$USD each shipped.
- a couple of the Noctua NF-A4x10 FLX 40x10mm fans (I may have to come back around for 20mm thick fans if not enough air volume
- Silverstone SST-FX350-G Standard FLEX ATX 80 PLUS Gold 350W Power Supply arrived yesterday. $130USD shipped.

The supermicro boards are compelling and make up most of the available boards on fleabay
other options seems to include

Mitac PD10AI MT Intel Apollo Lake N3350
Supermicro A2SAV
* Supermicro MBD-X11SBA-LN4F-O
* Supermicro A1SRI-2558F
Jetway JNF591 Intel Braswell Celeron N3150
* Supermicro A2SDi-2C-HLN4F

Neither the Mitac and Jetway have IPMI which seems like less watts at idle so depending
on your requirements could be good or bad things.

I am fairly addicted to Supermicro, but in this case (PFSense 300 down , 20 up, rarely use vpn, as an edge router I don't honestly need a server grade motherboard. If I move to 40/10gbe internally I may need an internal router but on the edge to my cable modem what I need is reasonably reliable (wife doesn't yell that the network is down) and quiet (network cabinet is in my office space).

To me this comes down to aes-ni, 2 intel nics ( the ability to fit a 4 port intel card is nice to have but not really necessary ), passively cooled or pretty darn close ( low db fans acceptable ). In my environment this box will mostly be running at idle and when it is I don't really want to hear it.

 

Robert Fontaine

Active Member
Jan 9, 2018
113
28
28
53
@nthu9280 Yes but I have an addiction.
already have an optiplex 990 sff with a 4 port intel nic, 8gb and an ssd but it's not pretty and it's a little noisy.
 

Rand__

Well-Known Member
Mar 6, 2014
4,558
909
113
If you look at the official appliances you see that the C3558 with x553 is one of the options (NG-7100) so I would assume it should be supported and issues will receive proper attention.

But if the 525 was sufficient and you want less power I'd go with the X11SBA-LN4F. Most of the discussion is from 2 years ago, so either thats discouraged all people from buying this for pfsense or the impact is minimal with newer bios versions...
 

Robert Fontaine

Active Member
Jan 9, 2018
113
28
28
53
That said you could save 4 watts at idle by removing IPMI and maybe a little bit more with a 3150 but both the 3700, 3160 and 3150 are all rated for 6 watts so going the 3700 route gives better peak and the same idle.

The xeon-d territory may suit our friends with gigabit pipes and a dedicated vpn with multiple users but in my basement dungeon I'm really thinking the that my choice is this or the Jetway. I don't really want the 4 watts of the IPMI on one hand but the 4 intel ethernet ports on the motherboard are appealing although again not terribly necessary.

... I've convinced myself , the X11SBA-LN4F is the best fit for purpose pfsense motherboard for my needs.... Now I just need to find it for half price. :)
 
Last edited:

Robert Fontaine

Active Member
Jan 9, 2018
113
28
28
53
@Rand_ thanks. didn't know this.... Found a long thread on hardware issue with ethernet port on early revisions of this board.
X11SBA-LN4F vs A1SRi-2558F still reading. sigh. learning is fun and all but finding a board for pfsense is an unusually drawn out process. PCB 1.02 and better implement the fix.

Best price for Canuckistan seems to be newegg.ca 275CAD (210USD). Not exactly half price used but not terrible for new with warranty and at least that ensures that if it's old stock that RMA or return is an option.
 
Last edited:

PD_ZFS-User

New Member
Jul 13, 2018
17
9
3
@Rand_ thanks. didn't know this.... Found a long thread on hardware issue with ethernet port on early revisions of this board.
X11SBA-LN4F vs A1SRi-2558F still reading. sigh. learning is fun and all but finding a board for pfsense is an unusually drawn out process. PCB 1.02 and better implement the fix.

Best price for Canuckistan seems to be newegg.ca 275CAD (210USD). Not exactly half price used but not terrible for new with warranty and at least that ensures that if it's old stock that RMA or return is an option.
Robert,

I've successfully installed OPNSense on my Supermicro X11SBA-LN4F rev. 1.02 with no issues (purchased from Newegg, March 2018). I can confirm that this revision of the board does not have problems with the ethernet ports.

Currently I'm running Sophos XG Firewall v17.1 and I've also had Sophos UTM 9.508 installed on the same motherboard.

OPNSense was actually the easiest install of the three, IIRC I was able to use UEFI to install from an ISO on a USB Flash. During the short time I was trying out OPNSense, I never had any issues with the onboard i210 NICs and I've never had any NIC issues with either version of Sophos' firewalls.

I'm using it for home internet and not really tasking it hard with a 50/50 Mbps service. I have not tested Sophos XG with any VPN setup yet.

Good Luck with your hardware search,
PD
 
  • Like
Reactions: T_Minus