I keep shaking my head at these kinds of threads. (Sorry OP, it's not about you, it's the philosophy, no offense intended)
800 euros?? For an effin firewall box with a few gbe and 10g ports??
Either I'm too old...and none of this makes sense to me, or...something.
- Who cares about fanless? A decent low speed spinning fan is literally inaudible from a few inches away.
- Tiny boxes/form factor. Again, who cares? It could be 4x as big, still needs to go where the rest of the equipment is (otherwise, why're we buying this in the first place?)
- 256gb storage! For...what??
- 1.2gbps IPSec! umm...a 15 year old CPU could do that with hardware encryption.
- DDR4 RAM!! umm...why?
All this to run OPNsense...which can do all of that on <$100 (I'm being generous, given inflation) worth of hardware. Now, that all being said, the OP's size requirements ARE pretty specific, so maybe it makes sense to him/her, but you could still mount a bigger box on the wall, close to that enclosure and be done.
Are aesthetics THAT important, or am I missing something?
Edit:
For reference - Quoting my own message from a while back. Obviously not the same form factor (this is a 1U chassis), but that's because of my rack configuration, but that i5-3570s/4GB DDR3/something something SSD ~16GB/Mellanox CX3 single port 10gb nic, is still cranking along and I at present is routing two WANs.
Fios - at 1gbps symmetric
Comcast gigabit pro - At ~2-3gbps (A lot of people may not be familiar with this. It's essentially a trunk from Comcast with a fiber drop to the house).
This entire hardware was ~$60 at the time and idles at ~14w, with max 35w that I have seen. With inflation...$100?
Firstly, that's a pretty slick build you linked at the bottom of your post. Do you have a build threat type of post on that, beyond what you linked, that goes over the whole setup?
Also, what's that little breakout-like board just above the PSU?
"I keep shaking my head at these kinds of threads. (Sorry OP, it's not about you, it's the philosophy, no offense intended)" - No worries lmao. I get it.
"Are aesthetics THAT important, or am I missing something?" - Nope, definitely not. Aesthetics aren't at play here.
On fanless, absolutely true.
Tiny form factor is due to a space requirement where I live now. I'm not mounting anything on the wall, won't get the wife approval factor, and that's more holes in the drywall I have to fill when I move. My previous firewall was an HP ML310e gen8 v2, for reference (free from old job). That lived in a 42u rack, with a bunch of other gear. Previously was a VM on an R710.
I'm terminating all of my VLAN's and routing them on the firewall. So, IDS and IPS are in play for
some those VLAN's, but not all.
Storage... idk. squid/caching proxy maybe? large pcaps (those could get big, troubleshooting on a 10gig connection for sure)? any number of things I guess, that one I don't any insight to, I don't have a requirement for storage space in my firewall.
IPSec throughput... I really doubt a 15 (or 10) year old CPU can do that. maybe (REALLY BIG MAYBE) if it's 1 client, you'll get... close. ish. I'm open to be proven wrong here, with data.
DDR4.. because that's what the CPU platform uses?
There's also no way a 10-15 year old CPU is keeping up at 10gig with packet inspection. It's also all about doing this at line rate. Once you introduce IDS/IPS, or any kind of DPI, on a firewall like the *sense's, you don't have ASICs that are doing this, you're pulling traffic into the CPU and running through software, rather than hardware doing the job for you.
The cost of that box also includes a year of support, which is nice. I mean also, not for nothing, I can't code, so how else does one support an open-source project that they really like? Given how expensive hardware has gotten, the cost isn't that bad.
Even if it's a bit more it doesn't change the fact - he's right.
People are going for crazy overkill when it comes to firewall/router hardware. You can easily make do DIY build for 200-300$ or even less which gonna do 10 Gb/s.
Right, and wrong, are subjective to each person, and the situation/constraints they're working within.
I've also stated somewhere in this thread that I would like to buy new, specifically. I don't have a lot of time to tinker with hardware and worry about old hardware failing (because it does happen). I've got time to grab a NUC, and pop in RAM and SSD, and install an OS (~15 minutes of time). I don't have time to deal with a hardware failure that takes down my network, wait on eBay shipping for old gen hardware that also may have a higher chance of dying than buying new. Downtime for me = both my spouse and I not being able to work, as we work from home.
Can new hardware fail? Absolutely, I've had it happen recently actually (damn you Samsung and your SSD bs).
" People are going for crazy overkill when it comes to firewall/router hardware. " - If I go crazy overkill, I don't have to mess with it or upgrade it for a longer period of time, and less of a chance of a performance bottleneck.