pfSense - HP T620+ vs Dell Wyse 5070

yogi_en

New Member
Dec 18, 2019
15
8
3
Hello,

I am in the process of replacing my router ( USG from Ubiquiti as of now ) with a pfsense box. After some research, I narrowed down to the following models.
  • HP T620 +
  • Dell Wyse 5070 Extended
I have a 100/10 Mbps connection as now. Will be upgrading to 250/10 Mbps some time in future. I plan to use the following services.
  • Vpn Client and Sever
  • IPS/IDS ( Surricata?)
  • pfBlocker ( I have a pi-hole and thinking of replacing that )
  • ntopng or similar for some network status graphs.
I am looking for a low power device.
I came across this thread which says Dell uses less power than HP. If that is the case I would like to go ahead with Wyse as it is more powerful.

Please provide your inputs!.
 
Last edited:

Evan

Well-Known Member
Jan 6, 2016
3,346
584
113
Don’t let that reddit thread confuse you as to the TDP of a CPU have must relation to power consumption even more so over different vendors CPU as they simply measure even TDP different.
No doubt the actual power consumption is not too different.

I have no comment about either of these and pfSense though. I would imagine either is fine for 250mbps down speed without any issues and the VPN etc is anyway limited by upstream traffic limits rather than CPU.
 

yogi_en

New Member
Dec 18, 2019
15
8
3
Thanks for the reply. I am confused by the following statement.

Don’t let that reddit thread confuse you as to the TDP of a CPU have must relation to power consumption even more so over different vendors CPU as they simply measure even TDP different.
No doubt the actual power consumption is not too different .
.

Are you saying that the reddit thread information about power consumption is not accurate?. Do you know which device will consume more power?
 

BeTeP

Well-Known Member
Mar 23, 2019
573
370
63
I do not know if you paid any attention to the price difference. Make sure that you are comparing apples to apples. The Dell model being discussed in the reddit thread you linked is "Dell Wyse 5070 Extended". The regular 5070 model does not have the PCIe slot. So the problem is that while regular Wyse 5070 sells at similar price point with T620Plus the extended version sells for more than twice as much.
 
  • Like
Reactions: WANg

yogi_en

New Member
Dec 18, 2019
15
8
3
Thanks. I did check the price. I can see Dell Wyse Extended in ebay for around 180$ now with out Intel PCI Card ( the reddit post mentions 150$ ) and T620+ for around 140 ( with Intel PCI card ). I am OK spending another $50 for Dell Wyse extended because it has better processing power and is future proof. My main concern is with respect to power consumption.
 
Last edited:

Evan

Well-Known Member
Jan 6, 2016
3,346
584
113
Thanks for the reply. I am confused by the following statement.

.

Are you saying that the reddit thread information about power consumption is not accurate?. Do you know which device will consume more power?

Yes the Reddit thread is totally wrong.
Using TDP of a CPU is not an accurate way to determine power consumption.

May idle both units consumed 4.5 - 5.0 watts, both have 65w psu in the default config.
Note the wyse extended chassis idles at 9.7w with a 130w adapter.

At load neither unit has details but probably not that different either, besides most time is spend idle anyway. Also not idle figures are windows OS or Linux thin client that is optimized, BSD (pfsense base OS) you can probably expect higher usage.

HP t620 Flexible Thin Client Product Specifications | HP® Customer Support

https://thinclientbenefits.com/uplo...0-Executive-Summary-and-Specs-Sheet-Final.pdf
 
  • Like
Reactions: yogi_en

zack$

Well-Known Member
Aug 16, 2018
654
275
63
Thanks. I did check the price. I can see Dell Wyse Extended in ebay for around 180$ now with out Intel PCI Card ( the reddit post mentions 150$ ) and T620+ for around 140 ( with Intel PCI card ). I am OK spending another $50 for Dell Wyse extended because it has better processing power and is future proof. My main concern is with respect to power consumption.
Just as an aside, why not a T730 for $140?

HP T730 Thin Client 2.70GHz AMD RX-427BB 32GB SSD 8GB RAM WES 7P64 AMD R7-1024MB 889894471475 | eBay
 
  • Like
Reactions: yogi_en

BeTeP

Well-Known Member
Mar 23, 2019
573
370
63
I can see Dell Wyse Extended in ebay for around 180$ now with out Intel PCI Card ( the reddit post mentions 150$ ) and T620+ for around 140 ( with Intel PCI card ).
Your 5070 price seems about right but I have never paid more than $80 shipped for the T620+ (base config) - thus my claim about more than double price difference. But I do agree that 5070 being more recent system is worth some extra.
 

yogi_en

New Member
Dec 18, 2019
15
8
3
I didn't explore using HP 730 , mainly because I didn't see much information on using HP 730 for pfSense. Most of the post that I came across is about HP 620+. Having said that I am open to using HP730, if that is a better choice. Seems to be cheaper than Wyze 5070.

Any information on installing pfSense on this?

like most suggestions on reddit, there are better options
Can you please indicate what are the better options?

EDIT: Saw this post in the forums here. Look like T730 consumes more power!. Any thoughts?

FYI guys... I played around with my T730 over the weekend and found that it idled around 15.8W as measured by a Kill-A-Watt. This is significantly higher than the T620PLUS, which was about 6.9W. If the T730 were to be used as a network appliance with an add-on NIC, my guess is that it would be close to 20W. So, although T730 is more powerful than T620PLUS, if you aren't going to make use of the extra compute power, the T620PLUS seems like the better choice as far as network appliance goes.

#39
BLinux, Aug 20, 2018
 
Last edited:

zer0sum

Well-Known Member
Mar 8, 2013
695
352
63
I used to use a T620 with a 4 port nic and it was awesome :)

But, I've since switched to a mini-itx server based on an AsRock Rack E3C224D2I, running ESXi with OPNsense and other perimeter stuff like collectors and sandboxes etc.
I actually like having it virtualized better, because I can switch firewall brands any time I like, and can do snapshots before upgrades :)

Next time I'll try one of the various micro firewall appliances on Amazon/Alibaba etc. for $250
https://www.amazon.com/gp/product/B072ZTCNLK/ref=ox_sc_act_title_1?smid=AZEYJ27R4YB41&psc=1
  • Intel Quad Core Atom E3845, 64 bit, 1.9GHz, 2MB L2 Cache
  • Fanless with passive heatsinks
  • Full AES-NI hardware support
  • 4x Intel Gigabit Ethernet NIC ports
  • DDR3L RAM
  • mSATA SSD
  • 1x USB 2.0
  • 1x USB 3.0
  • 1x RJ-45 COM (serial)
  • 1x VGA
 
Last edited:

stuartbh

New Member
Jan 3, 2022
5
0
1
Hello all!
I am new to this forum and found this thread rather interesting.

I just obtained a T620 Thin Client (the really thin one, not the Plus) and am starting to get it ready to be made into a pfSense firewall. So far pfSense looks quite interesting and would allow me to run my access points as "Dumb" OpenWRT APs. Calling an OpenWRT dumb is surely an oxymoron. :)

I have already begun the process of VLANing my network, so having my internet connection on one VLAN and the rest of my devices on another makes a lot of sense to me and pfSense appears to have no issue with that and doing all that routing via single gigabit port.

The micro-firewall appliances are interesting but you do have to be careful to check which ones have AES-NI and which don't. At any rate, thats further along in my pfSense journey once I get there.


Stuart
 

stuartbh

New Member
Jan 3, 2022
5
0
1
I have considered OPNsense and rejected it for some several reasons as set forth herein below. However, reservations notwithstanding, I am open to listening and learning.

  • pfSense is a commercial product (though open source), so the attention to detail with respect to quality and overall regression testing is ostensibly far better than volunteers on an open source project have time or resources to conduct.
  • A company that is motivated by profit as well as concerns over litigation in the event of product flaws impels a far greater level of concern for the product's functionality and quality then strictly volunteer based projects.
  • Thus far, it appears to me that pfSense has packages not available under OPNsense and moreover is more stable than OPNsense seems to be (again, according to what people that have used both are saying currently).
  • I am not sure that OPNsense competes equitably with respect to the number and quality of wizards.

Things like stability, ease of use, and package availability are important to me, not just using a "true open source product".

Your thoughtful, considered, and deliberate comments are welcome.

Here is an aritcle that substantiates the sort of concerns I have:

In short, I see OPNsense as quantity and pfSense as quality.
 
Last edited:

zer0sum

Well-Known Member
Mar 8, 2013
695
352
63
I have considered OPNsense and rejected it for some several reasons as set forth herein below. However, reservations notwithstanding, I am open to listening and learning.

  • pfSense is a commercial product (though open source), so the attention to detail with respect to quality and overall regression testing is ostensibly far better than volunteers on an open source project have time or resources to conduct.
  • A company that is motivated by profit as well as concerns over litigation in the event of product flaws impels a far greater level of concern for the product's functionality and quality then strictly volunteer based projects.
  • Thus far, it appears to me that pfSense has packages not available under OPNsense and moreover is more stable than OPNsense seems to be (again, according to what people that have used both are saying currently).
  • I am not sure that OPNsense competes equitably with respect to the number and quality of wizards.

Things like stability, ease of use, and package availability are important to me, not just using a "true open source product".

Your thoughtful, considered, and deliberate comments are welcome.
You should dig into the pfsense wireguard fiasco a bit before giving them too much trust.
https://www.reddit.com/r/PFSENSE/comments/m6zcml/_/grawx3r
And I'm curious about which packages you're looking at as I've pretty much always found Opnsense to be more cutting edge.
It has always had better integrations with wireguard/tailscale/zerotier/tinc etc.
 
  • Like
Reactions: Vesalius

Vesalius

Active Member
Nov 25, 2019
200
150
43
Agree @zer0sum, pfsense owners have been significantly less than professional in past and recent decisions. Netgate definitely went for first and not quality when they released 2.5 (after 2 years) to production and their stamp of approval with the bad inhouse WireGuard implementation Before it was blessed by FreeBSD and the WireGuard lead. Then they attacked the folks that called them out or offered help. How would they have handled this if WireGuard was purely an internal project and code? if Your answer is anything but some version of “worse” I don’t know what to say.

pfSense took 2 years to get from 2.4 to 2.5 and that was release was not smooth at all. They delayed and now they are shifting focus to pfSense plus and have missed most if not all self imposed deadlines there to release a version not locked to their proprietary hardware.

Ironically, where they did make a big about face and may pass OPNsense is on WireGuard kmod implementation and the gui to monitor, setup and add users/peers. Christian McDonald is a new hire they picked up and his work was awesome on this front even before he had access behind the netgate curtain.

opnsense will integrate FreeBSD 13 well before netgate gets there and I don't see a reality where netgate has the resources or business reason to keep both pfSense plus and pfSense CE at under the hood feature parity.
 
Last edited:

marunjar

New Member
Feb 8, 2018
1
0
1
35
I have considered OPNsense and rejected it for some several reasons as set forth herein below. However, reservations notwithstanding, I am open to listening and learning.

  • pfSense is a commercial product (though open source), so the attention to detail with respect to quality and overall regression testing is ostensibly far better than volunteers on an open source project have time or resources to conduct.
  • A company that is motivated by profit as well as concerns over litigation in the event of product flaws impels a far greater level of concern for the product's functionality and quality then strictly volunteer based projects.
  • Thus far, it appears to me that pfSense has packages not available under OPNsense and moreover is more stable than OPNsense seems to be (again, according to what people that have used both are saying currently).
  • I am not sure that OPNsense competes equitably with respect to the number and quality of wizards.

Things like stability, ease of use, and package availability are important to me, not just using a "true open source product".
OPNSense is not strictly volunteer based project, it's a commercial product too, similar to pfSense.
When looking at OPNsense® a true open source security platform and more - OPNsense® is a true open source firewall and more you can find that the company behind OPNSense is Deciso and even the official shop which sells software and hardware ;)

Regarding stability there were indeed some updates which caused problems, but these were usually fixed pretty fast.
Also it's up to you to stay on safer side and wait some time before installing latest update, in terms of security it's almost never a problem to wait another day.

Or you pay for business edition, which features may be a little behind these of free version, but it's even more stable.
 

stuartbh

New Member
Jan 3, 2022
5
0
1
Well, for now I am installing pfSense as that is what I tested and I feel deploying it will get me where I need to be in terms of my steps for my home lab network upgrade. With that in mind, I will spend some time looking at OPNsense more closely. However, pFblockerNG does look very interesting.

Wireguard, I do not use as I prefer OpenVPN myself. One thing I liked about pfSense was how well it handled VPNs, PXE booting, and other sorts of things that some router software ignores.

Lastly, I do care about the open source state of software and that matters to me, though I happily install Debian with "non-free" firmware to get stuff working easily. So I am will to compromise on some levels for convenience.

To paraphrase Robin Williams, "I am not dating Mrs. Right, I am dating Miss Right-now." pfSense will be my next network router "Miss Right-now" but I still will look at OPNsense, IPfire, and a few others. I do admit that I prefer a Linux based distribution for several reasons but I trust FreeBSD too.
 
Last edited:

Vesalius

Active Member
Nov 25, 2019
200
150
43
When/if you reassess OPNsense check out the community Adguard home package. I also thought I would miss pfblockerNG when I switched to OPNsense a year or 2 ago, but overall I like adguard home better.