recommended solution for a well performant firewall

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

WellGate

New Member
Jan 4, 2025
1
0
1
Hello guys ,

I am in the process of setting up a firewall ( Opnsense ) and i was aiming to get me a mini pc:

like ( Lenovo ThinkCentre M720q (i5-8400T) - or

HP ProDesk 600 G4 Mini (i5-8500T) or

Dell OptiPlex 7060 Micro Core (i5-8500T) .

in other hand i am also checking and searching more about some dedicated firewall hardware such :

Tuofudun (N5105)
Tuofudun (N100)
KingnovyPC Firewall (N100)
Protectli Vault FW4B : (Intel J3160 ) (4C/4T)



i would like to know like the best choice in these three and the best way to add additional ethernet ports in order to use as a firewall without the need of usb ethernet adapter .

right now i have DELL MICRO OPTIPLEX 3060 (i5-8500T) , i didn't find any reliable solution to add second ethernet port , any ideas , suggestions.

my main goal is to have an excellent performant firewall that can handle 1 gb internet without any issues specially using IDS and IPS for Opnsense ( not sure if they are necessary for a home use
able to handle in good speed Openvpn of Nordvpn
able to handle or to be used as DNS server ( Pihole + Adguard )
able to be used as Tailscale for remote access
doesn't consume a lot of power

any informative answers and help would be highly appreciated .

thanks
 

Fratopolis

New Member
Dec 17, 2022
2
3
3
I actually have 3 micro 3060s and 1 micro 3070 the 3060s are setup in a 3 node proxmox. I added a 2.5gb adapter to each of them using the popout on the back and ocupied the wireless lan card slot. I have 1Gbit internet and see the full speed so the 2.5 gb adapters work great and gett full speed back to my dual mini xl+ Scale Nas

Slap this exactly in google. (They are Realtek but I have not had any issues. Just make sure to put the intel on the wan side obviously.)

M.2 A+E 2.5G Ethernet Adapter 2.5G/1G/100M Multi-Gigabit M.2 Card 8125B COM
 

mbosma

Member
Dec 4, 2018
81
60
18
I actually have 3 micro 3060s and 1 micro 3070 the 3060s are setup in a 3 node proxmox.
In my experience pfsense/opnsense don't handle ovpn very well when they're virtualized, at least not in KVM, even when tinkering with AES-NI passthrough etc the ovpn bandwidth never exceeded 150mbit while running it on a simple n100 results in 500+mbit over ovpn (tested with iperf3).

A simple N100 would suffice for gbit nat (and pppoe if your provider uses that), as I stated earlier the ovpn speeds are fine as well.
I'm not sure if IDS / IPS will be possible at line rate though as I don't have any experience with that on a small scale.

It's possible to install adguard on opnsense using the community repo and pfblockerng on pfsense which gives you similar functionality.
As long as you're not exposing the dns resolver to hundreds of clients the load shouldn't be that bad, even for a light system.
 

louie1961

Active Member
May 15, 2023
267
114
43
I have a fanless N100 box running pfSense as my router/firewall. I love it. https://www.amazon.com/gp/product/B0BZJB9KX5?th=1

If I had it to do over again, I might consider a 6 port unit instead, just to have a couple of extra ports if I need to log into the box directly for some reason. Those extra ports would have made my set up a little easier, as I run two/redundant WAN connections (Comcast cable and T-Mobile 5G Home Internet) and I have the other two ports LAGGed into my switch. Since I updated to a 10gbe capable switch, I might go for something with SFP+ ports as well. But those are minor nits. The machine runs flawlessly. Runs very cool, and the N100 is more than enough processor for my needs.

I have 5 VLANs set up, I use pfBlocker NG instead of piHole. I have approximately 40 devices on my network across all of the VLANs. I host 4 websites from home using cloudflare tunnels (two Wordpress, and two Nextcloud). I have four Proxmox nodes, and two NAS devices. The N100 CPU barely ever ticks above 5% utilization. It consumes 15 watts, and CPU temps are consistently 43 degrees across all cores. If you need more horsepower, step up to an N305 or even one of the 13th gen core i3/i5/i7 based devices.