Router/firewall with SFP+?

ERDrPC

New Member
Aug 14, 2012
27
2
3
Hi Everyone

I've posted a couple threads about my new home network. Here's what I have bought so far
1. Top of the Rack switch - Cisco SG350XG-48T
- will handle all Layer 3 router and VLANs
2. POE Gigabit switch - Cisco SG500X-48
3. Switch for Just add power HD over IP - Cisco SG500X-48 (another)

Since the SG350XG will do the routing and VLANs I need an appliance that will do NAT to the L3 switch, firewall, VPN.

I will be interconnecting the switches using SFP+ ports.
To keep the backbone SFP+ I've been considering :
Pfsense XG-2578 XG-2758 1U pfSense® Security Gateway Appliance
Pfsense XG-1540 with SFP+ add-on XG-1540 1U Xeon-DE pfSense® Security Gateway Appliance
Mikrotik CCR1036-8G-2S+EM RouterBoard.com : CCR1036-8G-2S+EM

The other option is to build a rack mounted pfsense device 1U
Important considerations - VPN throughput speed, firewall protection

Any suggestions? Keep in mind I need something with a GUI
 

Pete L.

Member
Nov 8, 2015
133
23
18
53
Beantown, MA
I would recommend the pfsense pre-built units as they are "Optimized" for the hardware that they are built on. From what I understand even if you buy the dame hardware you won't get the same performance. Also worth mentioning is that both of the units you mentioned are very low in power usage which will be a little more difficult to get in a unit that you will build.

That said you can certainly build one and get good / decent performance.

Oh and even their highest end versions will NOT pass full 10G traffic. It took several e-mail exchanges with them to find out that you would be looking at the following. This from an e-mail I got them from them only a few weeks ago when we were looking for a 10G Firewall.

We have 2 models with 10Gb interfaces, the XG-2758 and the XG-1540.

XG-2758 1U pfSense® Security Gateway Appliance
XG-1540 1U Xeon-DE pfSense® Security Gateway Appliance

The XG-2758 has 2 native SFP+ ports that can be used for copper or fiber.
The XG-1540 has 2 10Gb RJ-45 ports and the optional Chelsio card adds 2 additional SFP+ ports.

There are a lot of variables that affect throughput, such as packet size. The XG-1540 can pass about 6 Gbps with higher bursts. Running IPSec, it can pass about 2.6 Gbps. It's running on an Inte Xeon 16-core processor.

The XG-2758 speeds would be about half of the XG-1540. The XG-2758 is running on an Intel C2758 8-core Atom processor.

While these units might seem "Expensive" the reality is that these are really good bang for the buck in a somewhat limited market. If you look at something like a FortiGate you would be looking at a significantly more expensive (albeit great) unit.
 

Patrick

Administrator
Staff member
Dec 21, 2010
11,964
4,921
113
I think I have one of those mikrotiks that I am not using.
 

ERDrPC

New Member
Aug 14, 2012
27
2
3
it seems as if the XG-1540 with the SFP+ add-on is the way to go.

Would I have any use for optional packages such as Snort or Suricata for IDS/IPS and network security monitoring, Squid for optimized content delivery and SquidGuard for anti-spam/anti-phishing and URL filtering? This is a home network with a large home automation install, IP cameras, SIP video intercoms.