Suggestions for Soho Firewall with Dual Wan (1x SFP+ and 1xRJ45) Support

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

j.battermann

Member
Aug 22, 2016
82
16
8
43
We are (probably.. process still ongoing) getting one of Comcast's Gigabit Pro fibre based services installed here which hand over the connection via one SFP+ port for 2gbps up and down and a separate 1gbps up and down via a regular RJ45 port.

Their 'customer end device' is a Juniper ACX2100 managed by them so right after that I'd want to take those two different feeds coming in directly into a router.. but I was wondering if anyone has any experience with multi-gbps / multi-wan soho routers and could recommend for or against one..

The obvious choice after looking around a bit from what I gathered is...to either get a pfsense appliance (from netgate), a similiar box from supermicro and run pfsense on top.. or one of the newer Ubiquiti Unifi UDM Pro machines or their Edgerouter Infinity.. but maybe I'm just overcomplicating things and somebody has a suggestion. I don't want to go full-on command line / config file based configuration but maybe there are other 'good' options out there for 2 wan connections and slightly higher speeds.

Thanks!
-JB
 

Deslok

Well-Known Member
Jul 15, 2015
1,122
125
63
34
deslok.dyndns.org
You should also consider OPNsense - OPNsense® - Open Source Firewall - High-end Security Made Easy™

I've switched all my pfsense boxes over and I'm not looking back so far :D
I do love OPNsense, it's what I run at home, but at work I do prefer the decreased potential headaches of a prebuilt firewall(it's not all my own gear that could break and be my fault XD) There's also a cost to it, an RB4011 is 170, an XG-7100 from netgate is 800 :p you could probably build a pfsense/opnsense appliance with a 10gig port for about 300 though though there's a million options there for size/power/loudness
 

j.battermann

Member
Aug 22, 2016
82
16
8
43
I asked Netgate and the XG-7100 unfortunately is not rated /intended for that speed and they recommended the xg-1537.. or so.. which comes in at a chill est $2000.. soooo not sure about that. I could get a supermicro appliance for less than half with the same or better hw specs.. so I am a bit torn if all that makes sense & hence the question
 

Deslok

Well-Known Member
Jul 15, 2015
1,122
125
63
34
deslok.dyndns.org
I suppose an important question for us is how much you plan to actually do with it. There's a big difference between just basic dhcp and some port forwarding vs IPS and other cpu intensive routing features.
 

j.battermann

Member
Aug 22, 2016
82
16
8
43
Yeah I specifically told them I'd only want basic functionality like that & no qos/ids etc but their 'official' response was

The XG-7100 is an 'entry' level device into the SFP+ market, in testing we have seen around 2.5 Gbps of routing out of the device.

.. sooo that would leave some performance on the table.
 

j.battermann

Member
Aug 22, 2016
82
16
8
43
Well no.. not one 3gbps link. I have two links coming in as mentioned so whether I do fail over or some sort of link aggregation / load balancing is another thing / I have no final / plan yet .. their statement simply sounds like the device had a total routing capacity of 2.5gbps no matter what I do or do not do. Or maybe I just misread it / think the wrong way about it..