As the title state I'm trying to get a feel for what people are using I've looked into Protectli and Netgate for minimally doing gigabit but I'm curious if I'm missing something platforms to try a few distros on. Thanks!
+1 for the apu2c4. Rock solid and good for 250gig+ isp feed with pfsense. Completely passive so dead silent. Not quite enough for running IDS like Suricata or Snort without dropping packets but otherwise a workhorse.I use a apu2c4 from pcengines for home and 2 other sites i manage. They have all been rock solid for a few years now. Cheap, silent, new, Intel NICs - ticks all my boxes
Thanks for providing these numbers. Would you able to share which encryption algorithm you are getting 700mbps with?Have two Intel c2758 pfsense builds. Good enough to push 700Mbps IPsec and handles 1Gbps unencrypted without breaking a sweat.
Thanks for providing these numbers. Would you able to share which encryption algorithm you are getting 700mbps with?
I'd also like to point that HP T730 Plus could be found on eBay for not much $ more and is faster than T620 and C2758.
https://forums.servethehome.com/ind...730-thin-client-the-little-box-that-could.41/
What kind of expansion card goes in the T730 so that one can easily add more NICs? I would need at least 4.
Nice. If it was guaranteed I'd be able to saturate my 1Gbps pipe over IPSec I'd upgrade to one but without that guarantee it's just not worth it.https://forums.servethehome.com/ind...730-thin-client-the-little-box-that-could.41/
• Intel i340-T4 Quadport GigE cards
• Intel i350-T4 Quadport GigE cards
• SolarFlare SFN5122F 10GbE card
• SolarFlare Flareon SFN7322F 10GbE/PTP stamper cards (make sure you get fans for them or they will crash your machine
• Mellanox ConnectX2 VPI 40GbE/Infiniband adapter
https://forums.servethehome.com/ind...ient-as-an-hp-microserver-gen7-upgrade.20454/
What kind of switch do you have? Layer2/3?Nice. If it was guaranteed I'd be able to saturate my 1Gbps pipe over IPSec I'd upgrade to one but without that guarantee it's just not worth it.
Cisco SG350XG-24F (though I may be selling it shortly). It's layer 3. Why?What kind of switch do you have? Layer2/3?
If you have a Layer 3 switch (and I'm assuming you're using VLANs...why wouldn't you...) you can setup your firewall with a single port on it and it'll work just fine. You don't need multiple ports, which sometimes opens up the hardware selection better because you don't need a pci-e slot.Cisco SG350XG-24F (though I may be selling it shortly). It's layer 3. Why?
How exactly does this work and wouldn't that make it very hard to do firewall rules?You even terminate your WAN on the switch itself.
- You create a VLAN on your switch with just one port (for the WAN), do not give it a virtual interface/router-interface.How exactly does this work and wouldn't that make it very hard to do firewall rules?
Nice. Never thought to do something like this before. Of course this is pretty much all going to be moot when I sell my SG350XG-24F soon. But still, good to know.- You create a VLAN on your switch with just one port (for the WAN), do not give it a virtual interface/router-interface.
- You create a VLAN interface in pfSense with the same VLAN id.
- Point your 'WAN" interface in pfSense to this VLAN interface.
.
.
Couple more steps to set up a transit interface, default routes etc. See - https://forums.servethehome.com/ind...gbe-40gbe-switching.21107/page-73#post-221255
.
.
- Done.
The rules are no different than what you were doing before.