WTB - 1U pfsense box (supermicro?)

scp

Member
Aug 5, 2015
67
11
8
44
I'm not entirely certain what the model / name / specs are for this, but I recall seeing these pop up from time to time. I thought there was a recent post as well with several of these machines, but I'm not finding it. Apologies if I'm overlooking something.

I'm looking for a 1U pfsense appliance. It has to be rackable. I believe it had front ports for ethernet and is Atom based. I think its either a Supermicro board, or an entire Supermicro system.

I am currently using a spare machine for my pfsense with an i5-2500K and it has been working fine but appears to be major overkill. My CPU utilization rarely gets over 10%. I would like something thinner / smaller / less power.

This is for home use and the only thing special I use is an OpenVPN configuration with one connection. So I don't believe I need a major power-house machine.

If anyone has one of these, let me know. I'm in Northern VA.
 

Peanuthead

Active Member
Jun 12, 2015
837
166
43
43
I have a BNIB i3-4330 with an Asrock E3C224D2I if interested. I decided to go a different route for a home server.
 

GladLock96

Member
Nov 8, 2016
63
8
8
I have an official PFSense SG-2440 pfSense Security Gateway Appliance with a 128 GB Micron M600 MSATA SSD that was only used for a couple months if you're interested. It fits on a 1U Shelf. I'm also in the Northern, VA area if you want to pick it up. Just make me an offer. I paid $638 for it last June.
 

Diavuno

Active Member
Yes, that's the guy. Would love to snag one of those.

*Edit - still looks pretty powerful. Is $500 really what these are going for?
If you dont need the IO on the front they also make a quad core atom with only 2 dimm slots.

Ive found the 8 core model NEVER loads the cpu on pfsense.

on a 20/20 pipe at my client who does 100% VPN traffic it might hit 10% cpu load.


for the $500 + ram and a usb/ssd its still worth it.
GREAT units.
(Booting off usb for pfsense you need to change the bios settings, I think its called AXCI )
 

SycoPath

Active Member
Oct 8, 2014
137
49
28
I'm running my pfsense virtualized on a 25/300 connection with a lot of vpn traffic with 4gb ram and 2 virtual CPU'S and I've never seen it above 10% with the connection saturated. Host is a xeon e5-2670. unless your doing some very heavy lifting with tons of firewall rules or IDS/ClamAV with 100+ clients I doubt processor will ever be your bottleneck on any hardware from the last 3-5 years.

Would something like this fit your bill?
1U 140W Low Power Web Host Server Intel Xeon Quad Core 24GB 1TB SATA 14" Depth | eBay
Dual NIC on board, 1 out to isp, 1 in to switch. If you need more there are tons of quad port intel cards to be had cheap and it has a full height pcie riser.
 
Last edited:

_alex

Active Member
Jan 28, 2016
874
96
28
Bavaria / Germany
i have 5018a-ftn4 with 16gb RAM and run pfsense mainly for vpn under proxmox on it on an oob-management net. some other vm's for management/monitoring on the same box.

Perfect setup for my use-case, plenty of CPU ressources left and very low power consumption.

would consider two more of those for ha-proxy / ssl-termination if it was confirmed that quick-assist works with either debian or centos on those chips.
 

scp

Member
Aug 5, 2015
67
11
8
44
Thanks for all the suggestions everyone. Josh hooked me up with one of his pfsense boxes so I have a solution on the way. Lots of other good options here.
 
  • Like
Reactions: Patrick

jrdnlc

Member
Jun 26, 2015
118
16
18
Where you located? I have a 1U Supermicro chassis with rails, 500gb hd, psu and a supermicro x9scl mb. All you need is cpu and ram
 

Jon Massey

Active Member
Nov 11, 2015
340
82
28
36

SycoPath

Active Member
Oct 8, 2014
137
49
28
Trouble with the 5500 series xeons is they don't have AES-NI, 5600 would be a better bet. I suppose you could pick up something like an l5630 pretty cheap and drop it in.
True, but if it's for home use, even without hardware acceleration, I'd bet it still has enough horsepower it wouldn't matter.
 

fractal

Active Member
Jun 7, 2016
312
69
28
31
I would look at lga1155/1156 before I bought lga1366 for a firewall.

Something like 1U Small Business PFSense Firewall Router 3Ghz Quad Core 8GB RAM 4x 1GBE NIC | eBay would be overkill. 1U rackmount Firewall/network server 4 LAN 1U_J1900MF 2.42Gh quad core router would be lower power and lower performance.

I have an X9SCI-LN4F that I plan on using with an i3-2120t to replace a netgate 2440 that isn't cutting it.

Back to the OP, I have an i5-2500 box that idles under 20 watts. You are going to be hard pressed to beat that with anything people are suggesting. Would taking stuff out of your existing firewall be a cheaper way to lower the power consumption on your current system?
 

Canadap

New Member
Nov 21, 2016
2
1
3
Florida
FWIW, you may consider a Lanner, Inc. FW-7571A (C2358 Dual Core 6x 1Gb/s intel controled with marvel physical ports) for <$500.00USD new.

I used to use a Supermicro SC505-203B chassis and A1SAi-2750F system board, having had my Lanner FW-7571 for just over eight months now I would consider it rock solid.
 

NashBrydges

Member
Apr 30, 2015
86
24
8
55
I originally ran a Supermicro with a C2750 CPU for a UTM but when I upgraded internet to 1Gb I quickly ran into a wall. Firewall alone was more than enough but as soon as you turned on web filtering, the best I got was ~90Mbps. After a lot of trial and error, I landed on using 2 x Dell R210 II in HA each with 16GB RAM and an E3-1270. At least wit this setup, I can hit 600Mbps with everything turned on (web filtering, URL filtering - no decryption, firewall and VPN). I was getting similar results whether I was using pfSense of Sophos UTM.