WTB: Small pfSense/Sophos Appliance

[Mam89]

The wifey has spoken! And permission for an upgrade has been granted!

I'm looking for a small appliance/1u box which I can use for a decent firewall for the home. Something that can handle at least our current connection of 100/5Mbs with all the bells and whistles that pfSense and Sophos can do. I list both solutions because I want to test Sophos for work related needs and will probably switch to pfSense after I get bored and decide to tinker (lol).

List of wants:
- can handle 100Mbs
- at least 2 Gb nics (preferably intel flavor)
- X86 based cpu (because Sophos is picky)
- small/1u
- quiet, or able to be made so
- aes-ni would be cool for vpn, not sure if needed at current speeds
- ipmi or other remote would be cool also but definitely not needed

Looking to spend $100-200, if I'm crazy low let me know!

Also on the look out for an Ubiquity AC PRO, as this will replace a faulty TP-Link

 

[pricklypunter]

Keep a look out for a Dell R210II or an HP Microserver, both would fit the bill nicely, depending on whether you want to rack mount or not

 

[Mam89]

I'm thinking a whole R210II or hp miniserver would be pretty over kill? Plus a bit outside my prefered form factor/price.

 

[T_Minus]

I have a mini appliance only 8mo old, I got new from amazon almost 300$. Only getting rid of it for aes-ni, (the one I have doesn't support it).

I can get part # / amazon link if interested. Still in use now, so will need a couple days to transition to something new. I've got it hooked up to 2xWANs and 2xLANS using all 4 ports. J1900 I believe is CPU.

 

[Mam89]

Is it something like this? Amazon.com: 4 Lan Quad Core J1900 Pfsense box Qotom-Q190G4N-S07 With WIFI VGA DC 12V Barebone Low power 10W home router for PFSense: Computers & Accessories

If so would that be able to test drive sophos xg? I'm sure it would be pleanty for pfsense, as long as I keep ipsec vpn limited.

 

[Geran]

I'm thinking a whole R210II or hp miniserver would be pretty over kill? Plus a bit outside my prefered form factor/price.

You can find decent R210II for under $200 if you keep a look out on Ebay. I got my two (one is 1240v2 and the other is 1270v2) for under $200 shipped and one of them serves as my pfSense router for 1GB connection and doesn't break a sweat at all.

 

[BlueFox]

Pick up an Atom D510 Supermicro system off eBay for under $100? Doing 100mbit doesn't take much.

 

[pricklypunter]

Pick up an Atom D510 Supermicro system off eBay for under $100? Doing 100mbit doesn't take much.

pfSense are moving their requirements up to AES-NI capable chips for later releases of their free community version as far as I know, so while an Atom D510 would be capable of doing 100Mbit, it won't be able to run future releases, so probably not as great an option as it might appear

I still think a "Whole" Dell R210II with a couple of GB of RAM and a small SSD, or similar built system, is the way to go, outside of going the purpose built appliance route. Yes it's a little overkill, but it doesn't limit your options quite so much further down the road, they can be had really cheap, certainly within the budget as listed by the op, they represent a huge bang for buck, can be re-purposed easily and without fuss, have remote management features built right in and are upgradeable in this respect, are expandable to some degree, very quiet in use, efficient and use little power. I would be surprised to see a Dell R210II pull more than about 25W going full tilt while running pfSense or a similar application. They also make great little VM boxes, so later down the road, they could become your new storage server, media server, file server etc etc. It's a no brainer in my book

Really the only point I have not touched on is form factor, but as the op mentioned 1U I assumed rack mount was an ok option. Maybe something more like 1U high, but an appliance like "wee box" is more what they are looking for?

 

[nthu9280]

I have been using HP T610 plus with a quad pro/1000 NIC. I have 100/10 internet service. Posted the openssl benchmark with the current pfsense version on my FS thread. It uses about 25-30w on the wall outlet.


Sent from my Nexus 6 using Tapatalk

 

[Mam89]

pfSense are moving their requirements up to AES-NI capable chips for later releases of their free community version as far as I know

See, this is why I love lurking this forum lol!

It looks like all those R210IIs are turning into gold or something, $400+ is a bit steep for a full built unit >_> Plus not really a fan of the iDRAC, supermicro spoiled me for ease of use and no extra $$$ for basic features.

As far as form factor I pretty much wanted something short and slim which I can stash somewhere first, and will eventually go in *yet to be found* future server rack. I really liked the idea of virtualizing the software too, could toss proxmox on a USB and make some different tuned pfsense/sophos images.

I found something kinda like the r210 II in supermicro flavor, and I can put it on my tv stand if it's quiet enough. Is it a trap?

SuperMicro CSE-512 1U Half Depth Server | Core i3 @ 3.40Ghz | 8GB RAM | 500GB HD | eBay

Not sure which SM board is in it currently, but either way it's a pretty decent start and I can always change boards/cpu/ram/etc later when needed. I think the spinny rust will be the first upgrade if I snagged something like this. Plus 14" is perfect for my TV stand (my modem pops out there atm, unfortunetly)

As always, if anyone has something neato or similar laying around, Id rather give the good people on this forum my cash than a stranger'er XD

 

[pricklypunter]

Same issue with the core i3, no AES-NI support, also no ECC support so running a Hypervisor on it and putting anything critical on it, like your storage etc, would not be a good idea. In fact, you might also want to make sure whatever chip you put in it supports VT-d as well, just in case you want to use hardware passthru properly. Keep your eyes open for a wee xeon E3 based system. There's nothing wrong with that SM chassis/ enclosure though, and would be a good platform to build on. It takes most of the single socket X9/ X10 SM boards too. There are lots of options out there, maybe better value in finding a barebones bundle though and adding other bits as you go

Here's a link to a reasonable priced chassis, add/ find a cheap mainboard bundle and you're golden

 

[raiderj]

I went through a similar crisis a few months back. Needed something better than my current DD-WRT/Tomato firmware router/wifi setup, as I was moving to Unifi for my wifi AP, and wanted to run pfSense as my router. I looked at those Dell boxes, but ultimately decided on spending a bit more money to get a setup that is more powerful, but can do a lot of things. I ended up getting a Supermicro board that can handle AES-NI and could run a hypervisor so pfSense could run as a VM.

SUPERMICRO SYS-5018A-FTN4 1U Rackmount Server Barebone FCBGA 1283 DDR3 1600/1333 - Newegg.com

In my mind, dedicated an entire server to pfSense isn't a great use of resources, since pfSense is really light on resources for just doing the basics. I do want a separate server, however, from all my media server stuff. Those servers come down from time to time for various reasons, but I want my router to be up 24/7. I run Proxmox as my hypervisor, with two 240GB SSDs running as a ZFS mirror, with an Intel 3700 SSD as my SLOG. Not really sure that SLOG is actually put to good use, but I had one lying around.

In addition to the pfSense VM, I run other "infrastructure" type VMs that I more or less want up full-time and can be treated like appliances. Running a VM for the Unifi Controller, another as a basic MQTT server, and maybe when I get cameras run at the house I'll put a controller for those too there.

What I did before at the office was run pfSense on an old mini-ITX board that I put into a small rackmount case. Worked just fine for over a year until we purchased official Netgate gear.

ARK IPC-1.5U1525 Black 1.2mm SGCC 1.5U Rackmount Server Case-Newegg.com

 

[Mam89]

Some more information I guess which will put some additional perspective. I already have a supermicro 3u decked with proxnox and running as an AiO lab/home storage/plex etc. So the allure for another storage box isn't needed. The want for a dedicated UTM box was because placing the 3u by the modem isn't an option atm, plus I'd rather not virtualize my entire network on a single device for the rest of the homse users ease incase I kill my lab.

 

[BlueFox]

You can pick up a Supermicro A1SAM-2550F for ~$150 on eBay. That has AES-NI and is considerably lower power than anything else mentioned thus far.

 

[Mam89]

I really appreciate all the tips!

I did offer $150/shipped for the i3 box I found earlier and it was accepted, woot! I figure it's going to need some updates sooner than later but for now it's a fully ready to go appliance.

@BlueFox Yeah, those are pretty sweet boards and that would be a steal if my budget was a bit higher, unfortunately after getting a case, ram, ssd/storage it would probably be a point of contention for my financial advisor (aka wife) lol!

I figure I can get everything working, and when our network speeds get improved I can at least have a good start to upgrade out from.

Thanks guys!