Firewall device suggestions for Comcast gig internet

Computer Hardware & Server Infrastructure Builds
1

Hi,

I found this from the YouTube channel where the information seems really useful.

I recently upgraded to Comcast gig internet. I’m using a Motorola MB8600 DOCSIS3.1 modem connected to a Netgear Nighthawk R7000 WiFi router.

There are probably more accurate ways to gauge speed but I’m currently using speedtest…

Getting 942 down and 42 up consistently over cat 6 cable.

I want to add a proper firewall (most likely pfsense) that still gets this much speed. I won’t be doing idp/ids.

What should I get that won’t be the bottleneck and possibly has some extra margin? I don’t want it to be any slower than the Nighthawk setup I have now but have the benefits of going with pfsense.

I’m currently bidding on a used Netgate/pfSense SG-4860 because it’s super cheap, but am looking at the SG-3100, SG-5100 as well as Protectli boxes.

It seems like the SG-3100 would work but should I get something a bit more powerful while I’m at it?

I tend to go towards overkill since I really hate buyers remorse, but I don’t want to go too excessively overboard too. Thanks for any advice.

2

Looks like you don’t have symmetric GB service.

If you plan to use a VPN (incoming or outgoing), make sure to compare the VPN performance. With GB service that would steer you towards the 5100 at a minimum.

https://store.netgate.com/SG-5100.aspx

You might get better value with one of the https://protectli.com/vault-6-port/ boxes. Just make sure to get one with AES-NI instruction set.

https://protectli.com/kb/ipsec-performance/

3

Hi, you can take a look on the intel nuc based systems and. They all should have aes-ni and have some nice cases on a range for differen budgets.