Generic firewall processor preference?

Greg_E · January 11, 2024, 6:16pm

We are seeing a lot of different appliances out on the market with 2 to 6 Intel copper ports, and a variety of processor choices. So what’s your preference:

J4125
N51xx
N100/N200/N300
i3

Just a few examples as I think about what my next step might be, my firewall at work is getting a little older than I prefer for such a vital piece of equipment. Do I need fanless? No, but it would be nice. Trying to keep the price near $300, needs to run Suricata and a few other things, currently on an Atom 27xx processor.

Either going to stick with pfsense CE or go to OPNsense, need to experiment with OPNsense before I can decide.

But this thread is also to just get discussion going about the choices and the pros/cons of each for generic uses. Might also depend on the expected throughput, I doubt an N100 will give 10gbps, even 2.5gbps is a dream in most places.

neogrid · January 11, 2024, 6:20pm

I think I would give this some serious consideration https://www.servethehome.com/minisforum-ms-01-review-the-10gbe-with-pcie-slot-mini-pc-intel/

LTS_Tom · January 12, 2024, 11:52am

It does not take too much processor power to run Snort or Suricata as I discuss in this video

You can look at Netgate boxes for comparison as they don’t often have high computer power but still do fast routing.

I avoid OPNSense as they are slow on the updates that matter:

Greg_E · January 12, 2024, 2:12pm

Opnsense are working on the OpenSSL issue, not sure if they have it rolled out yet:

(edit) still on 23.7 so no fix yet.