One appliance or multiples for home network

Dasler · August 20, 2019, 1:21pm

Trying to set up a more secure network at home.

Just wondering if you need more than one appliance or just one to do it all.

I’m consider one of the netgate sg-5100 as it have some more power vs the 3100 and to support the project pfSense.

But can I have one it do it all? Connect the ISP modem directly to it and then have it do:
firewall,Smart QoS, Suricata, squid, squidguard, Openvpn, router.
And then just add a Ubiquiti nanoHD AC for WiFi to one of the Ethernet port and some more items like fire TV cube to the other Ethernet and a switch to connect even more

Thanks.

Arron · August 20, 2019, 4:18pm

Yes it can but I would put pfsense on a more powerful box. For price vs performance, I would use a used server like Dell r210ii because netgate devices are not very powerful if you enable all those features. Your thoughput will suffer.

LTS_Tom · August 20, 2019, 6:34pm

Suricata will want more power if you are doing full traffic inspection.

Dasler · August 21, 2019, 11:45pm

Thanks,

In that case do you know of a smaller footprint box like a protectli or qotom. It seem they are a bit more $ than the r210 but I would prefer something small.
Protectli top Box have a i5-7200U dual core.

Do Suricata benefit from more cores?
Also found another box with a 6 core i7 8700T

But say 2 Lan ports.
Can you alway configure them in pfSense to be WAN and LAN or it depends on the actual hardware configuration?

mouseskowitz · August 22, 2019, 12:17am

If you have the money for the sg-5100 go for it. If cpu benchmark scores are comparable for Suricata, I’m guessing you’ll be able to get about 500 Mbps throughput. So if you have a faster WAN connection you’ll either need to with a higher end Netgate appliance or get something with a higher end cpu.

Arron · August 22, 2019, 1:01pm

The protectli devices can do what you want. I had one before going with r210ii. You should get full gigabit speeds with everything enabled.

Dasler · August 22, 2019, 1:37pm

Thanks,

Since the protectli high end only have a dual core I would look at something else.

Can Suricata benefit from a 6 core?
I think almost everything else do with only 1 core.

Also since this box don’t mention WAN only 2 LAN can you assign one LAN as the WAN in pfSense or it have to be a WAN from factory?

Arron · August 22, 2019, 2:14pm

Protectli has up to quad core and up to 6 port nic. Each NIC port can be configured as needed…1 WAN 5 LAN, 2 WAN 4 LAN, etc and you can bond them too. It also supports AES-NI and yes, suricata supports multi core/thread performance. If I remember correctly, Snort does not. I prefer the r210ii because its using only about 30w it has 8 threads and support up to, I believe, 32GB ram which between suricata and pfblocker need the extra umph to maintain full gigabit throughput within intranet and internet.

Dasler · August 22, 2019, 10:32pm

Thanks,

I think I would go all out and get me a i7-8700T I hope it last me a while. 6core 12 threads. 16GB Ram, 64GB SSD.

Two more questions,
Do you know if pfSense support PoE LAN ports so I can connect the Ubiquiti access point directly to the computer where I would run pfSense.

And can you select the speed of the CPU?
As this one have a 2.4GHz base up to 4GHz.