https://www.newegg.com/p/22Z-007C-00196
Anyone tried this for a firewall appliance? It seems like it might work.
Check if that does the AES encryption on the chip, doesn’t look like it. Comes in handy for OpenVPN.
I’m glad you mentioned that, intel says no.
https://ark.intel.com/content/www/us/en/ark/products/78867/intel-celeron-processor-j1900-2m-cache-up-to-2-42-ghz.html
Luckily Intel’s reference sheets provide useful data. The manufacturer of the switch does not.
Intel Core I5 3470 this one does AES-NI
It’s 500 bucks base cost.
I’m just going to ask what your application is going to be? If simply from home with limited number of users, then I’d suggest a rack shelf and a used HP T620 with an Intel 2 or 4 port card like I recently bought. You’ll find some info on these forums, and a bunch of info on the Serve the Home site. I got into mine for around $160 shipped and so far very happy with the light use I’m putting it through.
Yes it has AES-NI on it and with the intel card installed you can offload a bunch of overhead. Up to 16GB if my memory is correct, but at least 8GB (mine has 4GB). There are some newer thin clients that cost a bit more that would have more processor but dual NIC or PCI card is an issue.
Now if your use case is for a business with many users and more services running, then I’d suggest a Supermicro 1U sever with an Atom processor like the C2758 (or better) and again an Intel card because the onboard NICs dont seem to support the offloading, or at least mine throws a ton of errors when I turn it on (new card waiting for classes to “end”).
I have both, the t620 is at home and the Supermicro is at work so that’s why I recommend them. Tom did a video on the Supermicro about a month ago in a pfSense build, should be a post here in the forum somewhere to point you to the video.
Or there is always a Netgate device.
Home or small business, for testing purposes and because i’m looking for a proper edge device I was going to run one at the house to see how it performed.
I’d go with the t620, probably enough power for most things you might test. Got mine on eBay with the nic card already installed.
Have set up 8 of these boxes for homes, no issues, plus I like the 6 NICs which I put in a LAGG to the switch.
After years of looking for a solution I started using a mix of Protectli (goes under various brands) and Alix. The latter isn’t as powerful but suits most of the business needs. I was hesitant with Alix until I found out the 40 Del Taco locations in my state use them with pfsense so I feel more validated in choosing them.
I am thinking of deploying pfsense, but I require full 1Gb performance and good overall VPN network bandwidth for pfsense. I am leaning towards a apu2 board (AMD Embedded GSeries GX-412TC) from Teklager for instance (https://teklager.se/en/products/routers/pc-engines-APU2D0) or the official Netgate-SG3100 and not towards a Intel CPU platform like Protectli for instance, for obvious reasons. However, I am bit concerned about the network speed with these systems. I do not know what to expect with these devices and if they are any good. Does someone know any CPU / network benchmark test from these or any similar device. Btw. what suprises me most is that Netgate does not go higher than a Intel Atom C3558 for small to medium businesses under 1000,- dollars. I would like to hear from you, what do you typically use and why?
1 Like
I’m going to assume that Netgate found that they didn’t need to go more powerful than the C3558. Many people are running multiple VPN connections, with IDS/IPS and a few other things without straining that much processor. Hopefully Tom or one of the other LTS employees will see this and post more concrete experience from their clients. But I’m guessing that if there were issues with the Netgate devices running out of CPU, they would be deploying the higher end devices or a different product.
1 Like
I had bought a network (edge) security appliance in 2015 or 2016, it was a cisco box with all the trix. Network performance with all the filtering active was horrific, huge latency and other issues. I attributed a lot of it to the lack of capacity inside the box if not the processor itself.
I had IDS/IPS filtering, email intercept and other stuff going on. It had only 2 gigs of memory I think. Memory seems to be the biggest issue when using a full IDP/IPS package plus routing, even when the broadband connection is only 100 megabit (or less). I have a long running bias against cisco, hated their routers and was very unimpressed with the expensive but now useless paperweight.
Anyhoo PFSense seems like my idea of a good time without the baggage of licensing.
Well, I can agree about some of the issue with Cisco stuff, but a certification in their system does go over well in job interviews. And some of it does work really well.
But routing, dhcp, dns, IDS/IPS, VPN are all things I was able to get going on pfSense fairly easily, and I can not say the same for my Cisco stuff. Obviously I have a way to go on my Cisco training, and with the ability to go back to work rapidly approaching, I may be able to get back to messing up my home lab while I learn. I’ve put most of that on hold because I didn’t want to break anything involved with my openVPN into work.
I’ve also been really busy learning new things for work to try and mitigate issues that came up or will come up next fall. Only so much brain time available in a day. I just spent most of the day thrashing my Guacamole system to try and find the nth level of performance from the ancient server I have it running on. And with that I have a strange feeling that my IT department isn’t going to allow me to use it. Already getting push back on opening a couple more ports from their firewall to mine, like forwarding ports is the most difficult task in the world.