Looking for a low power firewall (don’t trust isp’s firewall (gets bad dhcp records when network not running ))
Have a 2.5 gb switch need router and/or access point. Dont intend to allow any open ports.
A lot of the routers that have 2.5gb only have one port at that speed (doesn’t make sense to me)
At moment looking at a TP-Link Multi-Gigabit VPN Router (ER707-M2) for $200 cdn
Build your own is probably the best solution, take a look at servethehome he’s reviewed quite a few chinese boxes that look ok. If you don’t trust the chinese Netgate 4200 pfSense+ Software - VPN, Routing, & Firewall Security Gateway Appliance
I would go with the Netgate 4200, do not buy the 4100 as it EOL and being replaced by 4200.
I put a 10g card in a supermicro 5018A-FTN4 if looking for low power 1u. You can then use a multi-gig spf to handle current / future upgrades.
If your looking at minicomputers or prebuilt stuff from the company behind pfsense, be prepared to spend some cash (500-700 dollaroos), the low end stuff is not going to be able to adequately handle routing full wire speed of 1.5 gigabit and beyond IMO, particularly with all the extra filtering, advanced logging and VM options active.
Tom @ lawrence systems is one of several youtubers who have done very good videos on what machines to pick and why.
The 4000 series or perhaps even the 8000 series if you ever plan to expand beyond the 1.5 gigabit speeds. That is a real possibility where I am and I am keeping that in mind while I debate pre-built boxes and other options.
I think you should always budget for a backup router too, unless the current one can act as a backup if a new one is purchased. While I purchased two chinese boxes pre-pandemic, I also have a few pc’s I could setup as a router if needed.
Unless budget is not problem of course !
I bought a “Chinese box” (HUNSN RJ05f Barebone) with six 2.5Gbps RJ45 ports from Amazon for about 300€.
Reason for this are:
At first I had some issues which I guess were related to (over)heating issues so I removed the cooling paste on the heatsink and and put on new paste.
I have ran pfSense on it without any “real clients” for months and had no issues anymore.
The last 4-6 months I am running pfSense on this box with all our clients in our home. On top of the box I placed a 14cm Noctua fan for some “active cooling” just to be “sure”.
We are still connected to the internet with a 1Gbps FTTH connection for now.
During a regular workday with 2 people working from home CPU usage is 1-3% with temperatures of about 30-35 degrees Celsius according to the thermal sensors in the pfSense dasboard.
Running two sessions to speedtest.net make the CPU go up to 16% en thermals to 60 degrees Celsius. This HUNSN box can utilize 100% of the bandwith without any issue.
As mentioned in this thread it is wise to keep some hardware as a backup just in case of some hardware failure. The costs/time savings and the convenience of WFH are worth the extra budget of a spare device IMHO so I will buy another HUNSN box as a cold spare.
For my router build I chose an Intel NUC that is a dual 2.5 GB NIC. While the NUC costed a bit more, I ended up with a device that has received regular BIOS and security updates, and came with a power supply that I trust to be plugged in 24/7 unattended. It’s really a shame this line got sold to Asus, I hate to guess what will happen to them (Asus doesn’t have the best reputation in my opinion)
There are some of the larger brands though that sell dual NIC mini PCs like this.
I run pfSense plus on a Hunsn RJ34 N100 device with 8GB of memory and a 256GB NVMe drive. Draws a little over 6 watts. Works great. No complaints. I didn’t trust the copy of pfSense it came with so I wiped to the drive and installed from the latest ISO that Netgate provides, using the ZFS filesystem install. Its plenty fast on my 2.5 gb internal network running 3 NAS devices and 2 Proxmox nodes, as well as a slew of laptops, TVs, Ring cameras, etc.
I would recommend Netgate SG-1100 or SG-2100. Netgate offers appliances pre-installed with pfSense. These devices are compact, low-power, and capable of handling gigabit throughput. They include multiple Ethernet ports for LAN and WAN connectivity, along with support for VPN and advanced firewall configurations. It’s basically all I need at the moment.
