Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Pfsense replacement home firewall router - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Pfsense replacement home firewall router

2»

Comments

  • Oh I am sure the i7 in a shuttle is the worst combination!

    I'm erring on the side of caution I suspect now by wanting to be confident my next move makes sense.

    Appreciate your thoughts very much thanks again!

  • sidewindersidewinder Member
    edited July 2018

    I had 2 shuttle boxes and they constantly blew transistors on the motherboard.

    I ran Untangle in an office environment with about 30 pcs and thought it sucked. A lot of the apps are add-ons and the ones included aren't very good. There was latency on the network despite not running many apps and despite a hefty server. The GUI is in Java (unless they changed something) which is the same dumbass reason the Android battery life sucked and anyone using Java for their Web GUI can't be trusted for anything else.

    For PFSense, I searched eBay for "1u Pfsense" and ended up finding something that's been running for 2 years with no problems - I just put it on the rack in my basement and it's been perfect so far knock on wood. I think it had 4 Lan Ports, 4gb of memory and it was less than 200 USD.

    Those smaller form factor boxes may be good on power but I worry about how well they are cooled, and they seem expensive once you get up to 4gb of RAM which I think PFSense needs to run adblocking, etc. If my network is screwed up, I don't want to worry if the matchbox of a router I have is overheating - I'd rather just assume it's not before I figure out what else is wrong.

    On my network are 12 IP Cameras recording a full feed (not motion only) 24/7, 3 Access Points, PfBlockerNG and 2 kids constantly streaming stuff and I've never noticed a problem. I'd have a hard time trusting all this to some tiny ass form factor.

    Intel(R) Xeon(R) CPU X3220 @ 2.40GHz
    4 CPUs: 1 package(s) x 4 core(s)
    AES-NI CPU Crypto: No

    I would think you could find AES-NI now on ebay. I would def go the ebay route again if I were to buy another one but maybe I just got lucky.

    Thanked by 1casualjoe
  • jsgjsg Member, Resident Benchmarker
    edited July 2018

    Simple. Systems with low power processors that are trimmed to a few ports, 1 PCI(e) slot etc. and a total power use in the 10 - 15 W range are usually reliable in terms of overheating. The more powerful in term of processing power, extensions, slots, and ports a system is, the less reliable in terms of 27/7/365 operations it is. That's at least a quite reliable rule of thumb.

    Another point and frequent misunderstanding is cooling. EVERY processor needs cooling. The point is just that for fanless systems the "natural" cooling (due to air movement) is sufficient while others need forced (~ much more) air movement. The magic term is "air movement", that is, (a) your case must allow some air movement and (b) the environment also needs some air movement. In other words: Do not put your system into e.g. a closet and don't put your board into a tiny (NUC type) case but into a case of at least book-size and with some slits or holes for ventilation.

    Finally go for REASONABLE computing power. Don't use a desktop i7 for a router/gateway but an adequate processor. Have a look at some cpu benchmark/comparison site and you'll find that halfway recent 10 W processors offer about the same computing power that we found in server racks 10 years ago. In other words: NO you do NOT need a powerful processor, not even when you need 500 MB/s AES. A halfway recent atom or Jaguar dual core processor will easily handle the job especially with SSE2+ or AES-NI (Do not underestimate good old SSE2 or 3! It's a real turbo for most crypto operations. I know because I code them and I have seen and measured the difference between an old Pentium without SSE2 or 3 and a slightly newer one with SSE).

    And enable speedstep or whatever frequency regulation your processor supports!

    P.S. Most of what I said is valid in the context of small to mid range router or gateway boxen. Not for servers.

    Thanked by 1casualjoe
  • dragon2611dragon2611 Member
    edited July 2018

    @rm_ said:
    Not to mention paying a yearly fee for... a home firewall? Do you also rent your washing machine?

    It depends on what kind of firewall you want really, if it's just a standard SPI/Port based firewall there's really no reason to pay a yearly fee unless you really wanted a support contract (Cheaper to just replace it if it breaks)

    If However you want one of these NGFW/DPI/Virus scanning.etc boxes then yeh you'll probably have to pay as the companies charge for their signiture updates/url lists.

    I know PFsense/Opnsense can do Web filtering/IDS.etc but i've never found it to work perticullarly well and of course you are limited to the free sigs/databases unless you pay for one in a compatible format.

    There are a couple of execptions for instance Sophos will let you download a fully featured Virtual image for their XG firewall for home use, I suspect that's more to try and grab marketshare than anything else.

    Also If you work in an IT related field there are frequently offers from Meraki where if you attend some webinar they'll ship you one of their lowend firewalls with a 1 or 3year sub thrown in (think it was an MX25 on the last one they did), again it's a marketing stunt.

  • PFBlockerNG works very well and if you load it with block lists and use something like Quad 9s as your resolver it seems really fucking hard to get a virus.

    PFSense is really good; the thought of paying for router software is pretty 2001ish

Sign In or Register to comment.