5Gb+ home router?

I’m looking for a 1U off the shelf router. I’m having dedicated fiber run to the house at 5Gb/s service speed over MMF. On the hardware side I just need something that can do routing at 5Gb/s (or more for possible futureproofing) as well as two SFP ports; one up, one down. The software just needs to do the basics: routing, NAT, firewall.

Any recommendations?

And are you willing to install/learn opnsense/pfsense?

Unifi has a Dram Machine Pro Max that does 5gbps throughput with IDP/IPS and all other features on, or a regular UDM that does 5gb with IPS off and just inspection (for traffic classification) on. The regular Dream machine pro will probably be your cheapest option for 5gb just basic features only ($380). It is advertised as 10gb routing, but really only does around 6gb down/5gb up with traffic going in and out at the same time.

Unifi also has a Fortress Gateway coming probably within the next few months with unknown pricing (probably over $1000) that is supposed to do 10-11gbps throughput with IDS/IPS and all other features turned on. This would also futureproof your routing needs speed wise. It comes with two 25gb SFP28 ports on it and with only basic routing features turned on is supposed to do 20gb+ routing.

Firewalla has a Gold Pro that will be released in a few months that does 10gb with inspection, IDS/IPS, and all features on, and even will do 9gbps PPPoE WAN connection (typically a slow internet type on routers that arent optimized for it) with all the features on. This has a 1U rackmount ears you can use to rack this device. No SFP ports on this, so you would have to get some SFP+ to RJ45 transceivers from FS.com on your downstream switch and a fiber converter to go from fiber to copper on the incoming line before the router. This will raise the price significantly, but it does futureproof you to 10gb.

Or you can build your own OPNsense or PFsense router with a standard mini ITX board and hardware and mount it in a 1U case

Or you can get a TP Link, Netgear, or ASUS for around $500-600 that will do 5gbps without any of the useful security features, but these are also not 1U rack mounted.


As you can probably imagine the uplink isn’t exactly cheap on a recurring basis, so… not to sound flippant but the cost of the hardware is almost irrelevant.

I’m comfortable with linux and also have some super outdated bsd knowledge, but I would much rather just get something off the shelf for this.

Thank you, I will check these out!

pfsense/opnsense runs on regular PC hardware, it’s just a matter of getting a second hand Intel/Chelsio/Mellanox 10Gig NIC from ebay, then installing the *sense distros and you’d still get a web GUI that isn’t really dissimilar from the consumer routers the likes of Asus.

Alder Lake P cores can NAT 10Gigs (1500 byte packets, unidirectional) on a single stream in a lab setting. I’ve peaked at about 1.4 million PPS of routing performance (not NAT) in my testing.

But I totally understand if you’d prefer something ready made.

I have a few NICs on hand actually, E810 4x25Gb and ConnectX-6 2x100Gb. The issue with these is cooling, especially in a 1U form factor.

But the main difference between DIY and purpose-made is time vs. money, especially on an ongoing basis. Also, much less of a chance of me effing up something so bad that one day I find the entire house mining crypto for somebody. I generally enjoy DIY-ing everything but this is a critical piece where peace of mind is worth more than saving a few bucks.

What do you guys think of the Mikrotik CCR2004? I have one of their switches and it’s solid, and I know people like the brand in general.

seems like it’d do 5Gigs

But check the block diagram on mikrotik’s site to confirm that’s what you want.

@martona since you sa8d price doesn’t matter, I am going to suggest a Netgate applicance. Netgate provides two different appliances Phsense T, and Tnsr. I don’t know much about the Tnsr except it is supost to be a router and it is based on Linux. I have a Pfsense ÷ appliance I really like it. I find it can be a little confusing to setup, but if you have experience with Free BSD or use the online Pfsense book you can figure out what ever you are trying to accomplish.

TNSR software is a much more efficient way of packet processing that is far superior in throughput than traditional packet processing. However, the way it processes packets isn’t like a typical firewall and so it is really only for routing and not as a full firewall unit. So more for internal corporate or ISP networks that are routing big time packets around networks. it has some extremely basic firewall features but that is it. It also doesnt work with existing PFsense plugins.

I didn’t think Tnsr work with pfsense plugins.

The published test results for routing and IPSec throughput look like they may fit your requirements nicely.