I couldn't source used core i7 small factor PC so I was going to build one. I went to a web site and it cost almost $700 to build small factor, not get in a way pfsense router with snnort. Is this normal? It seems a huge investment. If I go to RCPC (pc recycling center) their CPU is too old to handle demanding snort and I am stuck with my crappy Netgear wifi router with SPI firewall, vpn pass through, check anonymous broadcast? and other NAT stuff. Please clue me in as to how to build it more inexpensively
What are your throughput requirements?
How many users?
You should not need an i7 unless we are doing gigabit wan and lots of users pushing alot of traffic along with snort and other services needing system resources.
I only have a SOHO situation, but Snort runs just fine for me on an Atom CPU.
I put 8GB of RAM in my pfSense box, because I could. ; ) But, it typically uses only a very small percentage of that, typically 8%.
Bottom line, even when running Snort, pfSense has a very low resource requirement. Obviously if you have an enterprise environment, or if you have a gigabit fiber connection, you'd want a CPU a little beefier than an Atom, but an i7 is completely over the top.
I have been thinking ahead on the coming aes-ni requirement and put this idea together. I don't have all the parts a person would need on here as I have the rest, but it gives you the idea.
Snort or suricata (when not run inline) does not affect your network performance, so you really don't need to worry about having a fast cpu and tons of ram for it. Just run it on its default (ac-bnfa) mode and as long as it doesn't crash because you're out if ram then it will be fine.
i sourced a g4400t skylake pentium from ebay. new ,no heat sink, 39.99 .picked up a mobo from newegg, had everything else. works purrfectly .
I run our business on a core2quad 2.6GHz 4GB DDR2, 250GB hard drive, in a router on a stick config
I think I migh have RAM at 4% and CPU at around 1% ish... and thats with an OpenVPN client.
We've had pfSense in production on this old computer for about 3 years now. It's been extraordinary. I'm still on 2.2.2 because I dont want to deal with it. (but I have to now because the great ransomware scare of 2017)