PFsense New Build Question

Hardware Enterprise Gear
1

Best category match but feel free to move it.

I have been promoted to a Network job and I am being honest. The last time I networked at a company, we were still rocking 10-base-2. At the same time, I can punch a 110/66 block as well as the next guy, and I can terminate cat5/6 like my name was Schwarzenegger. I haven’t done much in routing in a long time. We use Netgate here, so PFsense in my home lab will go along way with scraping 23mm of mold off the part of my brain that did networking.

Okay, I am currently running Ubnt enterprise gear in my home lab I want to do more with my firewall/router than my Dream Machine Pro can handle; I am building a PFsense box. Let’s call it the stepson of the impossible router.

At home, I have Proxmox and ESXi, three TrueNas boxes, a Proxmox backup server, 16-ports of 10g Aggregation, POE, Wi-Fi IOT, Guest and on-domain, and an entire AD domain in my home lab.

What I am looking to get out of this

Work with my multi-lan setup

Automatically failover for my redundant internet connection (currently 2.5g and 1.2g, but in the last four years, my main ISP has gone from asynchronous 400 to 1g and now 2.5g, so I am already on the wait list for 10g when they get it.

I want this future proof for five years.

I have a few options I wanted some input on

ASUS Pro WS W680-ACE IPMI

I5-12400

64G ECC

Dual Intel 670P in raid 1

Intel X710DA2

Or

ASrock Rack X470D4U Micro

Ryzen 5 4650GE

64G ECC

Dual Intel 670P in raid 1

2x

Intel X710DA2

I have some spare gear also
HP 160 Gen 9 dual 10g card (Pretty sure this one is X510)
2x Dell 7920 with dual 4116’s No network card but adding one isn’t an issue
Asrock Rack forgot model but 2x 10g and a Threadripper 1950x

This is getting pretty old and power hungry but I could use it if there is a good reason.

2

Welcome! :hugs:

If you choose the Ryzen route, use a ‘regular’ R7 3700 instead of the 4650GE. For a server, you don’t need a GPU/APU, unless transcoding is a hard requirement.

There are more options, especially for your home lab:

  • Gigabyte MJ11-EC0: 4c/8t EPYC 3151 based m-ITX board (so regrettably just one PCIE 16x slot), board comes with SoC pre-installed, mine was around 500€ (tax/shipping included)
  • Asrock also has some EPYC 3000 series SoC systems, the top of the line (with matching price tag!) is the EPYC3451D4I2-2T, which I’ve seen for sale online at 2k USD :exploding_head: But it has 2x 10Gb LAN port already :wink:
  • Alternatively, search Aliexpress (what I did) or ebay for used 1st gen EPYC 7xx1 series CPU and mainboard. I got my systems for well under 1k USD each: 7551P CPU, Supermicro H11SSL-i mainboard, 4x 32GB Samsung ECC LDIMM RAM and 2U cooler with fan. A 3U rack case allows for 120mm fans, so lots of air moving for as little noise as possible.

My ASrock Rack X470D4U board runs with a R7 1700 (non-X) but only b/c the BIOS was kept at the older version (3.50), as the newer versions (4.x) ditch support for the 1000 series Ryzen in favour of the 5000 series.

HTH!

3

I want ECC, and as per the motherboard document only the Ryzen Pro supports it; I should have spelled out it as a Ryzen Pro 4650GE. I understand ECC is not strictly needed for this use case, but I tend to err on the side of caution and use it for anything I can as a general rule.

The Gigabyte MJ11-EC0 would not work. I currently have 2.5G and 1.2G ISP. This board would not meet my needs, IMHO.

The EPYC3451D4I2-2T would work, but the single-thread nature of some of the routing would give me pause.

Aliexpress? Shivers at the thought.