Ok Ladies and Gents, I’m about to throw down on a pfSense box, I’m debating between three boxes:
Will be running simple home network- designated interface for WAN, LAN and DMZ (maybe more later), VPN, VLAN, Snort, pfblockerng, syslogs forwarding to auditing software.
$249 one is tempting not just because price but supports ecc ram which tickles me for some reason, the $299 one seems to have a lot of graphics compute that wouldn’t be used, the strait from pfsense one I would hope comes with a higher level of polish and support.
Was tempted to get an i5 version of those Amazon boxes in case later I want it to be an ESXi host someday in the future, but too much $$, can’t justify that much power for a router.
As long as it has AES instructions, that’s all you really care about for VPN encryption. You will need something more powerful if you want to VPN or SSH at faster than 1Mbit/s. (that’s the most my old WNDR3700 could do)
Yeah I tend to nuke these things- I know this isn’t a $fortune$, but with having three choices there has to be one that has “clear” advantages. Little things that can peeve a person post purchase, for instance I believe Suricata does not run on the ARM builds (except Ubuntu I guess). With that last fact, if one wants to run Suricata even just for a little while to experiment with, that throws out the Netgate appliance. Netgate seems to be making more and more ARM based builds so I would imagine this won’t be an issue for much longer.
I guess its basically ARM v7 Cortex-A9 vs. Celeron® 3865U vs Intel Atom E3845 Quad Core CPU @ 1.91GHz, 64 bit. What of the three do you see as most future proof for where pfSense is going? (They are all AES-NI, I’m not making the J1900 mistake again haha).
I’m leaning towards the Celeron simply because its the newest of the bunch.
my 2 cents with everything that we know about intel and there IME i would take the arm box. but still a gamble with how well it will hold up in the security world. then again if there are flaws there is a security hole. so who is to say if the arm route really is secure.
Risk, that was my logic, ordered the Celeron model, @looming-hawk, Intel me was a concern for sure, and I like arms low power draw but I went for the newest processor.
So far the Celeron is holding up, no crashes. Putting Linux on the old box and will be figuring out a way to do load tests.
Just curious, but why not just buy a used Dell/Lenovo workstation and install a quad nic inside? It’ll be a lot more powerful than this, along with being much cheaper, so you’ll be future proofing yourself.
Something like a Dell 3020 SFF or Lenovo M93 SFF are both small PC’s (albiet, not as small as the PC’s you’ve linked), support Haswel CPU’s, and are capable of being tons more powerful than the PC’s you’ve linked.
And I have a 4 port Intel nic just sitting around, but I don’t need a lot of power, I wanted something with no moving parts, effecient and small (goes under TV)- but your idea sounds really good, maybe I will grow into this.
then again if there are flaws there is a security hole. so who is to say if the arm route really is secure.