OPNsense Forum
English Forums => Hardware and Performance => Topic started by: cpmiller22 on May 24, 2021, 07:17:47 pm
-
Hi all,
I'm currently running a Unifi USG, and I'm looking to switch over to OPNsense. There are many reasons, but I definitely would like to be able to run NGFW services like IDS/IPS. I'd ideally like to have something with a small form factor that can fit in my wiring cabinet, and be under the $500 price range. I have a gigabit cable modem connection, so I know I'll need some power to keep up with that. I've looked at Protectli, Qotom, fitlet2 and there seem to be lots of options. I suppose one of the big questions is will one of these types of boxes with a celeron or atom processor handle that, or do I need something with an i3, or i5 in it. So many options out there I'm hoping someone can help point me in the right direction.
Thanks!
-
The big factors are CPU, memory, and network adapter. I looked at going with the smaller form factor installs, but ended up repurposing an old dell T1700SFF PC. I have it running an Xeon CPU E3-1225 v3, 32GB Memory, with a Dell Intel 350 4 Port NIC Card.
I actually get my 1GB/1GB internet with it, that's without IDS/IPS of course. When I add that it goes down to 700/700.
-
Thanks for the response. I really wish that was an option for me, but I just don’t have the space for a bigger form factor.
Sent from my iPhone using Tapatalk
-
I am running a second hand thin client, HP T730, very affordable, it has a single card slot populated with a Intel I340 4 port Nic (you want the I350 if you want to virtualize) it routes my near 1gig connection (850-950 cable depending on the day) with with the CPU hardly breaking a sweat.
But I am not running any packet inspection or intrusion detection, from my understanding that is a more CPU intensive task.
-
I run Qotom i7 / 16gb memory / 12gb SSD / run IDS/IPS / Sensei / Geo Block/ VLAN / -- been running this now for about 2 years with any hiccups...Constantly get anywhere between 800-900 speeds on 1g line.
Run business out of my house with 4 employees and we stream everything.
-
I run Qotom i7 / 16gb memory / 12gb SSD / run IDS/IPS / Sensei / Geo Block/ VLAN / -- been running this now for about 2 years with any hiccups...Constantly get anywhere between 800-900 speeds on 1g line.
Run business out of my house with 4 employees and we stream everything.
Thanks for the reply. I have a few questions for you-
What generation i7 are you running?
What does the processor utilization look like?
Did you end up needed the 16GB ram or would 8gb suffice?
Sent from my iPhone using Tapatalk
-
not sure what qotom cpu he is using but i have the i7-7500u in my box
i also have a hp t730 which is also real good value for the money.
-
Qotom with i5-5250U (1.6GHz, 4 cores) here and no problem saturating 1Gb WAN with Suricata and a bunch of rules enabled. CPU load is around 50% when I max out, where Suricata represents most of it.
-
You need at least 3GHz Haswell or newer Intel Core i CPU. At least 8GB RAM depending on simultaneous device count. SSD or 10-15K rpm HDD is a must. The best bang for the buck is a brand SFF PC with 4 port pcie Intel NIC. But it's 2U high...
-
not sure what qotom cpu he is using but i have the i7-7500u in my box
i also have a hp t730 which is also real good value for the money.
Intel(R) Core(TM) i7-7500U CPU @ 2.70GHz (4 cores)
8gb should be fine but i got 16gb to future proof.
CPU is usually hover up down around 20 percent.
-
Thanks for all the input. I ended up going with i5 7200u qotom with 16GB and 120gb msata. It’s pretty much a beast and rarely breaks a sweat.
Sent from my iPhone using Tapatalk
-
Always nice to see the end result. Did you also wall mount it? Or do you have it sitting on a shelf somewhere. I'm curious how other people have their airflow done; for me it mostly doesn't seem to matter in my climate but other places in the world probably need to pay more (or even less) attention to it.
-
I have mine mounted behind the wire panel in my house. I’ve mounted a pair of 120mm fans at the top and bottom of the panel (one blowing and one blowing out) to keep the equipment cool. I also adjusted the bios settings to automatically start when power is restored.
Sent from my iPhone using Tapatalk
-
My 1Gbps hardware setup is also Qotom 555 i5 as described here: https://jimahn.com/posts/opnsense-att-gateway-bypass/ (https://jimahn.com/posts/opnsense-att-gateway-bypass/). It's been running flawlessly since last year and idles between 20% to 40%, memory usage at ~50% or ~4GBs.