Hi, I am an Opnsense newbie and I need to install a firewall in my office. We are a no profit, so I'm trying to balance between price and quality.
Our internal network is 1GB, but only rather small files travel through the LAN (pdfs and docs mostly). There are about twenty clients spread over two floors and a dozen mobiles connected to wifi, three printers, two access points, a fileserver with Active Directory and a NAS for backups.
WAN bandwidth is 200/20 FTTS, and I have a backup WAN router too. Opnsense should therefore act as router, firewall and load balancer + failover, and I would also need to add DHCP, IPS, Web filtering and VPN features (but VPN connections would be very rare, for a couple of users and hardly connected at the same time).
What hardware do you think would fit this scenario? I started with the idea of adopting a clustered APU4 solution:
https://www.miniserver.it/firewall/cluster/nano-cluster-apu-4c4.html (https://www.miniserver.it/firewall/cluster/nano-cluster-apu-4c4.html)
reading on the vendor's website, however, such hardware would seem to be not enough, both in terms of number of clients and features.
So I am evaluating these QOTOM boxes:
https://it.aliexpress.com/item/32812678037.html?spm=a2g0y.12010610.8148356.9.459a4dcdWuJdOZ (https://it.aliexpress.com/item/32812678037.html?spm=a2g0y.12010610.8148356.9.459a4dcdWuJdOZ)
And this PARTAKER one:
https://www.amazon.it/Partaker-pfsense-Motherboard-Firewall-Computer/dp/B07MNNXHGM/ref=sr_1_7?__mk_it_IT=%C3%85M%C3%85%C5%BD%C3%95%C3%91&crid=1TXB4QYGLMNFD&keywords=partaker&qid=1572873540&sprefix=partake%2Caps%2C167&sr=8-7&th=1 (https://www.amazon.it/Partaker-pfsense-Motherboard-Firewall-Computer/dp/B07MNNXHGM/ref=sr_1_7?__mk_it_IT=%C3%85M%C3%85%C5%BD%C3%95%C3%91&crid=1TXB4QYGLMNFD&keywords=partaker&qid=1572873540&sprefix=partake%2Caps%2C167&sr=8-7&th=1)
I would equip them with 8GB RAM and 256GB SSD.
I've read many good reviews on this forum about Qotom, but I'm a little hesitant to buy directly from China due to shipping times (we're in Italy) and support, while I could buy the Partaker box from local Amazon. I saw no reviews about Partaker, though, and I really don't know if Atom E3845 would fit my needs or if I should go with I5/I7.
So, any suggestion would be extremely appreciated! Thank you!
The APUx-Series offers a lot performance/Euro.
For your your requirements that you wrote down the APU4C4 should be more than enough and quite a good choice.
You can also buy the apu4 as 19" with dual configuration too. So you get a cluster on very low space: https://www.varia-store.com/de/produkt/35701-19-dualrack-system-konfigurator-fuer-pc-engines-apu4-boards-dual-slot.html
If you want to use services like proxy with clam-av and/or IPS/IDS or hevay vpn use with maximal wan speed the APU4 reaches the limit an you'll need a hw with more (cpu)power.
Thanks monstermania
I would use IPS/IDS and proxy for web filtering for sure. VPN too, but for a few users and hardly they would connect at the same time.
With 20/30 clients connected APU4 would be enough or I need more power?
I think that an APU4 is enough for your wan speed and users if you don't want all services offered by opnsense. ;)The proxy itself don't need much (cpu)power. But if you want to use av scan within the proxy under OPNsense the cpu get on their limit.
When you use ids/ips at the same time an APU4 has not enough (cpu)power. Also the limited RAM could be a problem.
So take a look to the qotom devices with i5 cpu. They can handle up to 16GB of RAM. Into the forum you'll find some experiences with hw from qotom.
Ok, the product support of the company is bad, but the price tag make it very interesting. And when you use a fw cluster the support isn't an real problem for you. ;)
Thank you very much! :D
The Qotoms are very nice in that they are passively cooled and therefore completely quiet. I've got an i5 myself, in the cupboard in the bedroom as that's where the fiber comes into the house...! However, the Dell small form-factor business PCs are pretty darn quiet as well and if you put a quad Intel gigabit card in one of those (or or or two dual, according to your requirements) you have a higher spec machine with more up-to-date CPUs. At that level hardware you would really struggle to max out the CPUs even if you used IDS, antivirus and VPNs etc. And they are very reliable.
My Qotom has been rock-solid as well so far, but I do wonder if it suddenly is going to die on me one day.
Quote from: rungekutta on November 23, 2019, 10:45:32 PM
However, the Dell small form-factor business PCs are pretty darn quiet as well and if you put a quad Intel gigabit card in one of those (or or or two dual, according to your requirements) you have a higher spec machine with more up-to-date CPUs.
+1
I'm running exactly that. https://forum.opnsense.org/index.php?topic=13351.msg61385#msg61385
Confirmed a running 27W with a Kill-A-Watt meter. For the cost compared to anything micro/fanless I've seen with comparable specs will pay for a LOT of electricity.