I've finally acquired the resources necessary to begin purchasing parts, but this is my first OPNsense build and I'd be grateful for any specific hardware suggestions. My budget is $300-600, but can be flexible. Will be using OPNsense for IPS, Sensei, adblocking, geoblocking, and web content filtering for up to 15 devices. I really want to go for the i3 to be on the safe side. I do indeed own a rack, but the rack builds seem rather expensive.
Parts wise, I was thinking:
Processor: i3-10100 - $105
Motherboard: ASUS Prime B460M-A LGA 1200 - $122
PCIe NIC: Dell Intel PRO/1000 VT Quad Port Server Adapter LP PCI-E with Both BR - used $43
RAM: TEAMGROUP T-Force T1 DDR4 16GB Kit (2 x 8GB) 2666MHz - $50
SSD: 860 EVO 250GB - $50
CPU Cooler: Noctua NH-L9i - $40
Case: Rosewill 2U Server Chassis RSV-Z2700 - $100
Power Supply: EVGA 110-BQ-0500-K1 500W Bronze - $75
Total: $585
I've only built one other computer before, so I realize that this proposed build is probably a mess, that's why I'm reading out to the community.
Any help would be appreciated!!
Where are you based? Personally I'm a big fan of SuperMicro but they can be more or less difficult to buy depending on where you are. It's enterprise level stuff so (almost always?) comes with IPMI which is useful. Many of their motherboards have 2 or 4 NICs built-in so you wouldn't have to mess around with separate network card.
Is noise a concern? If so you may want to go small form factor PC instead. The Dell Optiplex business PCs seem popular and are built to run 24x7 for years and years. You would have to add one or two PCI-e NICs to taste. Also popular on this forum is the Qotom boxes. They are fanless so completely silent. Best bought directly from AliExpress.
All depends on your needs including your WAN speed. The gen 10 i3 would be insanely fast in the context of a (home?) firewall for 15 clients and you would saturate at least gigabit WAN with IDS very easily. I've got an older gen 5 i5 laptop chip and it saturates gigabit WAN with Suricata IDS at about 50% CPU load.
I appreciate the response! I'm based out of Columbus, Ohio. I was actually trying to figure out where I'd even acquire a SuperMicro product haha. I've been researching this for days, and I think I've come to the conclusion that it's just not viable for me to be using server hardware. I'd like to do something like this
(https://images-na.ssl-images-amazon.com/images/I/81BqUbKEW4L._AC_SL1500_.jpg)
But with a custom build in the same form factor with also strong processing power.
Noise is not a big concern, but form factor is. Whatever the device is will have to fit on one of my shelfs on my rack (25U). I'm more inclined to custom build, but if I can get a deal (refurbished is fine), I'll pull the trigger.
I'm all for future-proofing. The gen 10 i3 is only $100, saving $50 on a cheaper processor isn't worth it in my opinion.
The Lenovo ThinkCentre M720q Tiny is another SFF option. You can get an optional 4 port Intel NIC. Not as much fun as your own build but you can get them at great prices. My OPNsense is running on one (i3-9100T).
Thank you all for the help!
I finally decided to go with this Optiplex - $481 used:
https://www.amazon.com/gp/product/B08F83YLPB/ref=ppx_od_dt_b_asin_title_s00?ie=UTF8&psc=1 (https://www.amazon.com/gp/product/B08F83YLPB/ref=ppx_od_dt_b_asin_title_s00?ie=UTF8&psc=1)
And this NIC - $76 new: https://www.amazon.com/gp/product/B002JLKNIW/ref=ppx_yo_dt_b_asin_title_o00_s00?ie=UTF8&psc=1 (https://www.amazon.com/gp/product/B002JLKNIW/ref=ppx_yo_dt_b_asin_title_o00_s00?ie=UTF8&psc=1)
Single-core performance is slightly worse than the 10th gen i3, but I'm sure it'll be fine.
maybe I am overlooking something - but how do you add additional NICs there? especially your PCI-E one?
Good catch, I noticed the problem too. I hadn't checked the spec sheet, but it turns out only the micro doesn't have PCI-E slots. I just swapped to this used for $527, which has a half-sized x16. This should be fine right? I've never heard of a "half-sized" PCI-E port.
https://www.amazon.com/gp/product/B07TLNQ1NL/ref=ppx_yo_dt_b_asin_title_o00_s00?ie=UTF8&psc=1 (https://www.amazon.com/gp/product/B07TLNQ1NL/ref=ppx_yo_dt_b_asin_title_o00_s00?ie=UTF8&psc=1)
might be the second shorter slot-plate for smaller computer chassis?
https://en.wikipedia.org/wiki/File:An_Intel_82574L_Gigabit_Ethernet_NIC,_PCI_Express_x1_card.jpg
That would make sense. I'm sure it will fit one of them haha
Yes, I should have said - you need at least the SFF (small form factor) Optiplex, the Micro ones have no PCIe expansion slots... Also the PCIe is half-height (as opposed to full-height). Many network cards come with both full-height and low profile brackets. You may want to check that too.
Hmm it's looking like this card won't come with that. Is this something I can purchase separately or will I need a different card?
I don't know about that particular card. If you look at the listings on Amazon you'll see quite a few cards with pictures of both full height and low profile brackets in the listing. I guess you could check eBay as well.
Actually your linked item card has title "Dell Intel PRO/1000 VT Quad Port Server Adapter LP PCI-E with Both BR". I would read "Both BR" as both brackets ie full height and shorter. So you may be in luck.
Hmm I sure hope you're right. Is there really no way a full-sized one will fit? I'd hate to have to pay return shipping on the NIC.
I just got a dell inspiron 3880 refurbished from the Dell outlet.
I3 10100
4Gb Ram
1TB 7200rpm hdd.
1yr on site warranty
Was $250~.
Added another 4gb stick, i350t2, 32gb name m2 ssd for os.
A little over $300 invested.
Just got the box delivered haven't installed opnsense yet.
I'm co fident the 10100 can do my gig line with 3 or 4 uses and IPS/IDS.
If not.. shouldn't be a huge hit/loss.
How's it working for you?
Because Supermicro was already mentioned here in this thread. I'm currently thinking about a built with this board:
M11SDV-4CT-LN4F https://www.supermicro.com/en/products/motherboard/M11SDV-4CT-LN4F
They have it with different AMD EPYC CPUs (3101, 3151, 3201 and 3251). Prices in Germany seem to range from 400 to 650 Euro depending on the CPU you want to use. They are passively cooled (the 3251 is also available with a fan mounted) but I think it needs some airflow to get rid of the heat.
Combined with a case like that https://www.supermicro.com/en/products/chassis/1U/E300/SCE300 if rackmount is needed or any other mini-itx case on the market, 8-xGB ECC Ram, an NVM-E SSD and a power supply, you should have a powerful Firewall box for 650-1000 Euro with IPMI.
Been looking at that too and looks ideal in many way. What puts me off is the many reports on the internet of that case being very loud (small but high rpm fans). Never seen or heard one myself though.
Personally I've boiled it down to either one of those Supermicro AMD embedded but in a non-Supermicro (quiet) case mini itx case - or a small form factor business PC with PCIe nic added.
Haven't pulled the trigger on either yet though.
I think the Supermicro case is only useful for rackmount-installations. Usually no one cares about noise in when running in a rack.
There are a lot of Mini-ITX cases around. I like for example the Thermaltake Core V1 with its huge fan in the front. Really quiet but not the smallest possible case.
There are even passively cooled mini itx cases on the market and with the option of putting the power adapter externally, you gain some free air in the case. The only thing that's missing is native redundant power supply support but there are redundant atx power supplies around to fix that (around 300€).
Thermaltake Core V1 looks solid but it's massive. Cooler Master Elite 110 looks really good I think. 120 or 140mm fan at front and optional 2x 80mm on the side. That must be enough for the passive heatsink on the AMD CPU, and can get quality fans to taste and budget to keep the noise down.