apology
i am a noob - so probably this is a noob question but ↓
i did search for an answer but didnt get any definitive one, so ↓
i am planning putting opnsense on the PC appliance with 4 ports (this will be my 1st time with opnsense)
it will provide internet (300down /30up) to 2 computers (some browsing, gaming, streaming etc. no VPN, port forwarding or anything - very simple ...)
options:
1) it is suggested to use only 2 ports (wan,lan) on router and use separate switch - thats fine i have one but prefer not as is one more box/cables ...
2) bridge the ports on appliance - may slower the traffic
3) 2 separate vlans - may slower the traffic
how much performance hit will i get with option 2 and 3 ?
- is it enough to worry about ?
- if not much which one is preferred ?
thanks everyone
hardware:
Firewall Router Mini PC N100 Upgraded Fanless PC 4X i226-V 2.5G
16gb memory
128gb hd
and
TP-Link TL-SG105 5 Port Gigabit switch
My recommendation is keep it simple. Use the switch on one interface.
Start with 1 for sure.
You can experiment with bridging with the remaining 2 ports (eventually adding the 3rd later).
You would need to adapt the guide since you'd create a new interface (instead of moving LAN).
You can measure the performance impact on your HW.
3 (you probably meant separate LANs - physical isolation, versus logical with VLANs).
That seems questionable, unless you really intend to treat these 2 machines differently.
ok so the opnsense is installed - i changed nothing except the username and password ...
does anything needs to be tick on/off to make it safe(er)? - was told that it is "safe" out of box? - explenation, as safe as asus or other general consumer supported router
(will connect the wan later this week and check for updates)
the idea is to replace the asus router that is no longer supported
i understand that opnsense can be "anything/everything" depending on users needs and its a completely different animal then asus
but i am planning to run it in "vanilla" mode (maybe some simple plugging in "automatic" mode)
as mentioned above simple network 2 PCs on wire connection
thanks for any advice
Connect and configure your WAN and you are good to go.
Out of the box is safe, safer than an EOL consumer router.
You already get MUCH better logging (typically dismal when it even exists in consumer router).
You may want to update on a schedule...
thanks everyone
will try to switch the routers today
was wondering if there is an "easy plugging" that can run in "auto" mode to make the router safer (by easy i mean no extensive setup that can easily screw thinks up - a noob level)
eventually i will try to learn things ...
BTW i notice that the pc appliance gets very warm - but after putting a 120 fan on top of it (connected to usb port with adapter) temp should not be a problem (will check the numbers with and without fan on and report it for future reference)
If you go to FIREWALL -> RULES, you'll see that there are a bunch of "Automatically generated rules." These should give you good protection.
The outside of the units do tend to get hot. I questioned Protectli about mine and they said it was normal. It's usually just hot on the cooling fins by design. I set mine on a ceramic tile just in case.
thanks
the fan i am using on top of those fins took away all the "warmness" it spins very slowly no noise whatsoever ...
The fan is fine, although probably not needed if your router sits in plain air, not enclosed at all. They are designed to maintain a safe temperature in normal ambients and higher. You can see an approximation of CPU temperatures in the dashboard (but do not go down the CPU temp rabbit hole).
Given the powerful equipment and modest needs you have, I would have differed from earlier advice by saying definitely choose either of 2 or 3 (separate LANs in the latter case, you have ports not to need vLANs as such), skipping the extra equipment, cables, plugs. You appear to have no noticeable communication between computers, just internet links and at a relatively low speed. A much lesser bit of hardware would do the job without adding a switch. You are well future-proofed.
so far so good
the CPU temps are from 37° to 52° mostly around 42° (there is another sensor that shows 27° all the time)
using switch was a good idea - now i can just reset change the user/password and have everything working - in case i play too much with the setting and do something silly ...
i have to give it more time to be sure but the ping looks lower then before (asus ax86u pro) - thats for fortnite
and agree that the router seams an overkill:
the memory use 4%
disc 1%
cpu 2% jumping to 10 % (once 21%)
will keep tread updated - maybe some noobs find it useful
should i turn on the
services / intrusion detection
if YES which rulesets should i use
any recommendation ?
thanks