OPNsense Forum

English Forums => Hardware and Performance => Topic started by: Solid-Profession on August 14, 2020, 08:55:56 pm

Title: What hardware?
Post by: Solid-Profession on August 14, 2020, 08:55:56 pm
Hi,

I've looked here:
https://forum.opnsense.org/index.php?topic=14360.0

But not sure if the Qotom-Q555G6-S05  is still a good shout?

I'm currently playing with a Fortinet 60e which is costing me the Earth, given I'm a home user, and I therefore require something that's fanless and low power.

I'd like to have a "sort of" UTM, where it has AES-NI enabled too, just in case I like the look of something else, so I don't have to buy twice

Currently on the Fortinet, with only me connected to it, apparently it's using 56% RAM with 86 sessions and 14.1% load on the SPU

The maximum amount of people connected to it would be maybe ten. 20 at a push. On the Fortinet I've VLANd off one of the interfaces and made that my interface for my downlink to my switch, and I've got a WAN interface out. It doesn't seem like there's a noticeable difference when adding the firewall. The speed of my broadband is 350Mb/s (down)

I also want to make sure that I don't use Intel 219 NICs because they're not supported with another vendor should I choose to reflash the firmware.

I live in the UK too, but I'm fine with purchasing something say from aliexpress, or Europe. Any help would be much appreciated!
Title: Re: What hardware?
Post by: Patrick M. Hausen on August 14, 2020, 10:33:14 pm
I buy my hardware from https://www.varia-store.com/ currently. I have two proposals:

1. "high end"

4 cores
4 G RAM
4 Intel network interfaces
128 G SSD

Select the PCengines APU4D4 with case, power supply (pick the PCengines one), and a Transcend 128 G SSD.
Add the APUFIX1A for your first build, only need this once.

About 300€.


2. "average"

4 cores
2 G RAM
2 Intel network interfaces
32 G SSD

Select the PCengins APU2E0 with case, power supply (pick the PCengines one), and a Transcend 32 G SSD.
Add the APUFIX1A for your first build, only need this once.

About 150€.

Both are great high quality long lasting devices.


3. "cheap"

To get to a two-figures amount I learned that the Rock Pi E was the hot stuff today, but I cannot recommend a supplier. System is about 50€ for 2 network interfaces, WiFi and 1 G of RAM, need to add a passive cooler, case, power supply and MMC storage - well below 100€.


4. "dirt cheap"

Sorry, switch to OpenWRT on a Raspberry Pi or similar ...
Title: Re: What hardware?
Post by: Solid-Profession on August 17, 2020, 10:43:12 pm
I buy my hardware from https://www.varia-store.com/ currently. I have two proposals:

1. "high end"

4 cores
4 G RAM
4 Intel network interfaces
128 G SSD

Select the PCengines APU4D4 with case, power supply (pick the PCengines one), and a Transcend 128 G SSD.
Add the APUFIX1A for your first build, only need this once.

About 300€.


2. "average"

4 cores
2 G RAM
2 Intel network interfaces
32 G SSD

Select the PCengins APU2E0 with case, power supply (pick the PCengines one), and a Transcend 32 G SSD.
Add the APUFIX1A for your first build, only need this once.

About 150€.

Both are great high quality long lasting devices.


3. "cheap"

To get to a two-figures amount I learned that the Rock Pi E was the hot stuff today, but I cannot recommend a supplier. System is about 50€ for 2 network interfaces, WiFi and 1 G of RAM, need to add a passive cooler, case, power supply and MMC storage - well below 100€.


4. "dirt cheap"

Sorry, switch to OpenWRT on a Raspberry Pi or similar ...
Terribly sorry but I wasn't alerted to this from emails. Only seen it as I logged in

What's best for me? I have maybe a maximum of 15 users, typically 5 users. I don't want to get something high end if I don't need it. I essentially want it to "act like" a UTM device but also be rather.. small. I don't care about HA too as it's in the home

The broadband connection is also 350Mb/s
Title: Re: What hardware?
Post by: Patrick M. Hausen on August 17, 2020, 11:42:53 pm
If your connection is between 100 M and 1 G/s the one I labelled "high end" will be just sufficient.
It's a small router like device with passive cooling, I like it very much.

But: it will not be able to run Sensei and other advanced IDS/IPS modules at your uplink speed. If you want to use that, someone else needs to step in with a proper sizing.

After all, 4 G memory is small today. I just provisioned two new hosting servers with 192 G each.

HTH,
Patrick
Title: Re: What hardware?
Post by: chemlud on August 18, 2020, 08:31:47 am
...find a decent used Dell Optiplex SFF (small form factor, important!) and up to 2x2 Intel networking cards. About 200.- all in all if you look in the right places. Plenty of power and will run your stuff for years...

Title: Re: What hardware?
Post by: Solid-Profession on August 18, 2020, 10:47:15 am
...find a decent used Dell Optiplex SFF (small form factor, important!) and up to 2x2 Intel networking cards. About 200.- all in all if you look in the right places. Plenty of power and will run your stuff for years...

Sorry but I'd rather keep things as small as possible. A Qotom box instead then?
Title: Re: What hardware?
Post by: Solid-Profession on August 18, 2020, 10:49:33 am
If your connection is between 100 M and 1 G/s the one I labelled "high end" will be just sufficient.
It's a small router like device with passive cooling, I like it very much.

But: it will not be able to run Sensei and other advanced IDS/IPS modules at your uplink speed. If you want to use that, someone else needs to step in with a proper sizing.

After all, 4 G memory is small today. I just provisioned two new hosting servers with 192 G each.

HTH,
Patrick


Hi,

My uplink speed isn't as high as my download speed. Even with 512Mb/s the upload speed is just 36Mb/s. Would it still be an issue?
Title: Re: What hardware?
Post by: Patrick M. Hausen on August 18, 2020, 11:04:30 am
The PCengines box will get you 512 Mbit/s throughput but not with additional services. Most people want IDS/IPS for ingress ;)

The Qotom boxes do look like a cheaper rip-off of the Protectli Devices to me. I have experience with neither, sorry.
Title: Re: What hardware?
Post by: lar.hed on August 18, 2020, 04:02:45 pm
I'm using the Qotom you mention. I like it alot, just remeber to move the jumper for boot on power (if you like, after power failure I like autorestart). Are there bettwr solutions? Maybe but so far I have seen none. And it is not using alot of power either, nor.does it get hot. As I wrote above, I like it alot, and it is perfect for me (that I am having config challenges has nothing to do with the hardware). From my perspective: go for it!
Title: Re: What hardware?
Post by: Solid-Profession on August 18, 2020, 06:14:55 pm
I'm using the Qotom you mention. I like it alot, just remeber to move the jumper for boot on power (if you like, after power failure I like autorestart). Are there bettwr solutions? Maybe but so far I have seen none. And it is not using alot of power either, nor.does it get hot. As I wrote above, I like it alot, and it is perfect for me (that I am having config challenges has nothing to do with the hardware). From my perspective: go for it!

Thanks. Which one do you have? How exactly do you move the jumper? Do you unscrew it, move the little blue thing from one pin to another pin?
Title: Re: What hardware?
Post by: lar.hed on August 18, 2020, 08:45:26 pm
I have:
Quote
Qotom-Q555G6-S05 Qotom Mini PC Intel Core i5 7200U Industrial Micro PC Barebone System Dual Core Desktop Small Computer with 6 Gigabit Ethernet NIC
to be exact.

The jumper that needs to be moved, if one need/wish autostart on power return, is just a small jumper (you lift it and move it one pin so to speak. There are a few YoutUbe videos on that, for example: https://www.youtube.com/watch?v=-2pZi3hf2f4 (https://www.youtube.com/watch?v=-2pZi3hf2f4)

Title: Re: What hardware?
Post by: Solid-Profession on August 19, 2020, 10:52:04 am
I have:
Quote
Qotom-Q555G6-S05 Qotom Mini PC Intel Core i5 7200U Industrial Micro PC Barebone System Dual Core Desktop Small Computer with 6 Gigabit Ethernet NIC
to be exact.

The jumper that needs to be moved, if one need/wish autostart on power return, is just a small jumper (you lift it and move it one pin so to speak. There are a few YoutUbe videos on that, for example: https://www.youtube.com/watch?v=-2pZi3hf2f4 (https://www.youtube.com/watch?v=-2pZi3hf2f4)

Thanks. It's a but weird that you have to do that
Title: Re: What hardware?
Post by: GrumpyOLTechie on August 20, 2020, 07:00:03 pm
I've been running the "software-that-OpnSense-came-from-that-cannot-be-named-less-it-notice-us-and-be-summoned" for about 10 (?) years now on old PC's.

I came here to update myself on the state of OPNSense. I tried it when it was first released but Suricata was not working very well at all. I would like to try OPNSense but not at the expense of productivity for my work from home wife.

I started with an Old Dell XPS 630i Core2 DUO 4GB ram (non-AES capable) - retired -R.I.P - blown daughter board after 12 years of service as 1st my desktop, (free +$29.00 = ADATA 120 SSD  from this point as I would dispose of it or do the following) then to firewall, then to Linux Web Server.

Currently running Old Dell Inspiron i3 6GB Ram (non-AES capable) my father-in-law hand me down (free +$49.00 = Kingston 120 SSD)

Am planning on swapping out to an OLD Dell XPS 8700 Studio 16GB RAM (AES capable) as soon as I find the time (been waiting for 1yr now) (free +$49.00 = Kingston 120 SSD)  (another family member hand me down)

I guess what I am saying is it might be cheaper if you want to transfer an image of your existing firewall to a cheap'ish SSD and use an old PC.

I only pay for 150/15 Mbps so I am good. 20 odd devices in the house with 7 of them being desktops/laptops that are regularity used, the rest are a mix of WIFI routers (x2) and cell phones, hand held gaming consoles, Xbox etc....

No one ever complains about speed in my house unless the ISP is having issues or unless a piece of hardware has blown out - usually the crappy cable modems - is there such a thing as a non-crappy cable modem - you know, one that will last longer than 3 or 4 years?

Anyways, I realize there are many reason to NOT use an old PC but if you're not affected by any of those, I have found it to be pretty cheap while still getting a "corporate-like firewall.

With ALL the above systems I have never seen the "software-that-OpnSense-came-from-that-cannot-be-named-less-it-notice-us-and-be-summoned" use more than 40% RAM at it's busiest and normally runs at %20 or less. CPU has never gone over 5 or 6% that I've noticed.

Cheers.
Title: Re: What hardware?
Post by: chemlud on August 20, 2020, 07:13:30 pm
nobody has a problem with pfsense over here, only the other way around, you get banned in the forums for mentioning OPNsense. ;-) (or even for asking heretical questions)

I still have to use one install of this piece of software, as I want to use IPS on a PPPoE WAN interface. Not a problem, really.

Fully support your "old hardware rulez", but the young guys always have a look at the electricity bill. But on the other hand: what you spent for electricity you safe for the warming of the house in winter time :-D
Title: Re: What hardware?
Post by: qarkhs on August 20, 2020, 08:14:44 pm
nobody has a problem with pfsense over here, only the other way around, you get banned in the forums for mentioning OPNsense. ;-)
Qotom is also a non-topic there. There are not a few people here rather than there as a result of their behavior.

Worth checking out Fitlet2 with J3455 at https://fit-iot.com/web/products/fitlet2/fitlet2-specifications/ (https://fit-iot.com/web/products/fitlet2/fitlet2-specifications/).
Fanless and low power but not sure it meets all the requirements of OP. Same company has a new series of devices coming out called Tensor-PC. Details are a bit sketchy at the moment but looks interesting.




Title: Re: What hardware?
Post by: Solid-Profession on August 21, 2020, 08:50:25 am
nobody has a problem with pfsense over here, only the other way around, you get banned in the forums for mentioning OPNsense. ;-)
Qotom is also a non-topic there. There are not a few people here rather than there as a result of their behavior.

Worth checking out Fitlet2 with J3455 at https://fit-iot.com/web/products/fitlet2/fitlet2-specifications/ (https://fit-iot.com/web/products/fitlet2/fitlet2-specifications/).
Fanless and low power but not sure it meets all the requirements of OP. Same company has a new series of devices coming out called Tensor-PC. Details are a bit sketchy at the moment but looks interesting.

pmhausen said that a low power Apu board wouldnt cut it because

"The PCengines box will get you 512 Mbit/s throughput but not with additional services. Most people want IDS/IPS for ingress ;)"

Would I not run into the same problems here?
Title: Re: What hardware?
Post by: Solid-Profession on August 21, 2020, 09:25:56 am
nobody has a problem with pfsense over here, only the other way around, you get banned in the forums for mentioning OPNsense. ;-) (or even for asking heretical questions)

I still have to use one install of this piece of software, as I want to use IPS on a PPPoE WAN interface. Not a problem, really.

Fully support your "old hardware rulez", but the young guys always have a look at the electricity bill. But on the other hand: what you spent for electricity you safe for the warming of the house in winter time :-D

Electricity costs AND a lack of space lol. If the old hardware consumed less AND was as small then that'd be fantastic
Title: Re: What hardware?
Post by: chemlud on August 21, 2020, 09:36:11 am
An Optiplex SFF is not really "big". And if you have old hardware lying around, you safe some 100 bucks that you can invest in electricity...
Title: Re: What hardware?
Post by: Solid-Profession on August 21, 2020, 10:43:29 am
An Optiplex SFF is not really "big". And if you have old hardware lying around, you safe some 100 bucks that you can invest in electricity...

Perhaps but I've only got a small rack. Also tbh I've always been a fan of "small" The smaller something is the better for me. It's an aesthetic thing. I slowly want to replace my NAS with something that's tiny too
Title: Re: What hardware?
Post by: chemlud on August 21, 2020, 11:20:15 am
NAS? I built some in mini-ITX enclosures with an odroid xu4 and 2x 2.5" SSDs/HDDs...
Title: Re: What hardware?
Post by: Solid-Profession on August 21, 2020, 01:01:11 pm
NAS? I built some in mini-ITX enclosures with an odroid xu4 and 2x 2.5" SSDs/HDDs...

I'll probably replace that with something raspberry pi... sized but not quite pi
Title: Re: What hardware?
Post by: chemlud on August 21, 2020, 01:34:44 pm
The odroid xu4 is pi-sized, but with GBit ethernet, 2x USB3, fast processors and solid OS support. :-D
Title: Re: What hardware?
Post by: Solid-Profession on August 21, 2020, 06:43:37 pm
The odroid xu4 is pi-sized, but with GBit ethernet, 2x USB3, fast processors and solid OS support. :-D

Someone told me to go with the nanopi instead. Is the odroid better?
Title: Re: What hardware?
Post by: chemlud on August 21, 2020, 06:46:56 pm
What is "better"? :-D

Have only raspberries (10-20) and some XU4. NAS is stable and performant...
Title: Re: What hardware?
Post by: Solid-Profession on August 21, 2020, 08:32:59 pm
What is "better"? :-D

Have only raspberries (10-20) and some XU4. NAS is stable and performant...
[/quote
Faster, easier to use, has real boards?
Title: Re: What hardware?
Post by: qarkhs on August 21, 2020, 08:35:33 pm
pmhausen said that a low power Apu board wouldnt cut it because

"The PCengines box will get you 512 Mbit/s throughput but not with additional services. Most people want IDS/IPS for ingress ;)"

Would I not run into the same problems here?

I don't know as I am not running IDS/IPS on mine at the moment but see https://bbs.io-tech.fi/threads/palomuuri-1gbit-kuituliittymaelle.74958/#post-2855744 (https://bbs.io-tech.fi/threads/palomuuri-1gbit-kuituliittymaelle.74958/#post-2855744) and other discussion on the same board. You will need to use Google translate unless you read Finnish.
Title: Re: What hardware?
Post by: Solid-Profession on August 22, 2020, 02:20:39 pm
pmhausen said that a low power Apu board wouldnt cut it because

"The PCengines box will get you 512 Mbit/s throughput but not with additional services. Most people want IDS/IPS for ingress ;)"

Would I not run into the same problems here?

I don't know as I am not running IDS/IPS on mine at the moment but see https://bbs.io-tech.fi/threads/palomuuri-1gbit-kuituliittymaelle.74958/#post-2855744 (https://bbs.io-tech.fi/threads/palomuuri-1gbit-kuituliittymaelle.74958/#post-2855744) and other discussion on the same board. You will need to use Google translate unless you read Finnish.

Thanks. I guess the other issue is that it uses i211 Intel stuff, which means that if I want to move to Sophos, I'd have to buy new hardware?
Title: Re: What hardware?
Post by: Solid-Profession on August 22, 2020, 04:41:13 pm
pmhausen said that a low power Apu board wouldnt cut it because

"The PCengines box will get you 512 Mbit/s throughput but not with additional services. Most people want IDS/IPS for ingress ;)"

Would I not run into the same problems here?

I don't know as I am not running IDS/IPS on mine at the moment but see https://bbs.io-tech.fi/threads/palomuuri-1gbit-kuituliittymaelle.74958/#post-2855744 (https://bbs.io-tech.fi/threads/palomuuri-1gbit-kuituliittymaelle.74958/#post-2855744) and other discussion on the same board. You will need to use Google translate unless you read Finnish.

So near 1 gigabit for opnsense? I dunno if it supports AES-NI too? Sure it might not be needed now, but may be required in the future

Should I get this?

Atom x7-E3950 [CE3950

8 GB [D8]

M.2 SATA 64 GB [M64S]

No OS

Which Facet card?
FC-OPLN 1x SFP+ Gbit Ethernet optical [FOPLN]?

I don't know about the interfaces, given that I honestly want it to last. If I have 10Gb infrastructure in the future I'd want this firewall to handle that too. Ideally both WAN and LAN could be SFPs? So I could stick in a module that connects to another device?

And leave everything else as standard?

You can customise the order here
https://fit-iot.com/web/product/fitlet2-build-to-order/
Title: Re: What hardware?
Post by: marjohn56 on August 22, 2020, 04:57:28 pm
nobody has a problem with pfsense over here, only the other way around, you get banned in the forums for mentioning OPNsense. ;-)
Qotom is also a non-topic there. There are not a few people here rather than there as a result of their behavior.
eets all the requirements of OP. Same company has a new series of devices coming out called Tensor-PC. Details are a bit sketchy at the moment but looks interesting.


And I am one of them... jumped ship before they could ban me!


I have Two Qotom's ( one for dev/test ) and never had an issue with them. First one I got I originally installed ESXi on with Opnsense as a VM, it worked perfectly fine except I was getting no thermal info from the CPU; great little devices.
Title: Re: What hardware?
Post by: lar.hed on August 23, 2020, 11:44:09 am
While we are on the subject of Qotom - does anyone know if there is a 8-port ethernet version around? I have the 6-port version, and would not say no to a 8-port version....
Title: Re: What hardware?
Post by: Solid-Profession on August 23, 2020, 01:01:38 pm
nobody has a problem with pfsense over here, only the other way around, you get banned in the forums for mentioning OPNsense. ;-)
Qotom is also a non-topic there. There are not a few people here rather than there as a result of their behavior.
eets all the requirements of OP. Same company has a new series of devices coming out called Tensor-PC. Details are a bit sketchy at the moment but looks interesting.


And I am one of them... jumped ship before they could ban me!


I have Two Qotom's ( one for dev/test ) and never had an issue with them. First one I got I originally installed ESXi on with Opnsense as a VM, it worked perfectly fine except I was getting no thermal info from the CPU; great little devices.

Out of interest, how much power do they consume?
Title: Re: What hardware?
Post by: Solid-Profession on August 23, 2020, 02:48:27 pm
While we are on the subject of Qotom - does anyone know if there is a 8-port ethernet version around? I have the 6-port version, and would not say no to a 8-port version....

Why don't you just VLAN it off?
Title: Re: What hardware?
Post by: lar.hed on August 23, 2020, 06:38:29 pm
Why don't you just VLAN it off?

Two reasons:
1) VLAN does not give you more physical ethernet ports
2) I am trying to reduce the power consumption here, and running a managed ethernet switch to get more ports does not seem to save power
Title: Re: What hardware?
Post by: Solid-Profession on August 23, 2020, 07:48:26 pm
Why don't you just VLAN it off?

Two reasons:
1) VLAN does not give you more physical ethernet ports
2) I am trying to reduce the power consumption here, and running a managed ethernet switch to get more ports does not seem to save power

Ahh. I've got mine already connected to a switch and that has PoE too.. I wouldn't be saving electricity that way myself. That makes sense
Title: Re: What hardware?
Post by: marjohn56 on August 23, 2020, 09:27:55 pm
Out of interest, how much power do they consume?


TDP is 15W according to the specs.
Title: Re: What hardware?
Post by: Solid-Profession on August 23, 2020, 09:37:37 pm
Out of interest, how much power do they consume?


TDP is 15W according to the specs.
Thanks. Was thinking more about the real world consumption but thanks anyway
Title: Re: What hardware?
Post by: marjohn56 on August 24, 2020, 09:38:10 am
Nothing on the spec sheet, but the PSU is a 60W block, runs cold.
Title: Re: What hardware?
Post by: Solid-Profession on August 24, 2020, 02:03:38 pm
Nothing on the spec sheet, but the PSU is a 60W block, runs cold.

Thanks. I guess I'd have to put a watt meter to it lol!
Title: Re: What hardware?
Post by: marjohn56 on August 24, 2020, 02:58:54 pm
I would, but the one I have is in the office and I've not been there since March!
Title: Re: What hardware?
Post by: marjohn56 on August 24, 2020, 03:02:17 pm
Nothing on the spec sheet, but the PSU is a 60W block, runs cold.

Thanks. I guess I'd have to put a watt meter to it lol!


Someone has done it, found this on Amazon:


"I have tested the unit on a power consumption meter and it idles at 14.8w and max 17.6w. This will save money in the long run instead of using an old PC for pfSense."


Of course, that doesn't tell us what was running at the time of the max reading, I suspect mine is somewhat higher under full load.
Title: Re: What hardware?
Post by: Solid-Profession on August 24, 2020, 04:04:58 pm
Nothing on the spec sheet, but the PSU is a 60W block, runs cold.

Thanks. I guess I'd have to put a watt meter to it lol!


Someone has done it, found this on Amazon:


"I have tested the unit on a power consumption meter and it idles at 14.8w and max 17.6w. This will save money in the long run instead of using an old PC for pfSense."


Of course, that doesn't tell us what was running at the time of the max reading, I suspect mine is somewhat higher under full load.

Thanks for that. The main reason for buying one of those is the leccy bill. That and it being smaller. This being said, now that I've had a look see, I may end up buying the fitlet2 because it's way smaller, about as powerful and you can power it by PoE which is pretty cool
Title: Re: What hardware?
Post by: qarkhs on August 24, 2020, 05:39:06 pm
And I am one of them... jumped ship before they could ban me!

I think we may have jumped at around the same time. I remember there was a huge long thread with lots of information on using Qotoms and they just deleted it all. I reckon they they did me a favor.
Title: Re: What hardware?
Post by: marjohn56 on August 24, 2020, 05:50:24 pm

Thanks for that. The main reason for buying one of those is the leccy bill. That and it being smaller. This being said, now that I've had a look see, I may end up buying the fitlet2 because it's way smaller, about as powerful and you can power it by PoE which is pretty cool


Completely different generation to the Qotoms' I have and gave the power specs on, so I would hope it is more efficient. ;)


Looks very nice too, but don't mention it on the pf***** forum!
Title: Re: What hardware?
Post by: marjohn56 on August 24, 2020, 05:56:32 pm
And I am one of them... jumped ship before they could ban me!

I think we may have jumped at around the same time. I remember there was a huge long thread with lots of information on using Qotoms and they just deleted it all. I reckon they they did me a favor.


Cannot remember when I jumped ship now, late 2017 I think...( checks his inbox )... nope, December 2016, tempus fugit!
Title: Re: What hardware?
Post by: qarkhs on August 24, 2020, 06:18:38 pm
Thanks. I guess the other issue is that it uses i211 Intel stuff, which means that if I want to move to Sophos, I'd have to buy new hardware?

There is some discussion of the Fitlet2 on the Sophos Community boards (I was originally going to run XG after I gave up on my original idea of using pfSense):
https://community.sophos.com/products/unified-threat-management/f/hardware-installation-up2date-licensing/109125/qotom-protectli-fw2b-appliance-fitlet2-j3455-purchased?pi2353=1 (https://community.sophos.com/products/unified-threat-management/f/hardware-installation-up2date-licensing/109125/qotom-protectli-fw2b-appliance-fitlet2-j3455-purchased?pi2353=1)

There is also a long discussion in this thread on the Finnish board I referenced before that discusses different devices and software configurations. At least one user had Sophos XG running on the Fitlet2:
https://bbs.io-tech.fi/threads/tee-se-itse-rautapalomuurit-pfsense-sophos-utm-mitae-kaeytaette-ja-miksi-juuri-se-vaihtoehto.14625/page-8#post-3615316 (https://bbs.io-tech.fi/threads/tee-se-itse-rautapalomuurit-pfsense-sophos-utm-mitae-kaeytaette-ja-miksi-juuri-se-vaihtoehto.14625/page-8#post-3615316)
https://bbs.io-tech.fi/threads/tee-se-itse-rautapalomuurit-pfsense-sophos-utm-mitae-kaeytaette-ja-miksi-juuri-se-vaihtoehto.14625/page-10#post-4370713 (https://bbs.io-tech.fi/threads/tee-se-itse-rautapalomuurit-pfsense-sophos-utm-mitae-kaeytaette-ja-miksi-juuri-se-vaihtoehto.14625/page-10#post-4370713)




Title: Re: What hardware?
Post by: qarkhs on August 24, 2020, 06:30:33 pm
Cannot remember when I jumped ship now, late 2017 I think...( checks his inbox )... nope, December 2016, tempus fugit!
I must have followed you later.  I remember finding your posts very useful and then they deleted them all.
Title: Re: What hardware?
Post by: Solid-Profession on August 24, 2020, 06:42:42 pm
And I am one of them... jumped ship before they could ban me!

I think we may have jumped at around the same time. I remember there was a huge long thread with lots of information on using Qotoms and they just deleted it all. I reckon they they did me a favor.
Even on reddit, on r/pfsense it's not great in terms of how their mods and "wannabe mods" operate
Title: Re: What hardware?
Post by: qarkhs on August 24, 2020, 06:55:07 pm
I don't know about the interfaces, given that I honestly want it to last. If I have 10Gb infrastructure in the future I'd want this firewall to handle that too. Ideally both WAN and LAN could be SFPs?

I have no idea. I imagine you'd need a much more powerful CPU to handle 10Gb. Some of the higher-end Qotom boxes might make more sense or wait for an appropriate Tensor-PC.
https://linuxgizmos.com/compulabs-embedded-tensor-pcs-take-modularity-to-the-extreme/ (https://linuxgizmos.com/compulabs-embedded-tensor-pcs-take-modularity-to-the-extreme/)

Title: Re: What hardware?
Post by: Solid-Profession on August 24, 2020, 08:11:02 pm
I don't know about the interfaces, given that I honestly want it to last. If I have 10Gb infrastructure in the future I'd want this firewall to handle that too. Ideally both WAN and LAN could be SFPs?

I have no idea. I imagine you'd need a much more powerful CPU to handle 10Gb. Some of the higher-end Qotom boxes might make more sense or wait for an appropriate Tensor-PC.
https://linuxgizmos.com/compulabs-embedded-tensor-pcs-take-modularity-to-the-extreme/ (https://linuxgizmos.com/compulabs-embedded-tensor-pcs-take-modularity-to-the-extreme/)

Thanks. I guess when the time comes, I could just export the config out and then re import it?
Title: Re: What hardware?
Post by: Solid-Profession on May 10, 2021, 10:01:47 am
I'm using the Qotom you mention. I like it alot, just remeber to move the jumper for boot on power (if you like, after power failure I like autorestart). Are there bettwr solutions? Maybe but so far I have seen none. And it is not using alot of power either, nor.does it get hot. As I wrote above, I like it alot, and it is perfect for me (that I am having config challenges has nothing to do with the hardware). From my perspective: go for it!

Thanks. Which one do you have? How exactly do you move the jumper? Do you unscrew it, move the little blue thing from one pin to another pin?

My Qotom box has arrived now. Could I ask where I should move the jumper to? Do you want photos?