I don't have experience with this particular model. These low-end mini pcs and their low end cpus aren't really meant for IDS/IPS, at least not if you need, want or are planning on getting speeds of 1Gbps or more.
The Protectli VP2420 does have 2.5GB ports and it comes with the Celeron J6412 (single thread rating 1371, multi thread rating 3831).
Just a base OPNsense install and then installing Suricata. Most users turn on Suricata on WAN, go bananas with enabling shit and then never look back. Suricata is not set it and forget it. The speed hit you get from Suricata will depend on what you enable and if you're actually monitoring it and make changes per your use case and what you are seeing. Regardless, Suricata will cap you at less than 1Gbps on this hardware. A quick search online shows benchmarks on this exact Protectli hardware ranging from 200Mbps - 800Mbps.
Just a base OPNsense install and then installing Zenarmor. Zenarmor will be a lower performance hit compared to Suricata. They are 2 different beasts after all. It's intended for LAN side. You should see somewhere between 1Gbps and 2Gbps.... maybe even port max. Zenarmor is not multi threaded yet, they keep pushing it back but claim it will be out this year (2025). Currently, regardless of hardware, Zenarmor caps out around 5Gbps.
I run OPNsense on much more powerful hardware then this (I have 10Gbps fiber internet at home). I do use Zenarmor Paid. I do have services running behind a reverse proxy. I do not use Suricata, it's too much work in a home environment and the performance hit even on high end hardware is too great for what you get in return. I'd argue with the advent of services like Crowdsec (which I do use on WAN and Proxy) and Maltrail (I dabble on Proxy), Suricata isn't worth it anywhere. Except maybe as a means to torture yourself.
The Protectli VP2420 does have 2.5GB ports and it comes with the Celeron J6412 (single thread rating 1371, multi thread rating 3831).
Just a base OPNsense install and then installing Suricata. Most users turn on Suricata on WAN, go bananas with enabling shit and then never look back. Suricata is not set it and forget it. The speed hit you get from Suricata will depend on what you enable and if you're actually monitoring it and make changes per your use case and what you are seeing. Regardless, Suricata will cap you at less than 1Gbps on this hardware. A quick search online shows benchmarks on this exact Protectli hardware ranging from 200Mbps - 800Mbps.
Just a base OPNsense install and then installing Zenarmor. Zenarmor will be a lower performance hit compared to Suricata. They are 2 different beasts after all. It's intended for LAN side. You should see somewhere between 1Gbps and 2Gbps.... maybe even port max. Zenarmor is not multi threaded yet, they keep pushing it back but claim it will be out this year (2025). Currently, regardless of hardware, Zenarmor caps out around 5Gbps.
I run OPNsense on much more powerful hardware then this (I have 10Gbps fiber internet at home). I do use Zenarmor Paid. I do have services running behind a reverse proxy. I do not use Suricata, it's too much work in a home environment and the performance hit even on high end hardware is too great for what you get in return. I'd argue with the advent of services like Crowdsec (which I do use on WAN and Proxy) and Maltrail (I dabble on Proxy), Suricata isn't worth it anywhere. Except maybe as a means to torture yourself.