What hardware?

[Solid-Profession]

Hi,

I've looked here:
https://forum.opnsense.org/index.php?topic=14360.0

But not sure if the Qotom-Q555G6-S05  is still a good shout?

I'm currently playing with a Fortinet 60e which is costing me the Earth, given I'm a home user, and I therefore require something that's fanless and low power.

I'd like to have a "sort of" UTM, where it has AES-NI enabled too, just in case I like the look of something else, so I don't have to buy twice

Currently on the Fortinet, with only me connected to it, apparently it's using 56% RAM with 86 sessions and 14.1% load on the SPU

The maximum amount of people connected to it would be maybe ten. 20 at a push. On the Fortinet I've VLANd off one of the interfaces and made that my interface for my downlink to my switch, and I've got a WAN interface out. It doesn't seem like there's a noticeable difference when adding the firewall. The speed of my broadband is 350Mb/s (down)

I also want to make sure that I don't use Intel 219 NICs because they're not supported with another vendor should I choose to reflash the firmware.

I live in the UK too, but I'm fine with purchasing something say from aliexpress, or Europe. Any help would be much appreciated!

[Patrick M. Hausen]

I buy my hardware from https://www.varia-store.com/ currently. I have two proposals:

1. "high end"

4 cores
4 G RAM
4 Intel network interfaces
128 G SSD

Select the PCengines APU4D4 with case, power supply (pick the PCengines one), and a Transcend 128 G SSD.
Add the APUFIX1A for your first build, only need this once.

About 300€.


2. "average"

4 cores
2 G RAM
2 Intel network interfaces
32 G SSD

Select the PCengins APU2E0 with case, power supply (pick the PCengines one), and a Transcend 32 G SSD.
Add the APUFIX1A for your first build, only need this once.

About 150€.

Both are great high quality long lasting devices.


3. "cheap"

To get to a two-figures amount I learned that the Rock Pi E was the hot stuff today, but I cannot recommend a supplier. System is about 50€ for 2 network interfaces, WiFi and 1 G of RAM, need to add a passive cooler, case, power supply and MMC storage - well below 100€.


4. "dirt cheap"

Sorry, switch to OpenWRT on a Raspberry Pi or similar ...

[Solid-Profession]

I buy my hardware from https://www.varia-store.com/ currently. I have two proposals:

1. "high end"

4 cores
4 G RAM
4 Intel network interfaces
128 G SSD

Select the PCengines APU4D4 with case, power supply (pick the PCengines one), and a Transcend 128 G SSD.
Add the APUFIX1A for your first build, only need this once.

About 300€.


2. "average"

4 cores
2 G RAM
2 Intel network interfaces
32 G SSD

Select the PCengins APU2E0 with case, power supply (pick the PCengines one), and a Transcend 32 G SSD.
Add the APUFIX1A for your first build, only need this once.

About 150€.

Both are great high quality long lasting devices.


3. "cheap"

To get to a two-figures amount I learned that the Rock Pi E was the hot stuff today, but I cannot recommend a supplier. System is about 50€ for 2 network interfaces, WiFi and 1 G of RAM, need to add a passive cooler, case, power supply and MMC storage - well below 100€.


4. "dirt cheap"

Sorry, switch to OpenWRT on a Raspberry Pi or similar ...

Terribly sorry but I wasn't alerted to this from emails. Only seen it as I logged in

What's best for me? I have maybe a maximum of 15 users, typically 5 users. I don't want to get something high end if I don't need it. I essentially want it to "act like" a UTM device but also be rather.. small. I don't care about HA too as it's in the home

The broadband connection is also 350Mb/s

[Patrick M. Hausen]

If your connection is between 100 M and 1 G/s the one I labelled "high end" will be just sufficient.
It's a small router like device with passive cooling, I like it very much.

But: it will not be able to run Sensei and other advanced IDS/IPS modules at your uplink speed. If you want to use that, someone else needs to step in with a proper sizing.

After all, 4 G memory is small today. I just provisioned two new hosting servers with 192 G each.

HTH,
Patrick

[chemlud]

...find a decent used Dell Optiplex SFF (small form factor, important!) and up to 2x2 Intel networking cards. About 200.- all in all if you look in the right places. Plenty of power and will run your stuff for years...

[Solid-Profession]

...find a decent used Dell Optiplex SFF (small form factor, important!) and up to 2x2 Intel networking cards. About 200.- all in all if you look in the right places. Plenty of power and will run your stuff for years...

Sorry but I'd rather keep things as small as possible. A Qotom box instead then?

[Solid-Profession]

If your connection is between 100 M and 1 G/s the one I labelled "high end" will be just sufficient.
It's a small router like device with passive cooling, I like it very much.

But: it will not be able to run Sensei and other advanced IDS/IPS modules at your uplink speed. If you want to use that, someone else needs to step in with a proper sizing.

After all, 4 G memory is small today. I just provisioned two new hosting servers with 192 G each.

HTH,
Patrick

Hi,

My uplink speed isn't as high as my download speed. Even with 512Mb/s the upload speed is just 36Mb/s. Would it still be an issue?

[Patrick M. Hausen]

The PCengines box will get you 512 Mbit/s throughput but not with additional services. Most people want IDS/IPS for ingress ;)

The Qotom boxes do look like a cheaper rip-off of the Protectli Devices to me. I have experience with neither, sorry.

[lar.hed]

I'm using the Qotom you mention. I like it alot, just remeber to move the jumper for boot on power (if you like, after power failure I like autorestart). Are there bettwr solutions? Maybe but so far I have seen none. And it is not using alot of power either, nor.does it get hot. As I wrote above, I like it alot, and it is perfect for me (that I am having config challenges has nothing to do with the hardware). From my perspective: go for it!

[Solid-Profession]

I'm using the Qotom you mention. I like it alot, just remeber to move the jumper for boot on power (if you like, after power failure I like autorestart). Are there bettwr solutions? Maybe but so far I have seen none. And it is not using alot of power either, nor.does it get hot. As I wrote above, I like it alot, and it is perfect for me (that I am having config challenges has nothing to do with the hardware). From my perspective: go for it!

Thanks. Which one do you have? How exactly do you move the jumper? Do you unscrew it, move the little blue thing from one pin to another pin?

[lar.hed]

I have:

Qotom-Q555G6-S05 Qotom Mini PC Intel Core i5 7200U Industrial Micro PC Barebone System Dual Core Desktop Small Computer with 6 Gigabit Ethernet NIC

to be exact.

The jumper that needs to be moved, if one need/wish autostart on power return, is just a small jumper (you lift it and move it one pin so to speak. There are a few YoutUbe videos on that, for example: https://www.youtube.com/watch?v=-2pZi3hf2f4

[Solid-Profession]

I have:

Qotom-Q555G6-S05 Qotom Mini PC Intel Core i5 7200U Industrial Micro PC Barebone System Dual Core Desktop Small Computer with 6 Gigabit Ethernet NIC

to be exact.

The jumper that needs to be moved, if one need/wish autostart on power return, is just a small jumper (you lift it and move it one pin so to speak. There are a few YoutUbe videos on that, for example: https://www.youtube.com/watch?v=-2pZi3hf2f4

Thanks. It's a but weird that you have to do that

[GrumpyOLTechie]

I've been running the "software-that-OpnSense-came-from-that-cannot-be-named-less-it-notice-us-and-be-summoned" for about 10 (?) years now on old PC's.

I came here to update myself on the state of OPNSense. I tried it when it was first released but Suricata was not working very well at all. I would like to try OPNSense but not at the expense of productivity for my work from home wife.

I started with an Old Dell XPS 630i Core2 DUO 4GB ram (non-AES capable) - retired -R.I.P - blown daughter board after 12 years of service as 1st my desktop, (free +$29.00 = ADATA 120 SSD  from this point as I would dispose of it or do the following) then to firewall, then to Linux Web Server.

Currently running Old Dell Inspiron i3 6GB Ram (non-AES capable) my father-in-law hand me down (free +$49.00 = Kingston 120 SSD)

Am planning on swapping out to an OLD Dell XPS 8700 Studio 16GB RAM (AES capable) as soon as I find the time (been waiting for 1yr now) (free +$49.00 = Kingston 120 SSD)  (another family member hand me down)

I guess what I am saying is it might be cheaper if you want to transfer an image of your existing firewall to a cheap'ish SSD and use an old PC.

I only pay for 150/15 Mbps so I am good. 20 odd devices in the house with 7 of them being desktops/laptops that are regularity used, the rest are a mix of WIFI routers (x2) and cell phones, hand held gaming consoles, Xbox etc....

No one ever complains about speed in my house unless the ISP is having issues or unless a piece of hardware has blown out - usually the crappy cable modems - is there such a thing as a non-crappy cable modem - you know, one that will last longer than 3 or 4 years?

Anyways, I realize there are many reason to NOT use an old PC but if you're not affected by any of those, I have found it to be pretty cheap while still getting a "corporate-like firewall.

With ALL the above systems I have never seen the "software-that-OpnSense-came-from-that-cannot-be-named-less-it-notice-us-and-be-summoned" use more than 40% RAM at it's busiest and normally runs at %20 or less. CPU has never gone over 5 or 6% that I've noticed.

Cheers.

[chemlud]

nobody has a problem with pfsense over here, only the other way around, you get banned in the forums for mentioning OPNsense. ;-) (or even for asking heretical questions)

I still have to use one install of this piece of software, as I want to use IPS on a PPPoE WAN interface. Not a problem, really.

Fully support your "old hardware rulez", but the young guys always have a look at the electricity bill. But on the other hand: what you spent for electricity you safe for the warming of the house in winter time :-D

[qarkhs]

nobody has a problem with pfsense over here, only the other way around, you get banned in the forums for mentioning OPNsense. ;-)

Qotom is also a non-topic there. There are not a few people here rather than there as a result of their behavior.

Worth checking out Fitlet2 with J3455 at https://fit-iot.com/web/products/fitlet2/fitlet2-specifications/.
Fanless and low power but not sure it meets all the requirements of OP. Same company has a new series of devices coming out called Tensor-PC. Details are a bit sketchy at the moment but looks interesting.