Cheap hardware recommendation for first time OPNsense / home firewall

[Mombro]

Hi all,

I am currently using tp link omada's router/firewall and am very unhappy with a few shortcomings of the system, eg almost zero reporting upon errors, slow interface, no dns (what the f?)... So I want to test a different system. I think opnsense would be quite suitable for me. I have some knowledge of networking and have worked in a, let's say, related field. I don't need fancy, hardware consuming things like proxy or deep packet inspection, and I only have 3 users apart from an extensive smart home. I have a fail over wan requirement as I'm on LTE (separate router) and FTTH because I need to reliantly be able to work from home. I also want the Web interface to run smoothly, so even if firewall-ing and routing would run smooth, that's also a requirement, if that makes sense or is relevant 😊

Now I'm looking for some cheap hardware that's not making my purse explode 😆 I thought a pi5 would be interesting, but seeing that arm support is limited, maybe some other SoC board? I would like to stay below 100€. If that's not possible, 200€ would be ok-ish. I see a lot of fancy hardware on amazon for 200-300€ with nvme and extensive ram that's larger than my gaming computer. I don't need virtual machines on that device or the like, so I pretty much think it's overkill to have that.

I'd be really grateful if I could get some a dvice from you folks who have much more knowledge of the system requirements than I do!

Thanks a lot in advance

Edit: maybe something like this? I BANANA PI R3 Banana Pi Router 3, 4x 2GHz, 2GB, 5x 1 Gbit, - - - https://www.reichelt.de/banana-pi-router-3-4x-2ghz-2gb-5x-1-gbit--banana-pi-r3-p347958.html

[sp33dy]

that´s a arm device, go for x86

have you searched, one of the most asked questions...

anyhow, any old pc with a extra nic(intel) will work
or aliexpress..there are boxes under 200$ that will work

[Patrick M. Hausen]

A Protectli FW2B with 4G of memory and a 32G or 64G SSD is 200-ish and probably as low as you can get if you want to buy new.

https://protectli.com/product/fw2b/

Used mini PCs from e.g. eBay are an alternative. Just make sure there's a PCIe slot for an additional network interface (or 2 interfaces on board to begin with) and the interfaces are Intel, not Realtek!

[Mombro]

A Protectli FW2B with 4G of memory and a 32G or 64G SSD is 200-ish and probably as low as you can get if you want to buy new.

https://protectli.com/product/fw2b/

Used mini PCs from e.g. eBay are an alternative. Just make sure there's a PCIe slot for an additional network interface (or 2 interfaces on board to begin with) and the interfaces are Intel, not Realtek!

The device with 4 ports (1 lan, 2 WAN) is at 280$ +60$ shipping to Germany :-( total price is 337$, about 300€. That's way too much for me :-( I can order the same device on Amazon Germany too, for 340€ :-D

[Mombro]

that´s a arm device, go for x86

have you searched, one of the most asked questions...

anyhow, any old pc with a extra nic(intel) will work
or aliexpress..there are boxes under 200$ that will work

I read the first few topics here, which were quite advanced, so I thought I'd ask a quick question. It seems I can't get much Lower than 200€...

Do you also think 4gb memory and 32-64 GB SSD is enough? I would search the Internet for such devices, then...

[Seimus]

If you want something usable that will perform and work ok, dont go for arm based SoCs for OPN. You need AMD or Intel with Intel NICs.

If you want to go for the cheap side search for used Protectli devices. In theory even if I usually say it passed it times you can go for APU devices if you dont want to implement a lot of features and VLANs and your Internet connection is MAX up to 300Mbit, however keep in mind they have they H/W limitation for today's period.

Or you can look up for devices based on J4k series Celeron CPUs, such as J4125 or J3060.

https://www.amazon.de/-/en/Firewall-Appliance-Compatible-Pfsense-OPNsense/dp/B09SG41H8D/ref=sr_1_5?crid=3GNLO52G5X5IR&keywords=j4125&qid=1704876461&sprefix=J4%2Caps%2C91&sr=8-5
https://www.amazon.de/-/en/Upgraded-Firewall-Appliance-Compatible-Pfsense/dp/B09P3RVDJ3/ref=sr_1_9?crid=3GNLO52G5X5IR&keywords=j4125&qid=1704876461&sprefix=J4%2Caps%2C91&sr=8-9

Regards,
S.

[passeri]

https://de.aliexpress.com/item/1005003378019857.html?spm=a2g0o.detail.0.0.7bedO2ykO2ykhZ&gps-id=pcDetailTopMoreOtherSeller&scm=1007.40050.354490.0&scm_id=1007.40050.354490.0&scm-url=1007.40050.354490.0&pvid=786af021-94f7-4eb0-ad31-0ecd96b78e6a&_t=gps-id:pcDetailTopMoreOtherSeller,scm-url:1007.40050.354490.0,pvid:786af021-94f7-4eb0-ad31-0ecd96b78e6a,tpp_buckets:668%232846%238109%231935&isseo=y&pdp_npi=4%40dis%21EUR%21124.48%2177.18%21%21%21132.93%2182.42%21%402103252b17048765265152644ea935%2112000028616925459%21rec%21DE%21%21AB&utparam-url=scene%3ApcDetailTopMoreOtherSeller%7Cquery_from%3A

From your description, 4GB/32GB will do. The one above is still under 100€ with 8/128

Don't ask me about the quality because I don't know.

Edit: get the J4125, not the N2830 default

[Patrick M. Hausen]

You don't need four ports. An unmanaged 5 port gigabit switch can be found for 20€ or less.

https://www.mediamarkt.de/de/product/_d-link-dgs-105gle-desktop-switch-5-2777423.html

[Mombro]

You don't need four ports. An unmanaged 5 port gigabit switch can be found for 20€ or less.

https://www.mediamarkt.de/de/product/_d-link-dgs-105gle-desktop-switch-5-2777423.html

How would I realise a fail over Internet connection with 2 WANs with a switch instead of two NICs? How would the firewall/router know how to connect to the Internet?

[Patrick M. Hausen]

Missed the LTE part, sorry. Then buying used is probably the only option to meet your price limit.

[Mombro]

Missed the LTE part, sorry. Then buying used is probably the only option to meet your price limit.

Hihi, ok, no problem! Thanks anyway!

I've ordered that aliexpress device for the 140$. Let's see what it does 🤣

[passeri]

For the Chinese passively cooled boxes, check on heat. Some of them are not properly thermally connected, chip to heatsink. This is usually rectifiable. Case temperatures of 30° up to 40°C are pretty normal -- it does have to dump the heat.

I have had good service from such devices though at higher price points. I am still going to cover myself by saying good luck though. ;D

[Patrick M. Hausen]

Consider putting one of these on top if heat is an issue:

https://www.amazon.de/dp/B08QYY87XW

Whisper quiet, well made, don't go wandering off by vibration due to the sturdy rubber feet.

[Mombro]

Interesting additional information. You guys are awesome! I've added one such fan to my amazon cart and will look for temp rise! I don't expect I can underclock the CPU? It's probably doing that on its own anyway these days?

[Seimus]

I would advice before you do anything start to do with the device to check the BIOS for P1 & P2 values, and set the accordingly to the CPU W values. I have N5105 and its P1 P2 were over the moon had to set them correctly, got much more better thermals.

Also in regards of Patrick's advice of the fan. I did yesterday Install a 140mm low profile FAN from Arctic (ARCTIC P14 SLIM PWM PST - basically put it on top of the chassis finstack). You see my FW is in a small rack, which doesn't have much clearance thus temperature in the rack tents to keep constantly high. The FAN decreased the Temps on the Device around 20C. See the picture.



Regards,
S.