Similar solution to pfSense Micro Firewall

[kapara]

I am looking to deploy a solution for a client in which they will include a OpnSense firewall at each location.  Within the next 2 years this will probably be more than 50 locations so it is critical that we standardize on a solution.  I am definitely interested in a purpose built solution like the Micro Firewall.  I am hoping to find something in a similar price range $149.00 and compact size that can fit the solution.  Each location will have between 100 to 10,000 devices sitting behind it.  Very little traffic.  IOT type devices.

I need a firewall that can sit behind an existing customers perimeter firewall but that the customer does not have to open special ports to allow us to VPN from behind the perimeter firewall.  External IP will not always be static.  I have looked at OpenVPN with pfSense but was recently banned from their forum so unable to look into that further.  pfSense has another interesting solution called TINC.  Open to suggestions.

[shezzski]

+1 for looking for a Micro Firewall solution (like Netgate SG1000).

When looking at the SG1000 its shares a similar CPU to the BeagleBone Black (TI AM335x).

So it depends on how professional the solution would to appear.  A BeagleBone Black with USB to Ethernet adapter may do the job, put it in a nice metal (19" or desktop).  From what I remember the AM335x has separate buses for the USB and the NIC so you are not stuck with a shared USB bus like Raspberry Pi........ Raspberry PI3 with USB to Ethernet, gives you 3x more cores and 2x more RAM, though I believe you might need to wait for FreeBSD support.

For your VPN, I personally love SoftEther (not included with OPNsense, but worth mentioning) because it can do standard TLS/SSL VPN or VPN over ICMP and DNS..... Though I just read today that someone installed ZeroTier on OPNsense, which is another option.  It really depends on your desired network design (L2 vs L3) and skillset.

[kapara]

Check this guy out!

I think it is sub $200 and is packed with capabilities! 

m.2 SSD
Capable of 8GB Ram
Serial
Fanless
Quad Core
AES-NI

https://www.supermicro.com/products/system/Mini-ITX/SYS-E100-9AP.cfm?parts=SHOW

[chemlud]

...not 100% sure I would go for Supermicro stuff

https://arstechnica.com/information-technology/2017/02/apple-axed-supermicro-servers-from-datacenters-because-of-bad-firmware-update/

[kapara]

If you read the article in full and the messages posted no evidence has been provided by apple.  Only unvaldiated statements.  I generally do not beleive everything I read and delve deeper before coming to conclusions.

I have 8 of the following deployed and never had one issue and they have been running for over a year now. 

https://www.supermicro.com/products/motherboard/atom/x10/a1sri-2758f.cfm

[shezzski]

sub $200?  Does this include RAM and M2 storage?

I feel that the E100-9AP, while great, is in a different league to the likes of a SG1000/BBB/RPI not only in size, but also power consumption.

If you are considering something that size, what about the PCEngines APU1/2?

[kapara]

Actually I am thinking about this as a replacement for the APU units I currently deploy.   I would be curious of a comparison between the two processors. From what I can tell the supermicro has a higher heat tolerance.