quad interface fierwall PC with good bios security/update

[Patrick M. Hausen]

I have for many many years ran 100% asic based soho hardware for home fw.

What exactly? Most SOHO products ship a more or less current and more or less competently hacked together Linux system. E.g. Fritzbox, which are exceptionally good at updates at least.

[BrandyWine]

I have for many many years ran 100% asic based soho hardware for home fw.

What exactly? Most SOHO products ship a more or less current and more or less competently hacked together Linux system. E.g. Fritzbox, which are exceptionally good at updates at least.

SonicOS(sonicwall), ScreenOS(netscreen/juniper), FortiOS.


Today the common soho architecture is hybrid, all asic for data.plane, some nix version in mgmt.plane.

There's also FPGA based devices that can do security functions at specific hardware points in the system, de-centralizing sec functions. Silicom FPGA nics and such. I recall seeing this sec architecture model being touted by MIT many many years ago.

OPNsense is just a nix with some software packages installed.

[nero355]

This is something I might agree with you on totally, because : Who builds/maintains those CoreBoot/LibreBoot releases ?!

Coreboot for Protectli devices is outsourced to a well known and reputable open source firmware company 3mdeb. https://3mdeb.com/

- If it's the manufacturer and they have a dedicated team for it that does it for all their devices : OK, let's do it!

They have dedicated team(s) for this. And all their work is hosted on github. You can find it here https://github.com/protectli-root/protectli-firmware-updater

That's something to dig into then when considering one of their products. Thnx! :)

some random basement dwellers from XDA forums.

I'm not talking out of my ass nor im shilling for Protectli or any other brand. Stop playing detective.

By that logic, life is not worth living.

Your reply makes no sense.

Please stop embarrassing yourself. 

I... i just cant...

Exactly the kind of replies I was expecting after checking your posting history here... Too bad! :-/

Yes, I like to know who I am dealing with and if that makes me a detective : So be it! ;)

Talking about neutrality with TopTon signature.

I just happen to own one by chance...

Could have been this one too :

Our relative proximity to one or two Chinas makes CWWK boxes very popular.
Been there, done that, in fact finally have it on ebay at the moment.

Or any other brand since I don't mind ordering stuff via eBay/AliExpress/Banggood/etc. and finding gems like my good old ZUK Z2 Pro phone which was simply a bargain many years ago! :)

I have for many many years ran 100% asic based soho hardware for home fw.

What exactly? Most SOHO products ship a more or less current and more or less competently hacked together Linux system. E.g. Fritzbox, which are exceptionally good at updates at least.

For xDSL connections the products made by DrayTek are my absolute favorite! :)

It has been now 10 years later and my Vigor 2860 still got a firmware update! Impressive! :o

[Nullman]

That's something to dig into then when considering one of their products. Thnx! :)

You are welcome.

[passeri]

For xDSL connections the products made by DrayTek are my absolute favorite! :)

Yes, I had two (serially) for ADSL connections. They were very solid and by reputation very secure. Fibre and a wish to do some things entailing a Draytek business licence overrode.

I handed off the first to family and sold the second only last year for a better price than one usually expects for older networking gear.

[Greg_E]

Forti (shivers)...

[qarkhs]

Just pausing to mention existence of other places on the planet at which point simplicity is down the gurgler, decisions need to be made.

Yes, I started out with a Fitlet2 and then moved to a GigaIPC box. The latter company is the industrial PC division of Gigabyte. There are lots of options. There's also AAEON which is the industrial PC division of ASUS. AAEON also now owns Jetway, another IPC maker. There's also Lanner, which have at various times made boxes for certain firewall companies. They don't sell directly to consumers but you can get their stuff used, with their name or another name on the box. And, of course there's Supermicro.

[Greg_E]

There's not much Supermicro anymore, not in the low end stuff that makes a good firewall. Either that or I'm no longer finding this level of stuff.

[qarkhs]

There's not much Supermicro anymore

Supermicro make "Compact Edge System" with N97 cpus and 2x 2.5GbE. I see these selling for around $400 online but they may be using Realtek networking. The ones with 2x i226 are more like $530. Some of the GigaIPC boxes use 2x i225/i226 with N97 and are significantly cheaper.  AAEON and Jetway sell similar systems, some of which have more ports. Jetway is probably the cheapest--you can find their cheapest boxes for around $300. With all of these systems you usually need to add your own memory and drive. My experience of these type of systems is limited to a GigaIPC with 2x Intel 1GbE and a J6412 CPU. I bought it from a US reseller, although I think it shipped direct from Gigabyte USA, in November 2023 for $170. After adding memory and storage it was $250. It was cheap and it's been very reliable.

See: https://www.supermicro.com/en/products/edge/compact-edge-systems

[BrandyWine]

The N97 has those pros/cons. The cpu itself is better than N150, but the 97 chews up approx 2.5x more watts !
Those Supe-u items also come with heavy graphics, which wont be used for FW purposes.