PFsense hardware ?



  • I have 2 VM virtual PFsense (syncing to each other 1 master one slave) that i dislike in my new job.

    I like PFsense, I think it has ton of options and smart and very good open source project.

    I dislike the fact they are linked with our hypervisor, making troubleshooting longer and difficult.

    So I want to propose something tangible.

    But that thing installs only on AMD x64 and another project OPNsense has x86 option.

    So how can I make them physical using small device, sadly Pi is out of the question. What other option I have.



  • Where you based?
    I had it running on an old WatchGuard firewall so had use of all the NIC ports.



  • @Emad-R just the quckest link on amazon italy:
    Here



  • You have official pfsense appliances on netgate.com

    That is the easiest way to get it done. Prices from $175 or so per unit.



  • @Pete-S said in PFsense hardware ?:

    You have official pfsense appliances on netgate.com

    That is the easiest way to get it done. Prices from $175 or so per unit.

    We had customers with these. Recently replaced them with Ubiquiti gear. A bit cheaper here.



  • I'm using a wyse thin client for my home router.



  • @flaxking said in PFsense hardware ?:

    I'm using a wyse thin client for my home router.

    What did you load into it?



  • @scottalanmiller said in PFsense hardware ?:

    @flaxking said in PFsense hardware ?:

    I'm using a wyse thin client for my home router.

    What did you load into it?

    Currently PFSense, but will be switching to VyOS soon.



  • @flaxking said in PFsense hardware ?:

    @scottalanmiller said in PFsense hardware ?:

    @flaxking said in PFsense hardware ?:

    I'm using a wyse thin client for my home router.

    What did you load into it?

    Currently PFSense, but will be switching to VyOS soon.

    What proc family is in that? A small AMD64 device? Or is it like ARM or something?



  • MIPS maybe, haha.



  • @scottalanmiller said in PFsense hardware ?:

    @Pete-S said in PFsense hardware ?:

    You have official pfsense appliances on netgate.com

    That is the easiest way to get it done. Prices from $175 or so per unit.

    We had customers with these. Recently replaced them with Ubiquiti gear. A bit cheaper here.

    Seems like a bit of a downgrade but I guess it depends on what they wanted to use them for. I have no experience with netgates small appliances though.

    I prefer rackmount enterprise grade stuff so you get better power supplies, ECC memory, enterprise SSDs, RAID etc. Supermicro have some nice servers that fit in nicely in network racks and have the ports on the front. But these are more like $1000-$2000 firewalls so not the same thing.
    Supermicro front facing ports



  • @Pete-S said in PFsense hardware ?:

    @scottalanmiller said in PFsense hardware ?:

    @Pete-S said in PFsense hardware ?:

    You have official pfsense appliances on netgate.com

    That is the easiest way to get it done. Prices from $175 or so per unit.

    We had customers with these. Recently replaced them with Ubiquiti gear. A bit cheaper here.

    Seems like a bit of a downgrade but I guess it depends on what they wanted to use them for. I have no experience with netgates small appliances though.

    I prefer rackmount enterprise grade stuff so you get better power supplies, ECC memory, enterprise SSDs, RAID etc. Supermicro have some nice servers that fit in nicely in network racks and have the ports on the front. But these are more like $1000-$2000 firewalls so not the same thing.
    Supermicro front facing ports

    With Ubiquiti, we can have full cold spare (not affected by power spikes) devices sitting at the site when we need that, that cost hardly a thing. Or have then overnighted from any of a number of suppliers. In the SMB world, having nearly zero risk of downtime of any real duration, for almost no money, is basically unbeatable.

    And for most, spending $95 - $150 for a spare isn't worth it, it makes more sense to accept the risk and have one overnighted. Downtime just isn't that costly.

    Having zero downtime during a hardware event is awesome, but the cost to get to that is nearly 1,000% higher than just taking the small risk with the cheaper devices - and they provide some small protections (cold spares have some safeties) that the most expensive devices do not (we've had customers lose everything plugged in from a lightning strike.)



  • @scottalanmiller said in PFsense hardware ?:

    @flaxking said in PFsense hardware ?:

    @scottalanmiller said in PFsense hardware ?:

    @flaxking said in PFsense hardware ?:

    I'm using a wyse thin client for my home router.

    What did you load into it?

    Currently PFSense, but will be switching to VyOS soon.

    What proc family is in that? A small AMD64 device? Or is it like ARM or something?

    Yeah it's AMD64, something from AMD's Sempron line. The second NIC doesn't fit in the case, so I had to Frankenstein it a bit.



  • @scottalanmiller said in PFsense hardware ?:

    With Ubiquiti, we can have full cold spare (not affected by power spikes) devices sitting at the site when we need that, that cost hardly a thing. Or have then overnighted from any of a number of suppliers. In the SMB world, having nearly zero risk of downtime of any real duration, for almost no money, is basically unbeatable.

    And for most, spending $95 - $150 for a spare isn't worth it, it makes more sense to accept the risk and have one overnighted. Downtime just isn't that costly.

    Having zero downtime during a hardware event is awesome, but the cost to get to that is nearly 1,000% higher than just taking the small risk with the cheaper devices - and they provide some small protections (cold spares have some safeties) that the most expensive devices do not (we've had customers lose everything plugged in from a lightning strike.)

    Yes, it makes sense. Ubiquity and pfsense are not really the same thing though. Ubiquity is a router like any consumer Asus or whatever but with a much better OS. Pfsense is a freebsd computer with a web gui. They are good for slightly different things.

    BTW, how do you keep the cold spare synced with the one in use? Or you have them unconfigured?



  • @Pete-S said in PFsense hardware ?:

    @scottalanmiller said in PFsense hardware ?:

    With Ubiquiti, we can have full cold spare (not affected by power spikes) devices sitting at the site when we need that, that cost hardly a thing. Or have then overnighted from any of a number of suppliers. In the SMB world, having nearly zero risk of downtime of any real duration, for almost no money, is basically unbeatable.

    And for most, spending $95 - $150 for a spare isn't worth it, it makes more sense to accept the risk and have one overnighted. Downtime just isn't that costly.

    Having zero downtime during a hardware event is awesome, but the cost to get to that is nearly 1,000% higher than just taking the small risk with the cheaper devices - and they provide some small protections (cold spares have some safeties) that the most expensive devices do not (we've had customers lose everything plugged in from a lightning strike.)

    Yes, it makes sense. Ubiquity and pfsense are not really the same thing though. Ubiquity is a router like any consumer Asus or whatever but with a much better OS. Pfsense is a freebsd computer with a web gui. They are good for slightly different things.

    BTW, how do you keep the cold spare synced with the one in use? Or you have them unconfigured?

    It is a router. WTF are you needing to sync? You should not be needing to change it pretty much ever.



  • @Pete-S said in PFsense hardware ?:

    BTW, how do you keep the cold spare synced with the one in use? Or you have them unconfigured?

    You can do backup and restore very quickly. UNMS is awesome.



  • @JaredBusch said in PFsense hardware ?:

    @Pete-S said in PFsense hardware ?:

    @scottalanmiller said in PFsense hardware ?:

    With Ubiquiti, we can have full cold spare (not affected by power spikes) devices sitting at the site when we need that, that cost hardly a thing. Or have then overnighted from any of a number of suppliers. In the SMB world, having nearly zero risk of downtime of any real duration, for almost no money, is basically unbeatable.

    And for most, spending $95 - $150 for a spare isn't worth it, it makes more sense to accept the risk and have one overnighted. Downtime just isn't that costly.

    Having zero downtime during a hardware event is awesome, but the cost to get to that is nearly 1,000% higher than just taking the small risk with the cheaper devices - and they provide some small protections (cold spares have some safeties) that the most expensive devices do not (we've had customers lose everything plugged in from a lightning strike.)

    Yes, it makes sense. Ubiquity and pfsense are not really the same thing though. Ubiquity is a router like any consumer Asus or whatever but with a much better OS. Pfsense is a freebsd computer with a web gui. They are good for slightly different things.

    BTW, how do you keep the cold spare synced with the one in use? Or you have them unconfigured?

    It is a router. WTF are you needing to sync? You should not be needing to change it pretty much ever.

    Sometimes you have people doing constantly port forwarding changes and things like that. We've got customers who do that all of the time.



  • @Pete-S said in PFsense hardware ?:

    Yes, it makes sense. Ubiquity and pfsense are not really the same thing though. Ubiquity is a router like any consumer Asus or whatever but with a much better OS. Pfsense is a freebsd computer with a web gui. They are good for slightly different things.

    You could say the same thing about Cisco or whatever. All router hardware below five figures is kind of the same. Ubiquiti is definitely built better than any consumer gear I've seen, but the basics are the same. I've seen pfSense on the same kind of hardware.

    EdgeOS is Vyatta based, though. Purpose built to be a router. pfSense is putting a router on top of something desired for general use. I've never seen a pfSense setup that I'd consider ready for production use. Most I've seen are worse than consumer gear because it's either unsupported consumer gear rebranded, or just old PCs without maintenance.