I ran pfSense on old hardware for years... But when I started to move to an "off grid" model at my home in the mountains I looked for low power consumption and reliability. I listened to Tom and bought a Netgate SG-4860. I've never regretted it. I had one problem with the first one and even though it was technically out of warranty, because it was a known issue at Netgate, they replaced it at no charge. That said, for the 9 days I was without my SG-4860 I had to fall back to a plastic box router... not the best scenario. The replacement has been trouble free for years now and I was able to pick up a backup off eBay that is the exact same model and features so I keep it updated and on a shelf - just in case. Couldn't be happier with Netgate products or support.
I also highly recommend the Jetway (a long standing legit company with offices in the US) N3160 box with 4 Intel Gbe ports. It’s rock solid, fanless, plenty fast, and only uses a couple of watts.
I bought a Netgate 6100 shortly after I started working from home during lock-down (I got the 6100 because I also wanted to experiment with 10G fibre). I'd previously had pfsense virtualised on a ESXi server along with my TrueNAS servers. Whilst that worked flawlessly, anytime I needed to shut down ESXi for whatever reason, I wouldn't have Internet access! The 6100 has been rock-solid.
Very well said. I've deployed a few Protecli devices with pFSense out in the field to customers, and have not had a failure yet. You make solid points for why Netgate appliances should be supported. I understand this wasn't meant to sway people one way or another, but good discussion.
oh gosh , same here, i'm wondering if the protectli should be replaced, what do you think? and if I replace it, what would you say would be a good unit to replace it? Small company w/5 to 10 users
I just set up pfsense at home on an old Sophos XG105 rev3 box that we had decommissioned. I did upgrade from 2 to 4 GB RAM and so far Im really happy with the performance. That said, if I were to ever deploy pfsense for a business, I would go with Netgate.
I used to run pfSense, for business use, on old hardware, but, for about 2 years I started to use SuperMicro SuperServer E300-9A-4C model for the main offices. Probably, in the future, I will use NetGate, due to all the great things they are doing. Thank you for your videos and opinions, Tom!
I've been running pfSense on Supermicro's 1U Atom based servers for years with great results. Started with d525 based systems, then moved to the c2000 and now the c3000 series. Work great and are solid enough for a production environment. I can also buy two of them and put them in fallover for what one Netgate appliance of the same capability would cost. I paid for pfSense Gold for years and also did their paid training when it was offered. I wish both of these things were still an option to support Netgate.
Been running pfsense on a HP SFF PC for over 6 years, works great and has never once crashed, trying to my company to add netgate appliances in our product stack we offer.
For my home, I use a pcEngine APU2. Performance wise, it ranks somewhere between the Netgate 2100 and 4100, but at a significant lower cost for me (I am located in Canada). The BIOS is open source and can be updated from pfSense (in CLI). Interestingly, the APU2/APU4 used to be sold by Netgate as an official supported appliance, before Netgate started developing their own.
I agree on that PC Engines is a good choise for home-use. I am on my second device, using them for the last 8 years. Stable, low cost, good documentation
Protectli also offers Coreboot as a firmware option for most of their devices, which is IMO a good reason to buy from them instead of sourcing the OEM hardware from Aliexpress or wherever. The big question about PC Engines is what happens once they can no longer source the AMD SoC they're using. According to what info I could find on the net, the last order date is 2023Q4, and last shipment date 2024Q2. Since the company refuses to use any newer x86 devices because of integrated security features that require closed firmware, I don't know if there's any future for them once they run out of stock. Maybe there's some ARM or RISC-V device that fills their requirements for open source?
Initially, I ran pfSense on a refurb HP compact desktop computer. When it died, a couple of years ago, I got a Qotom mini PC, with i5 CPU (including AES-NI) 4 1 Gb Ethernet ports, 4 GB RAM and 32 GB SSD. It runs very well. I agree, however, what's good for a home user might not be good for business use.
I've been using one or another of the inexpensive Aliexpress boxes for years now. They work just fine for my home needs. But for a commercial install I think you can make an excellent case to deploy a Netgate sourced and supported hardware
@@denniskluytmans Most likely one of the "Topton 2.5Gb Intel I226-V Router" Boxes with 4 / 6 ETH-Ports I'd assume. But be warned that the NIC I226-V is only supported by pfSense CE 2.7.0 and onwards or pfSense Plus 22.05 and onwards!
@@denniskluytmans mines too old for you to purchase the same....at least 2018 vintage specs: Celeron 3855U 6x Intel Ethernet Controller I211 gigE NICs 4GB RAM 32GB industrial m.2 chose this one for price, AES-NI and 6 NICs
Have about 70 SG1100s in the wild. Absolutely love them. They realistically pull about 500mbps throughput which is still way more then what most of our customers can get through local ISPs. A thought on the Qotom, we deployed a couple of these. They will not turn on after a power failure and need to be manually started. Occasionally get calls about them.
The power issue is annoying. I tried walking someone through the process of configuring the bios to auto boot over the phone, and he wasn't exactly thrilled about hooking up the router to a monitor and keyboard. Turns out the bios version was too old and didn't support it. When I told him his options were a bios upgrade or installing a jumper cable to the motherboard, he decided to buy a ups.
@@megamaser Weird. They must have had a regression in their BIOS. I have a Qotom Q330G4 I bought in 2020 and it reliably powers up after an outage. If I recall correctly I did have to go into the BIOS to set it to always on but it's hard to remember as that was quite a while ago.
I've had good luck running my own hardware. I started out with a HP thin client T-620, moved to a T-630, and currently on a Lenovo M720q tiny, 1L PC with an I3-8300T and 8gb of memory along with a 4 port Intel i-350 NIC. All have been rock solid, and pretty low power consuming devices.
@@theflyingjapman5771Yeah, it should be fine. Both the T620 and T630 worked well for me, especially if you just want to use the firewall and don't plan to install tons of add-on tools. I only ran OpenVPN on my setup and several firewall rules along with four separate networks and it was perfectly fine, pfsense picked up the internal network interface without issue. The T630 is a little more powerful than the T620, but I IIRC, uses about 50% more power, still not a lot but it does use more power than your router. I think the T620 was around 12w average load and the T630 was around 19w IIRC. These little machines are more powerful that most people realize. I ran Windows 10 and we browsers on the living room TV on the T620 before I turned it into the pfsense appliance. I wasn't lightning fast, but it was usable for basic web browsing.
My first pfSense usage was done on the Netgate 2440 and ran it that way for 4 years. Then I switched to a segmented network and then my design needed more ports and such. I bought a Qotom 6 NIC port brick for my new setup. It has been running great for 4 years now. This is a home setup and to buy an equivalent unit from Netgate was just not financially possible. I still have the SG-2440 unit and it still works. I use it for testing and is a well built unit.
A lot of people haven't had the experience of being on the pressure tip (lucky for them), or 'having got away with it' - once you've had that experience you will truly understand the value of absolute reliability and the peace of mind it gives you, and be able to face the 'what if' situations. With that said, I personally deployed an IPFire system with just off the shelf computer hardware - I know what brand of hardware I can trust and the system has been running for 2 years without a glitch. Although I have to say it comes with a price, many sleepless nights and tears....
running on a qotom box myself and had a broken gigabit port for awhile now, been watching for a 2.5gbe version to replace with. you are exactly correct, it is enough for my homelab/home entertainment needs. I have a few simple traffic rules for game servers etc and it does what I need.
Bought an HSIPC New J4125 Quad Core Firewall Micro Appliance in March 2022 triggered by your fine reporting on pfSense. Thanks for that! I replaced the pre-installed pfSense SSD with a new and bigger SSD (also better quality). Works great with pfSense 2.6.0-RELEASE (amd64). It's mainly for my home use. Serial console interface also works fine. Can recommend it.
@@keylanoslokj1806 A mini PC with 4 ethernet interfaces. I bought mine from Amazon Germany. However, it's a chinese product and devices like that should be also available in eastern Europe. Best of luck.
The Protectli or Qotom appliances are using consumer grade components, Celeron and Intel I-series CPUs as an example. The Netgate mid and high-end appliances are equipped with Atom C-Series and Xeon processor which are designed for the server market that are supposed to provide higher reliability and lifespan. Given all that, I think that Netgate appliances are the logical choice for any commercial or production scenario. The hard part is usually to convince the client that the extra few hundred dollars spent on the Netgate appliance will be a sound investment and avoid many other costs of maintenance, repair and remplacement down the line.
I’ve had great luck with Jetway fanless boards and prepackaged bare bones units. For example the Jetway HBJC430U941 is a tiny fanless Intel N3160 with 4 Intel Gbe ports. It only draws a few watts, no fan, nice aluminum heat sink enclosure, M.2 SSD slot, and is from a real company that’s been around a long time, has offices in the USA, and even a phone number you can call. Their products are not no-name sketchy scary Amazon Chinese junk like several of the products you mentioned. In many ways it rivals the $600+ Netgate products. I paid $279 for mine and it’s been flawless for 3+ years now.
Former Netgate SG-2220 user here. It failed about two years after deployment in a home power user environment. Board inspection didn't show anything unusual. Bought a FW2B (running pfSense 2.6, with Snort and pfBlocker) and it's been stable for over two years now. I did place a USB fan on top of it to get the temps down, hoping cooler temps will extend life. Recommendations back then steered me to Protectli which was around the time the SG-2100 came out. Will put Netgate hardware back in the mix if the FW2B gives out.
Perhaps your SG-2220 fell victim to the AVR54 bug that plagued the first batch of Atom 2000 series CPUs. I'm pretty sure that's what killed my RCC-VE 2440. Did it fail after a power outage or reboot?
Great vid. I really wanted to run pfSense but the boxes to run it on and the Netgate boxes are costly so I wound up buying a MikroTik router. This is for home use so it fine enough for what I do.
I have used a SG-2100 since it came out and am very pleased. Yes the Netgate hw is not cheap, but it is reliable. I have only had one problem… the last update (23.01) failed but Netgate was very quick to submit an image for me to manually load on the box. So now I can also have an opinion about their service, which is exelent. I will for sure buy another netgate, but understand the people that find it expensive.
I started with a Netgate SG3100 about 7 or so years ago. It ran out of steam when I upgraded to 1Gbit WAN at home. I bough an old Dell R210MkII and a 4-port Intel NIC and it's been bombproof. I do keep the SG3100 in the rack as a standby and have the ports of the two Pfsense boxes brought out to a patch so can quite quickly switch between should I need to witch to the Netgate. Not exactly hot-swap, but it will suffice. I also have a Chinese fanless box that runs Pfsense for demonstrations to clients / exhibition use and that has been fine. I have needed support from Netgate and have always been impressed. If I were to implement a mission critical system, it would be based on Netgear hardware.
I recently swapped a bunch of Tenda AP's around my house with ones from Mikrotik over similar concerns. There's still a few TP-Links I want to swap out eventually but I'm less worried about those.
We used quotom with opnsense in a few instances, all of them died. No ryhme or reason. For business we only recommend fortinet now. For personal we recommend negate.
I work from home 100% of the time. If I'm disconnected from the office for even 30 minutes that's a problem. Despite the price I would pick something that is known to be reliable.
Running Pfsense 2.7 Beta on a Hunsn RJ03 N5125 box since early Nov 2022 with no problems at all. I did add a 40mm internal fan to keep things cooler as it come fanless....................
I had just clicked on order for a 6100 right before this came out. I got nervous maybe I’d messed up. But even though I’m a “home” user, I do work form home 100% of the time, and just like the “always works” nature of the netgate devices. I have a 3100 now, but will be getting > 1GB internet, I almost went 4100 for the 2.5, but thought maybe, someday I’ll have even faster internet, and these things are not cheap! So buy once cry once, hopefully I get a good 5-10 years out of this one, and will leave my 3100 around as a backup device just in case. Thanks for the videos!
We actually just went with a Netgate 6100. Haven't installed it yet since we're waiting on a fiber install, but hoping it'll be a good workhorse for many years to come. Probably would have been fine with the 4100, but since we tend to run equipment for a long time once installed I figured I'd get the next model up to give us a little more room to grow in the future as well as perform great now. Once we get that up and running I'll need to deep dive your tailscale videos to get that integrated as well. Just installed a pair of Unifi AP6 Pros. Basically doing a full network overhaul this year. Only thing I've yet to decide on is new switches, and possibly a new network card for the on-premises server. I've been deep diving your videos which have helped a lot so far in deciding on a solid network backbone. Being a non-profit we don't get much budget to work with, so when I do get the approval to upgrade something I have to make sure it's something that can last a good while.
@@elliotzorn Any specific model? I've got a pair of 24 port old netgears which have done the job but sorely need to get replaced. I'm thinking something with a fiber port to match the Netgate 6100, I'm thinking of getting a fiber switch to help the traffic move between switches. One on one floor, one on the other so each floor gets a high speed backbone.
I purchased 2x Protectli Vault FW4B - 4 Port, Firewalls for my primary residence and a vacation home. I installed one in my primary residence 1st and it would reboot 2-3 times during operational hours. I configured the 2nd one, same mess. Returned to Amazon and purchased 1x Netgate 2100 for primary residence and 1x Netgate 1100 for vacation home. I couldn't be happier. Not a single issue.
Great video lad, do you know how to connect pf sense to a ubuntu server and route traffic through it for a game server ? Using wireguard or any alternative you think would be good. Thanks for the video .😃
As a home user running pfsense, I'm finding it really hard to see a reason to move away from a VM on an old SFF PC stuffed in the top of a cupboard. It runs cool and reliable, it's cheap, I can adjust the resources for optimal performance, and it's easily backed up. The only reason I would move to a dedicated hardware would be if it was smaller, ran cool, and was reliable. It sounds like the official lower end netgate boxes run hot, and the aliexpess black boxes don't last.
Thank you for the post and your insights. Your sharing the knowledge is much appreciated! We deploy our SaaS retail/pos/erp software for small businesses and looking at a network-in-a-box type of solution with bench tested devices so it can be supported quickly. We are in Canada and some our customers are in remooote locations!. We had instances where the DSL goes down in the dead of winter and only option is the LTE failover Would appreciate your input on a couple if use cases 1. Netgate vs Sophos? - know the answer- but a bit of insight would be great 2. Dual firewall deployment for fail over with LTE modem on each 3. Worst case scenario - an additional windows device with cellular LTE to get into the network when everything else fails (we do this currently)
I’ve been running pfsense on a R210 for a couple years but I’ve been considering getting something more efficient. But I really want to keep it rackmounted, rather than sitting on top of something, the shelf I have is already full of other devices and my rack doesn’t have much more room
Currently running pfSense on a Protectli FW6C from a few years ago. This is working great, but the 1 GbE speed is limiting within my home network. I am planning to upgrade to 10 GbE at the router, and it is hard to find a new box with the same port options without getting very close to the cost of the Netgate option. There is also the value in not having to put it together yourself. You do not get exactly the same processor, memory, and storage as you might want; but the solution will work or they will make it work.
I use also PCEngines APU 4D4 as hardware for pfSense and I have tens of boxes and no one of them broke, and previously I was using PCEngines ALIX and I still have some in production after more than 10 years. If the performance fit’s the purpose I recommend them as really reliable hardware.
We have a tax business and thus during tax season it needs to be working. I bought Netgate 2100's for both business and home. If the business one fails I have the home one to replace it with and be back up in 30 min. I have a Dell 7010 as a backup as well. I am so appreciative of Netgate to put up the best documentation you can get. Having not to pay for VPN is worth the price. (OK I run VPN of my Synology's) It is not about the cheapest way to go but the right way. I think that is missing today. Go to the people that provided you with pfSense without charge, and be loyal to them.
I have a qotom box here, same one you bought... I needed a "cheap box" to run on and didn't have a spare to run with. Its a j4125 proc, 8gb ram, and 400gb ssd. So far, can't really complain. Seeing low CPU usage, low temps, low ish ram usage (still under 20%). Intel i225 v3 nics. Seeing full available bandwidth through it, love having the 5 nics... next one will probably be netgate
Informative video, I switched last year from wireless ISP to gigabit fibre and am considering putting a pfsense appliance in place of the ISP supplied router so I can move my IOT devices etc. onto VLAN, implement a good firewall etc. With my wireless ISP I always used a dd-wrt router, with a couple of my older dd-wrt routers set up as access points and wireless bridge access points. I did not get as far as setting up vlans or subnets for guest networks, IOT devices etc. I'm a database guy though, not a network guy, so my knowledge of all things network is rudimentary. Is pfsense worth my while or can I accomplish the same thing with dd-wrt equipped routers?
I have deployed both Netgate and Protectli. I get the idea of supporting PFSense and I get desiring tech support with Netgate or Pfsense+. Where I am getting confused is where you are citing cheap AliExpress and Amazon brands like Qotom AND what seems to be a legitimately business focused brand like Protectli with a warranty and US-based operations and support. You all seem to be using them interchangeably and I am not sure if that is accidental or intensional let alone warranted.
@@therealb888 Brand PC from Fujitsu, Dell, Lenovo or HP with i5-4570 or newer. All these are good, cheap and the second hand market is flooded with them. Plenty of performance even for 3 x 1gbps multiwan with zenarmor for 1000+ devices.
Great technical insight from a person who is unbiasted honesty review and allowing someone like me making a entry level a generalised understanding, but does not have a everyday hands of use and real time / long term view of what works and what doesnt, espscially who hasnt got the biggest bank balance :( Would like the latest bells and whistles top end reviewed hardware being reviewed.. but in reality cant afford or scared that I will screw it up as a first step on the ladder approach / dip my toe in aproach rather than being overwhealmed with information overload / the "real life" or "my scenario" platform rather than just sighing and then giving up! Tech by "real tech people" explained in simplistic short bites and layman terms :) Great Stuff. Thank you and keep doing what you are doing !
As Tom says, if you a business, buy the right hardware, over here in the UK for home/lab/test if you want to use PFsense/OPNSense consider looking at used Sophos/Checkpoint/Fortinet hardware if you cant find Netgate Hardware, not a fan of the China clone mini PC's personally
I'd agree re Sophos XG hardware, I had a XG230 Rev 2 running really nicely, shouldn't have sold it tbh. However when I'm offer more than I paid for it and it's using more power than I'd like on a home connection it went. Based on the poor response from a UK Netgate partner, I've lost interest in dealing with them for home and for work potential.
Have never used Pfsense or Netgates as I have always stuck to the enterprise stuff like Sonicwall, FortiGate, etc. But, I’m going to try this for a client who cannot pay the higher prices. Seems like a decent option.
For a home lab, if you don't need more than a couple of network interfaces and don't want to spend a lot of money might I suggest a mini pc. Here's one that I bought but have not had a chance to load any software yet: MINISFORUM Mini PC AMD 7th Gen A4-9120 APU It comes with memory and storage and runs Windows 10 Pro so hopefully it should work. Based on "Explaining Computer's" recent review of a $100 mini pc, I also suggest that you load PFSense on a USB 3.0 flash drive. He seemed to get better writes and reads with the USB 3.0 drive when testing the various storage options.
I decided to setup my mini pc today with the latest version of PFSense. After setting up a very basic two NIC system, I ran IPerf from LAN to WAN and achieved 941 MB through put. CPU only registered about 17%-21% during the data transfer then it went back to 1% when complete. Win 10 Pro, 4 GB of RAM, and 64 GB eMMC. For $110 bucks and some change, not bad...
I have a third party unit as I am in the Philippines. I note that the black case with fins runs hot, car too hos, even thought the dashboad says 27.9C I don't believe that for a moment. I have a fan on order and will run it against the finds to see if I can cool the unit off a fair bit. My best guess is the failures are heat related.
Does it make any sense to use pfSense at home when the hardware costs mount so quickly compared to off the shelf routers? Still trying to get a handle on this.
Did you try new CMOS battery on those failed boards? 4-5 years is right about when we see those cr2032 batteries fail and have had devices stop booting because of bad batteries.
So many sites argue which network card is the one to get, with your experience which Intel network card would you recommend for a 2.5 g x 2 and a 1g x 2 card? Siding for the more budge conscience.
Awesome video. I need a hardware recommendations for a first time simple home setup in 2024 please. My main use case is to replace my ISP router+ home lab. I want to get in to pfsense but not 100% sure yet. I have a stressful IT job and sometimes by the time I get home I just want to relax. I would like something that can be setup in a set and forget manner but at the same time I can tinker around with it when I have time. Is pfsense the right product here? What would you recommend for a first timer please?
I prefer pfsense and if you get it on Netgate hardware you know it will work right form the start vs you may run into troubleshooting issues if you built it yourself.
A bit overkill, but I built an mATX router with an ASRock Rack Xeon D-1541 motherboard. Dual X540 10Gbit NIC's. Though my ISP doesn't offer 10Gbit service, they use the 10Gbit port on their L2 device for 2.5 Gbps fiber service. I'd good for years to come.
An an FOSS developer, I also wanted to buy Netgate. But in EU it's as you said either very hard or very expensive... Same with Qotom, hard to find. I had little choice to go to a Protectli box. So far so good, but I don't like that and wished Netgate had a better story for EU. (It's a similar story for Supermicro btw)
For some reason, a Netgate I have deployed, loses it's WAN connection when the ISP changes the IP address. The WAN port won't grab the new IP. So you have to manually renew the IP. Very frustrating.
Thank you for the link to the Qotom! Finding a budget friendly router that has 2.5G ports to go with my 2.5G Fiber to the home has been difficult. Now I just need to decide on a new WAP. =)
I just received my Qotom Router Q750G5 and have pfSense loaded on it. I noticed that when a power failure happens the unit does not power back on automatically. I was wondering if you knew how to get the system to boot up when power is restored?
Tom> You mentioned that you keep spare Netgate boxes on-hand as a just-in-case. Is Lawrence Systems a Netgate partner? Because last I knew, Netgate’s warranty applied only to the original purchaser. How are you handling this?
hi, perfect video. i use like intel nuc with 2 network cards. All other is based on VLAN. Have first Sophos UTM then Sophos XG. Then PFSENSE and at the Moment OPNSENSE works fine.
I don't know. I used an Asus B550 Tuf Matx motherboard with a Realtek 2.5GBE Nic (Ryzen 7 5700G CPU). I then used a DELL Broadcom BCM57810S 10GB Dual Port SFP+ PCI-E Adapter and an Intel X550 T2 Dual 10GBE Nic in the available PCIe slots. All I had to do was read the forums to get the driver packages that worked best with pfsense 2.6.0 (still running it) for the Realtek and the Broadcom chips and I installed those packages. Voila, every card works perfectly. So while the Intel adapters tend to work right out of the box, the others can be made to work if you're willing to learn a little FreeBSD.
If I decide to install pfsense on type 2 vm like virtual box on my pc (with single Ethernet port) instead of protectli. Can I still achieve the same results? Or what would be the differences from a dedicated hardware VS a vm on a px
Well said. I've never used any of those chassis but they are very interesting specially for low power use. I may get one for my internal isolated network. It's been Supermicro Embedded for me all the way. Started from early Atoms and now Xeon based for muti-gig WAN. Never encountered a single h/w failure with over a decade of use. I think Netgate uses similar/same branded motherboards.
Off topic I think but,,,,,, you mention you have manyPfSense boxes deployed…. How are theyall managed? Is there a cloud based central site? Do you remote into each individually if needed? Most of mine have dynamic public IP’s so I rely on a pc in the local net to access which is really not good. Can you talk about remote mgt?
I was about to splurge on a Protectli FW6D but now I am skeptical considering the hardware failures people are talking about. I currently have a Netgate 2100 but want more power and physically isolated network ports (rather than their switch based configuration). The next one up is the 4100 but these have the same number of ports as the 2100 (same with the 6100).
That Twitter thread is pretty meaningless. For all we know there are 100 satisfied Protectli users for every one that complained. People with problems are a much more vocal lot than those without. Not saying there's nothing there, just that it's hardly scientific. On the flip side, on this page here I'm seeing a lot of people saying they've good results with their Protecli's. Without hard data, who can tell either way? :)
@@bmbiz "People with problems are a much more vocal lot than those without" Totally agree. And not specifically with pfSense boxes but with any product.
I have deployed over a dozen Protectli firewalls over the years and only had one that gave me any problems and they replaced it even though it was out of warranty! They are a great U.S. company with tech support you can easily reach with a simple phone call!
I'd like to get started with pfSense and was wondering what reasonably priced dedicated (Netgate?) hardware would be a good match for a cable modem system at home with a few users and a small business. Current cable modems have 2.5 Gbit Ethernet interfaces and the download speeds are approaching or slightly exceeding 1 Gigabit at this time. Or there is AT&T fiber at 1 Gbit nearby as well. It would seem that the lower end boxes might bog down the network, but what is the practical balance here? Network speeds creep up so over the life of the box it might see more bandwidth, or become a bigger bottleneck if not appropriately chosen. Thanks in advance for any comments or suggestions.
What's Broadcom support, is that "meh" too? I've got Intel on my Pondesk unit and Broadcom on my R220. I'd be interested in Negate hardware if the UK partner responded, so given up there tbh. I'm on my second Pondesk unit within 3 years. First network card port died, they replaced it, but still a failure. What about Dell PowerEdge or HPE ProLiant hardware for bigger installs? Look forward to the additional content as ever.
I live in Brazil and the prices here aren't just "substantially higher".. they're *ridiculous* . I'm talking full gaming PC pricing. it's just not an option for any home user that's not making more than 10x the minimum wage. even these "cheaper" alternatives still end up being quite expensive (just not as much) after all the import taxes and what not. I've been trying to build an efficient pfSense box for years now but I just can't find affordable enough hardware to justify it. and forget using old hardware because the power bill here can also get pretty expensive if the hardware isn't efficient.
This will be great for my home security which has been penetrated by virus called back orifice. I suspect it was from my neighbor who is a retired network engineer so I still need a way to protect Bluetooth devices since he lives in range
Tried but there was no stock of Netgear in my country but Amazon had a Protectli on next day. Route at Gigabit shouldn’t be confused with firewall’ing and features at Gigabit.
I have been using for home networking a device virtually identical to the one in the video (except for the motherboard whose brand is not easy to figure out, but same CPU and same NICs) for two years and everything works perfectly at gigabit bandwidth with 5 vLan and quite a lot of stuff going on. Fingers crossed.
repurposing those supposedly free hardware from Sophos is also a good option. we actually received those hardware for free several times already hoping the company use them but we just didnt bother and one day we actually just used it as a spare hardware just in case shit happens so I plop out the SATA DOM and inside the unit and install a serial console install of pfsense, and whoala works great.
Hi Lawrence , I have the Qotom router , should I install pfsense directly on the hardware or first put proxmox on it and than install pfsense as VM on it ?
I have one of these Chinese boxes.. Cooling is a big problem.. If CPU goes over 20%, temperature goes over 70% and it will get higher up till 90... Blowing a simple fan over it will solve the problem but they definitely need some cooling attention...
@@LAWRENCESYSTEMS i am trying to setup something simple yet strong enough i can be secure. Basically i got 400mbs fiber with the isp modem and was thinking of putting a negate box after the modem and possibly a switch before adding something as for wireless net with the ability to separate my private network from my IoT stuff in my Home. I have always had a modem wireless router combo and haven't really dealt with anything like unifi. I tried watching one of your more recent videos in regards to unifi and pfsense but halfway through my head was swimming. I also use quad 9 for my dns resolver so whatever I end up with has to play nice with that fact. If this is asking to much let me know.
A good nic matters so much more than the CPU or memory or any other hw component. A good intel nic will do most of the processing directly on the network chip
This was great for keeping clients off of cheap garbage. I do have to voice that all of Negates hardware has an astonishing lack of ports and expandability that often turns me off of them for anything except straight office networks and home networks. Anything with high level of redundancy needs I have to use custom servers and that makes me sad when they could produce one top of the line ststem with 5-6 expansion slots and really open up some high end market space.
Fiber Optic ports or SFP port on any of these mini pc's or have the builders forgotten to do this knowing that internet speed are moving away from slow speeds anyone got any suggestions on this for builds you can make yourself ? or will you be making a diy video on this ?
I ran pfSense on old hardware for years... But when I started to move to an "off grid" model at my home in the mountains I looked for low power consumption and reliability. I listened to Tom and bought a Netgate SG-4860. I've never regretted it. I had one problem with the first one and even though it was technically out of warranty, because it was a known issue at Netgate, they replaced it at no charge. That said, for the 9 days I was without my SG-4860 I had to fall back to a plastic box router... not the best scenario. The replacement has been trouble free for years now and I was able to pick up a backup off eBay that is the exact same model and features so I keep it updated and on a shelf - just in case. Couldn't be happier with Netgate products or support.
I also highly recommend the Jetway (a long standing legit company with offices in the US) N3160 box with 4 Intel Gbe ports. It’s rock solid, fanless, plenty fast, and only uses a couple of watts.
I’d support Netgate if their devices were even close to reasonably priced. I’m in Australia and paying 1k for 4100 BASE is way too much.
I bought a Netgate 6100 shortly after I started working from home during lock-down (I got the 6100 because I also wanted to experiment with 10G fibre). I'd previously had pfsense virtualised on a ESXi server along with my TrueNAS servers. Whilst that worked flawlessly, anytime I needed to shut down ESXi for whatever reason, I wouldn't have Internet access! The 6100 has been rock-solid.
I’m eyeing on that too. I now have 5gb and 2gb multi ISP on my house
REALLY appreciate you keeping these PF videos updated and relevant
Very well said. I've deployed a few Protecli devices with pFSense out in the field to customers, and have not had a failure yet. You make solid points for why Netgate appliances should be supported. I understand this wasn't meant to sway people one way or another, but good discussion.
What is good Protectli for a small home office with Fiber internet? I’m looking at buying one but not sure if I need one with a powerful processor.
@@IndianaDiy Protectli VP2420
@@michaeldoll Thanks, I was also looking at the VP2410 after reading your reply.
oh gosh , same here, i'm wondering if the protectli should be replaced, what do you think? and if I replace it, what would you say would be a good unit to replace it? Small company w/5 to 10 users
I just set up pfsense at home on an old Sophos XG105 rev3 box that we had decommissioned. I did upgrade from 2 to 4 GB RAM and so far Im really happy with the performance. That said, if I were to ever deploy pfsense for a business, I would go with Netgate.
I used to run pfSense, for business use, on old hardware, but, for about 2 years I started to use SuperMicro SuperServer E300-9A-4C model for the main offices. Probably, in the future, I will use NetGate, due to all the great things they are doing. Thank you for your videos and opinions, Tom!
😂
I've been running pfSense on Supermicro's 1U Atom based servers for years with great results. Started with d525 based systems, then moved to the c2000 and now the c3000 series. Work great and are solid enough for a production environment. I can also buy two of them and put them in fallover for what one Netgate appliance of the same capability would cost. I paid for pfSense Gold for years and also did their paid training when it was offered. I wish both of these things were still an option to support Netgate.
Manual was another way I supported them.
Been running pfsense on a HP SFF PC for over 6 years, works great and has never once crashed, trying to my company to add netgate appliances in our product stack we offer.
For my home, I use a pcEngine APU2. Performance wise, it ranks somewhere between the Netgate 2100 and 4100, but at a significant lower cost for me (I am located in Canada). The BIOS is open source and can be updated from pfSense (in CLI). Interestingly, the APU2/APU4 used to be sold by Netgate as an official supported appliance, before Netgate started developing their own.
I agree on that PC Engines is a good choise for home-use. I am on my second device, using them for the last 8 years. Stable, low cost, good documentation
Bios is overlooked especially since its a security device but yet all of these unverified motherboards we have no issue with.
Protectli also offers Coreboot as a firmware option for most of their devices, which is IMO a good reason to buy from them instead of sourcing the OEM hardware from Aliexpress or wherever.
The big question about PC Engines is what happens once they can no longer source the AMD SoC they're using. According to what info I could find on the net, the last order date is 2023Q4, and last shipment date 2024Q2. Since the company refuses to use any newer x86 devices because of integrated security features that require closed firmware, I don't know if there's any future for them once they run out of stock. Maybe there's some ARM or RISC-V device that fills their requirements for open source?
Initially, I ran pfSense on a refurb HP compact desktop computer. When it died, a couple of years ago, I got a Qotom mini PC, with i5 CPU (including AES-NI) 4 1 Gb Ethernet ports, 4 GB RAM and 32 GB SSD. It runs very well. I agree, however, what's good for a home user might not be good for business use.
I've been using one or another of the inexpensive Aliexpress boxes for years now. They work just fine for my home needs. But for a commercial install I think you can make an excellent case to deploy a Netgate sourced and supported hardware
Care to share which on you got bro? I am searching one which is 1Gb/s compatible and not breaks the bank
@@denniskluytmans Most likely one of the "Topton 2.5Gb Intel I226-V Router" Boxes with 4 / 6 ETH-Ports I'd assume. But be warned that the NIC I226-V is only supported by pfSense CE 2.7.0 and onwards or pfSense Plus 22.05 and onwards!
@@denniskluytmans mines too old for you to purchase the same....at least 2018 vintage
specs: Celeron 3855U
6x Intel Ethernet Controller I211 gigE NICs
4GB RAM
32GB industrial m.2
chose this one for price, AES-NI and 6 NICs
Have about 70 SG1100s in the wild. Absolutely love them. They realistically pull about 500mbps throughput which is still way more then what most of our customers can get through local ISPs.
A thought on the Qotom, we deployed a couple of these. They will not turn on after a power failure and need to be manually started. Occasionally get calls about them.
The power issue is annoying. I tried walking someone through the process of configuring the bios to auto boot over the phone, and he wasn't exactly thrilled about hooking up the router to a monitor and keyboard. Turns out the bios version was too old and didn't support it. When I told him his options were a bios upgrade or installing a jumper cable to the motherboard, he decided to buy a ups.
@@megamaser Weird. They must have had a regression in their BIOS. I have a Qotom Q330G4 I bought in 2020 and it reliably powers up after an outage. If I recall correctly I did have to go into the BIOS to set it to always on but it's hard to remember as that was quite a while ago.
I've had good luck running my own hardware. I started out with a HP thin client T-620, moved to a T-630, and currently on a Lenovo M720q tiny, 1L PC with an I3-8300T and 8gb of memory along with a 4 port Intel i-350 NIC. All have been rock solid, and pretty low power consuming devices.
I currently have a T630 as a learning device for me. Will it be noob friendly to setup pfsense and hopefully replace my ISP router.?
@@theflyingjapman5771Yeah, it should be fine. Both the T620 and T630 worked well for me, especially if you just want to use the firewall and don't plan to install tons of add-on tools. I only ran OpenVPN on my setup and several firewall rules along with four separate networks and it was perfectly fine, pfsense picked up the internal network interface without issue.
The T630 is a little more powerful than the T620, but I IIRC, uses about 50% more power, still not a lot but it does use more power than your router. I think the T620 was around 12w average load and the T630 was around 19w IIRC.
These little machines are more powerful that most people realize. I ran Windows 10 and we browsers on the living room TV on the T620 before I turned it into the pfsense appliance. I wasn't lightning fast, but it was usable for basic web browsing.
I've had pfsense running at 100+ locations using PCengines hardware over the last 10-15 years - very reliable, but good to see what is out there
My first pfSense usage was done on the Netgate 2440 and ran it that way for 4 years. Then I switched to a segmented network and then my design needed more ports and such. I bought a Qotom 6 NIC port brick for my new setup. It has been running great for 4 years now. This is a home setup and to buy an equivalent unit from Netgate was just not financially possible. I still have the SG-2440 unit and it still works. I use it for testing and is a well built unit.
The SG-2440 is a great little appliance. I still have one as a backup and it chugs along when I go to use it.
A lot of people haven't had the experience of being on the pressure tip (lucky for them), or 'having got away with it' - once you've had that experience you will truly understand the value of absolute reliability and the peace of mind it gives you, and be able to face the 'what if' situations.
With that said, I personally deployed an IPFire system with just off the shelf computer hardware - I know what brand of hardware I can trust and the system has been running for 2 years without a glitch. Although I have to say it comes with a price, many sleepless nights and tears....
running on a qotom box myself and had a broken gigabit port for awhile now, been watching for a 2.5gbe version to replace with. you are exactly correct, it is enough for my homelab/home entertainment needs. I have a few simple traffic rules for game servers etc and it does what I need.
Another great video Tom! I'm glad to see other channels covering this topic. Keep up the great work!
Bought an HSIPC New J4125 Quad Core Firewall Micro Appliance in March 2022 triggered by your fine reporting on pfSense. Thanks for that!
I replaced the pre-installed pfSense SSD with a new and bigger SSD (also better quality). Works great with pfSense 2.6.0-RELEASE (amd64).
It's mainly for my home use. Serial console interface also works fine. Can recommend it.
So is that like a mini computer acting as a firewall? Can we find it on Amazon for those that live in eastern Europe?
@@keylanoslokj1806 A mini PC with 4 ethernet interfaces. I bought mine from Amazon Germany. However, it's a chinese product and devices like that should be also available in eastern Europe. Best of luck.
The Protectli or Qotom appliances are using consumer grade components, Celeron and Intel I-series CPUs as an example. The Netgate mid and high-end appliances are equipped with Atom C-Series and Xeon processor which are designed for the server market that are supposed to provide higher reliability and lifespan. Given all that, I think that Netgate appliances are the logical choice for any commercial or production scenario.
The hard part is usually to convince the client that the extra few hundred dollars spent on the Netgate appliance will be a sound investment and avoid many other costs of maintenance, repair and remplacement down the line.
I’ve had great luck with Jetway fanless boards and prepackaged bare bones units. For example the Jetway HBJC430U941 is a tiny fanless Intel N3160 with 4 Intel Gbe ports. It only draws a few watts, no fan, nice aluminum heat sink enclosure, M.2 SSD slot, and is from a real company that’s been around a long time, has offices in the USA, and even a phone number you can call. Their products are not no-name sketchy scary Amazon Chinese junk like several of the products you mentioned. In many ways it rivals the $600+ Netgate products. I paid $279 for mine and it’s been flawless for 3+ years now.
Thin MiniITX Intel motherboard from 2012, i5-3470T, 8GB DDR3 and an Intel i340-T4. Quiet, efficient and cheap. Running 24/7 since 2018. Love PFSense.
Former Netgate SG-2220 user here. It failed about two years after deployment in a home power user environment. Board inspection didn't show anything unusual. Bought a FW2B (running pfSense 2.6, with Snort and pfBlocker) and it's been stable for over two years now. I did place a USB fan on top of it to get the temps down, hoping cooler temps will extend life. Recommendations back then steered me to Protectli which was around the time the SG-2100 came out. Will put Netgate hardware back in the mix if the FW2B gives out.
Perhaps your SG-2220 fell victim to the AVR54 bug that plagued the first batch of Atom 2000 series CPUs. I'm pretty sure that's what killed my RCC-VE 2440. Did it fail after a power outage or reboot?
Great vid.
I really wanted to run pfSense but the boxes to run it on and the Netgate boxes are costly so I wound up buying a MikroTik router. This is for home use so it fine enough for what I do.
I have used a SG-2100 since it came out and am very pleased. Yes the Netgate hw is not cheap, but it is reliable.
I have only had one problem… the last update (23.01) failed but Netgate was very quick to submit an image for me to manually load on the box. So now I can also have an opinion about their service, which is exelent.
I will for sure buy another netgate, but understand the people that find it expensive.
I started with a Netgate SG3100 about 7 or so years ago. It ran out of steam when I upgraded to 1Gbit WAN at home. I bough an old Dell R210MkII and a 4-port Intel NIC and it's been bombproof. I do keep the SG3100 in the rack as a standby and have the ports of the two Pfsense boxes brought out to a patch so can quite quickly switch between should I need to witch to the Netgate. Not exactly hot-swap, but it will suffice. I also have a Chinese fanless box that runs Pfsense for demonstrations to clients / exhibition use and that has been fine.
I have needed support from Netgate and have always been impressed. If I were to implement a mission critical system, it would be based on Netgear hardware.
I wouldn't trust a random Chinese device, especially for a firewall. Am I too paranoid?
Considering their activity in recent years, nope. I don't buy Chinese, period.
yeah I'm not trusting them either
No
I recently swapped a bunch of Tenda AP's around my house with ones from Mikrotik over similar concerns. There's still a few TP-Links I want to swap out eventually but I'm less worried about those.
We used quotom with opnsense in a few instances, all of them died. No ryhme or reason. For business we only recommend fortinet now. For personal we recommend negate.
I work from home 100% of the time. If I'm disconnected from the office for even 30 minutes that's a problem. Despite the price I would pick something that is known to be reliable.
I'm glad to see the pfsense/Netgate team being profitable but for home usage, the Netgate line is above my price-point for tinkering.
Netgear, huh? /s
Netgate, not Netgear.
@@williamp6800 TY. Typo fixed.
Running Pfsense 2.7 Beta on a Hunsn RJ03 N5125 box since early Nov 2022 with no problems at all. I did add a 40mm internal fan to keep things cooler as it come fanless....................
I had just clicked on order for a 6100 right before this came out. I got nervous maybe I’d messed up. But even though I’m a “home” user, I do work form home 100% of the time, and just like the “always works” nature of the netgate devices. I have a 3100 now, but will be getting > 1GB internet, I almost went 4100 for the 2.5, but thought maybe, someday I’ll have even faster internet, and these things are not cheap! So buy once cry once, hopefully I get a good 5-10 years out of this one, and will leave my 3100 around as a backup device just in case. Thanks for the videos!
We actually just went with a Netgate 6100. Haven't installed it yet since we're waiting on a fiber install, but hoping it'll be a good workhorse for many years to come. Probably would have been fine with the 4100, but since we tend to run equipment for a long time once installed I figured I'd get the next model up to give us a little more room to grow in the future as well as perform great now. Once we get that up and running I'll need to deep dive your tailscale videos to get that integrated as well. Just installed a pair of Unifi AP6 Pros. Basically doing a full network overhaul this year.
Only thing I've yet to decide on is new switches, and possibly a new network card for the on-premises server. I've been deep diving your videos which have helped a lot so far in deciding on a solid network backbone. Being a non-profit we don't get much budget to work with, so when I do get the approval to upgrade something I have to make sure it's something that can last a good while.
Highly recommend the unifi switches, best bang for your buck and you can actually buy them today!
@@elliotzorn Any specific model? I've got a pair of 24 port old netgears which have done the job but sorely need to get replaced. I'm thinking something with a fiber port to match the Netgate 6100, I'm thinking of getting a fiber switch to help the traffic move between switches. One on one floor, one on the other so each floor gets a high speed backbone.
The great thing about those Protectli's is that when they die you can just pop the SSD into a working model and be good to go again easily.
I purchased 2x Protectli Vault FW4B - 4 Port, Firewalls for my primary residence and a vacation home.
I installed one in my primary residence 1st and it would reboot 2-3 times during operational hours.
I configured the 2nd one, same mess.
Returned to Amazon and purchased 1x Netgate 2100 for primary residence and 1x Netgate 1100 for vacation home.
I couldn't be happier.
Not a single issue.
I'm still running pfSense on an old Check Point T180 firewall. It's big and clunky but works just fine! 👍
Great video lad, do you know how to connect pf sense to a ubuntu server and route traffic through it for a game server ? Using wireguard or any alternative you think would be good. Thanks for the video .😃
As a home user running pfsense, I'm finding it really hard to see a reason to move away from a VM on an old SFF PC stuffed in the top of a cupboard. It runs cool and reliable, it's cheap, I can adjust the resources for optimal performance, and it's easily backed up. The only reason I would move to a dedicated hardware would be if it was smaller, ran cool, and was reliable. It sounds like the official lower end netgate boxes run hot, and the aliexpess black boxes don't last.
Thank you for the post and your insights. Your sharing the knowledge is much appreciated!
We deploy our SaaS retail/pos/erp software for small businesses and looking at a network-in-a-box type of solution with bench tested devices so it can be supported quickly. We are in Canada and some our customers are in remooote locations!. We had instances where the DSL goes down in the dead of winter and only option is the LTE failover
Would appreciate your input on a couple if use cases
1. Netgate vs Sophos? - know the answer- but a bit of insight would be great
2. Dual firewall deployment for fail over with LTE modem on each
3. Worst case scenario - an additional windows device with cellular LTE to get into the network when everything else fails (we do this currently)
I’ve been running pfsense on a R210 for a couple years but I’ve been considering getting something more efficient. But I really want to keep it rackmounted, rather than sitting on top of something, the shelf I have is already full of other devices and my rack doesn’t have much more room
Currently running pfSense on a Protectli FW6C from a few years ago. This is working great, but the 1 GbE speed is limiting within my home network.
I am planning to upgrade to 10 GbE at the router, and it is hard to find a new box with the same port options without getting very close to the cost of the Netgate option. There is also the value in not having to put it together yourself.
You do not get exactly the same processor, memory, and storage as you might want; but the solution will work or they will make it work.
Protectli is supposedly working in 10GbE models. The CEO mentioned it about 8 months ago.
I use also PCEngines APU 4D4 as hardware for pfSense and I have tens of boxes and no one of them broke, and previously I was using PCEngines ALIX and I still have some in production after more than 10 years.
If the performance fit’s the purpose I recommend them as really reliable hardware.
We have a tax business and thus during tax season it needs to be working. I bought Netgate 2100's for both business and home. If the business one fails I have the home one to replace it with and be back up in 30 min. I have a Dell 7010 as a backup as well. I am so appreciative of Netgate to put up the best documentation you can get. Having not to pay for VPN is worth the price. (OK I run VPN of my Synology's) It is not about the cheapest way to go but the right way. I think that is missing today. Go to the people that provided you with pfSense without charge, and be loyal to them.
I have a qotom box here, same one you bought... I needed a "cheap box" to run on and didn't have a spare to run with. Its a j4125 proc, 8gb ram, and 400gb ssd. So far, can't really complain. Seeing low CPU usage, low temps, low ish ram usage (still under 20%). Intel i225 v3 nics. Seeing full available bandwidth through it, love having the 5 nics... next one will probably be netgate
Informative video, I switched last year from wireless ISP to gigabit fibre and am considering putting a pfsense appliance in place of the ISP supplied router so I can move my IOT devices etc. onto VLAN, implement a good firewall etc.
With my wireless ISP I always used a dd-wrt router, with a couple of my older dd-wrt routers set up as access points and wireless bridge access points. I did not get as far as setting up vlans or subnets for guest networks, IOT devices etc.
I'm a database guy though, not a network guy, so my knowledge of all things network is rudimentary. Is pfsense worth my while or can I accomplish the same thing with dd-wrt equipped routers?
I use a PC Engines APU 3D4 and it's been serving me great. It handles A LOT of traffic.
I have deployed both Netgate and Protectli. I get the idea of supporting PFSense and I get desiring tech support with Netgate or Pfsense+. Where I am getting confused is where you are citing cheap AliExpress and Amazon brands like Qotom AND what seems to be a legitimately business focused brand like Protectli with a warranty and US-based operations and support. You all seem to be using them interchangeably and I am not sure if that is accidental or intensional let alone warranted.
Forgot to mention... The same performance and capacity information is hosted by Protectli with their systems as well.
Exactly!
It was because of you that I purchased netgate 6100 for home use!
Good to know about the low quality failures, thanks a lot. I usually use wide spread brand SFF PC with Haswell + CPU and Intel card.
Which one are you using? Could you recommend me a few deals?.
@@therealb888 Brand PC from Fujitsu, Dell, Lenovo or HP with i5-4570 or newer. All these are good, cheap and the second hand market is flooded with them. Plenty of performance even for 3 x 1gbps multiwan with zenarmor for 1000+ devices.
Great technical insight from a person who is unbiasted honesty review and allowing someone like me making a entry level a generalised understanding, but does not have a everyday hands of use and real time / long term view of what works and what doesnt, espscially who hasnt got the biggest bank balance :(
Would like the latest bells and whistles top end reviewed hardware being reviewed.. but in reality cant afford or scared that I will screw it up as a first step on the ladder approach / dip my toe in aproach rather than being overwhealmed with information overload / the "real life" or "my scenario" platform rather than just sighing and then giving up!
Tech by "real tech people" explained in simplistic short bites and layman terms :) Great Stuff. Thank you and keep doing what you are doing !
As Tom says, if you a business, buy the right hardware, over here in the UK for home/lab/test if you want to use PFsense/OPNSense consider looking at used Sophos/Checkpoint/Fortinet hardware if you cant find Netgate Hardware, not a fan of the China clone mini PC's personally
I'd agree re Sophos XG hardware, I had a XG230 Rev 2 running really nicely, shouldn't have sold it tbh. However when I'm offer more than I paid for it and it's using more power than I'd like on a home connection it went. Based on the poor response from a UK Netgate partner, I've lost interest in dealing with them for home and for work potential.
Miss that unit, mmm might look at options again... :)
Why would you run pfsense on fortigate/checkpoint hardware when their own OS blows pfsense out the water?
@@lukey3030 shhh, your not allowed to talk down about pfsense 😜
Quick question:
Would you recommend running OPNSENSE on a Netgate 8300?
I at home use the HP 620 Plus terminal, as a router (after adding 4 NICs). And it's a nice budget option for the home.
Have never used Pfsense or Netgates as I have always stuck to the enterprise stuff like Sonicwall, FortiGate, etc. But, I’m going to try this for a client who cannot pay the higher prices. Seems like a decent option.
On the chinese boxes, have you ever put a sim card in one and configured the 4G/5G connection as a backup to the primary internet connection?
My Netgate 6100 is very awesome , I highly recommended it if it fits your budget and needs. No affiliation
For a home lab, if you don't need more than a couple of network interfaces and don't want to spend a lot of money might I suggest a mini pc. Here's one that I bought but have not had a chance to load any software yet: MINISFORUM Mini PC AMD 7th Gen A4-9120 APU It comes with memory and storage and runs Windows 10 Pro so hopefully it should work. Based on "Explaining Computer's" recent review of a $100 mini pc, I also suggest that you load PFSense on a USB 3.0 flash drive. He seemed to get better writes and reads with the USB 3.0 drive when testing the various storage options.
I decided to setup my mini pc today with the latest version of PFSense. After setting up a very basic two NIC system, I ran IPerf from LAN to WAN and achieved 941 MB through put. CPU only registered about 17%-21% during the data transfer then it went back to 1% when complete. Win 10 Pro, 4 GB of RAM, and 64 GB eMMC. For $110 bucks and some change, not bad...
I have a third party unit as I am in the Philippines. I note that the black case with fins runs hot, car too hos, even thought the dashboad says 27.9C I don't believe that for a moment. I have a fan on order and will run it against the finds to see if I can cool the unit off a fair bit. My best guess is the failures are heat related.
I’ve got a zimaboard that I’m probably going to try pfsense on. Right now I’m running a 1U server and I can hear it everywhere in the house.
Does it make any sense to use pfSense at home when the hardware costs mount so quickly compared to off the shelf routers? Still trying to get a handle on this.
I use Sophos hardware for my PF boxes and it works great. I wish netgate had a donate button so I could contribute like I do for Ubuntu
Did you try new CMOS battery on those failed boards? 4-5 years is right about when we see those cr2032 batteries fail and have had devices stop booting because of bad batteries.
Love the new intro!
So many sites argue which network card is the one to get, with your experience which Intel network card would you recommend for a 2.5 g x 2 and a 1g x 2 card? Siding for the more budge conscience.
Awesome video. I need a hardware recommendations for a first time simple home setup in 2024 please. My main use case is to replace my ISP router+ home lab.
I want to get in to pfsense but not 100% sure yet. I have a stressful IT job and sometimes by the time I get home I just want to relax. I would like something that can be setup in a set and forget manner but at the same time I can tinker around with it when I have time.
Is pfsense the right product here? What would you recommend for a first timer please?
I prefer pfsense and if you get it on Netgate hardware you know it will work right form the start vs you may run into troubleshooting issues if you built it yourself.
A bit overkill, but I built an mATX router with an ASRock Rack Xeon D-1541 motherboard. Dual X540 10Gbit NIC's. Though my ISP doesn't offer 10Gbit service, they use the 10Gbit port on their L2 device for 2.5 Gbps fiber service. I'd good for years to come.
An an FOSS developer, I also wanted to buy Netgate. But in EU it's as you said either very hard or very expensive... Same with Qotom, hard to find. I had little choice to go to a Protectli box. So far so good, but I don't like that and wished Netgate had a better story for EU. (It's a similar story for Supermicro btw)
QOTOM on aliexpress for $152
EU is OPNSense's area
For some reason, a Netgate I have deployed, loses it's WAN connection when the ISP changes the IP address. The WAN port won't grab the new IP. So you have to manually renew the IP. Very frustrating.
Thank you for the link to the Qotom! Finding a budget friendly router that has 2.5G ports to go with my 2.5G Fiber to the home has been difficult. Now I just need to decide on a new WAP. =)
I just received my Qotom Router Q750G5 and have pfSense loaded on it. I noticed that when a power failure happens the unit does not power back on automatically. I was wondering if you knew how to get the system to boot up when power is restored?
You set that in the bios power settings.
Does Netgate have built-in wifi so that the appliance can to be a WiFi AP? Or what is a good option to make the Netgate an WiFi AP?
Tom> You mentioned that you keep spare Netgate boxes on-hand as a just-in-case. Is Lawrence Systems a Netgate partner? Because last I knew, Netgate’s warranty applied only to the original purchaser. How are you handling this?
The spares we have are for our clients that we have installed them for and that we have as part of our managed contract.
0:23 heck yeah, guess I am going to have to start with pfsense now too 🎉
for home I prefer Size and I choose the IKOOLCORE R1 .. with 4 2.5gb. lan. network. mini PC 👍🏻
I Just ordered one for traveling. How are you getting along with yours?
hi,
perfect video.
i use like intel nuc with 2 network cards.
All other is based on VLAN.
Have first Sophos UTM then Sophos XG.
Then PFSENSE and at the Moment OPNSENSE
works fine.
I don't know. I used an Asus B550 Tuf Matx motherboard with a Realtek 2.5GBE Nic (Ryzen 7 5700G CPU). I then used a DELL Broadcom BCM57810S 10GB Dual Port SFP+ PCI-E Adapter and an Intel X550 T2 Dual 10GBE Nic in the available PCIe slots. All I had to do was read the forums to get the driver packages that worked best with pfsense 2.6.0 (still running it) for the Realtek and the Broadcom chips and I installed those packages. Voila, every card works perfectly. So while the Intel adapters tend to work right out of the box, the others can be made to work if you're willing to learn a little FreeBSD.
If I decide to install pfsense on type 2 vm like virtual box on my pc (with single Ethernet port) instead of protectli.
Can I still achieve the same results? Or what would be the differences from a dedicated hardware VS a vm on a px
*pc
Well said. I've never used any of those chassis but they are very interesting specially for low power use. I may get one for my internal isolated network.
It's been Supermicro Embedded for me all the way. Started from early Atoms and now Xeon based for muti-gig WAN. Never encountered a single h/w failure with over a decade of use. I think Netgate uses similar/same branded motherboards.
which Supermicro board are you currently using?
@@michaelkeys1453 I'm currently using SYS-E300-9D-4CN8TP. Perfect for multi-gigabit WAN/LAN. In the past I've used Atom D525/C2750/C3758 based boards.
Off topic I think but,,,,,, you mention you have manyPfSense boxes deployed…. How are theyall managed? Is there a cloud based central site? Do you remote into each individually if needed? Most of mine have dynamic public IP’s so I rely on a pc in the local net to access which is really not good. Can you talk about remote mgt?
Managed individually and we have remote access to all our customers
I was about to splurge on a Protectli FW6D but now I am skeptical considering the hardware failures people are talking about. I currently have a Netgate 2100 but want more power and physically isolated network ports (rather than their switch based configuration). The next one up is the 4100 but these have the same number of ports as the 2100 (same with the 6100).
That Twitter thread is pretty meaningless. For all we know there are 100 satisfied Protectli users for every one that complained. People with problems are a much more vocal lot than those without. Not saying there's nothing there, just that it's hardly scientific. On the flip side, on this page here I'm seeing a lot of people saying they've good results with their Protecli's. Without hard data, who can tell either way? :)
@@bmbiz "People with problems are a much more vocal lot than those without" Totally agree. And not specifically with pfSense boxes but with any product.
I have deployed over a dozen Protectli firewalls over the years and only had one that gave me any problems and they replaced it even though it was out of warranty! They are a great U.S. company with tech support you can easily reach with a simple phone call!
I'd like to get started with pfSense and was wondering what reasonably priced dedicated (Netgate?) hardware would be a good match for a cable modem system at home with a few users and a small business. Current cable modems have 2.5 Gbit Ethernet interfaces and the download speeds are approaching or slightly exceeding 1 Gigabit at this time. Or there is AT&T fiber at 1 Gbit nearby as well. It would seem that the lower end boxes might bog down the network, but what is the practical balance here? Network speeds creep up so over the life of the box it might see more bandwidth, or become a bigger bottleneck if not appropriately chosen. Thanks in advance for any comments or suggestions.
The 6100 would be great
What's Broadcom support, is that "meh" too? I've got Intel on my Pondesk unit and Broadcom on my R220. I'd be interested in Negate hardware if the UK partner responded, so given up there tbh. I'm on my second Pondesk unit within 3 years. First network card port died, they replaced it, but still a failure. What about Dell PowerEdge or HPE ProLiant hardware for bigger installs?
Look forward to the additional content as ever.
Sorry I didn't understand what these failed devices are? Are you referring Protectli or Quotom?
Protectli often using the Quotom
I live in Brazil and the prices here aren't just "substantially higher".. they're *ridiculous* . I'm talking full gaming PC pricing. it's just not an option for any home user that's not making more than 10x the minimum wage. even these "cheaper" alternatives still end up being quite expensive (just not as much) after all the import taxes and what not. I've been trying to build an efficient pfSense box for years now but I just can't find affordable enough hardware to justify it. and forget using old hardware because the power bill here can also get pretty expensive if the hardware isn't efficient.
what about the failure modes of the infamous and ovepriced sg4860 from your friends at netgate?
Is there something wrong with the Espressobin?
Hi Lawrenece, your Qotom box, is it only pfSense running in that box or? what's the specs of your qotom box?
Qotom Router Q750G5
amzn.to/3ElAAqE
My 3gb fiber link provide only a 10gbase-t connection. Netgate don’t have this port. I guess I will have to do my own build.
This will be great for my home security which has been penetrated by virus called back orifice. I suspect it was from my neighbor who is a retired network engineer so I still need a way to protect Bluetooth devices since he lives in range
Tried but there was no stock of Netgear in my country but Amazon had a Protectli on next day. Route at Gigabit shouldn’t be confused with firewall’ing and features at Gigabit.
I have been using for home networking a device virtually identical to the one in the video (except for the motherboard whose brand is not easy to figure out, but same CPU and same NICs) for two years and everything works perfectly at gigabit bandwidth with 5 vLan and quite a lot of stuff going on.
Fingers crossed.
Can I include pfsense on my window 11 PC and use them on the same PC
repurposing those supposedly free hardware from Sophos is also a good option. we actually received those hardware for free several times already hoping the company use them but we just didnt bother and one day we actually just used it as a spare hardware just in case shit happens so I plop out the SATA DOM and inside the unit and install a serial console install of pfsense, and whoala works great.
Hi Lawrence , I have the Qotom router , should I install pfsense directly on the hardware or first put proxmox on it and than install pfsense as VM on it ?
th-cam.com/video/aKK4ojdkk3M/w-d-xo.html
I have one of these Chinese boxes.. Cooling is a big problem.. If CPU goes over 20%, temperature goes over 70% and it will get higher up till 90... Blowing a simple fan over it will solve the problem but they definitely need some cooling attention...
Love the videos. Newbie sounding question. How do you connect the netgate hardware to get wifi in the house. Networking hasnt been my strong suite.
I use UniFi for the Wifi
@@LAWRENCESYSTEMS i am trying to setup something simple yet strong enough i can be secure. Basically i got 400mbs fiber with the isp modem and was thinking of putting a negate box after the modem and possibly a switch before adding something as for wireless net with the ability to separate my private network from my IoT stuff in my Home. I have always had a modem wireless router combo and haven't really dealt with anything like unifi. I tried watching one of your more recent videos in regards to unifi and pfsense but halfway through my head was swimming. I also use quad 9 for my dns resolver so whatever I end up with has to play nice with that fact. If this is asking to much let me know.
I have a Dell 486. Will it run on it?
A good nic matters so much more than the CPU or memory or any other hw component.
A good intel nic will do most of the processing directly on the network chip
This was great for keeping clients off of cheap garbage. I do have to voice that all of Negates hardware has an astonishing lack of ports and expandability that often turns me off of them for anything except straight office networks and home networks. Anything with high level of redundancy needs I have to use custom servers and that makes me sad when they could produce one top of the line ststem with 5-6 expansion slots and really open up some high end market space.
Fiber Optic ports or SFP port on any of these mini pc's or have the builders forgotten to do this knowing that internet speed are moving away from slow speeds anyone got any suggestions on this for builds you can make yourself ?
or will you be making a diy video on this ?