We are big fans of pfSense and with recent updates it can easily handle solid bandwidth on low power commodity hardware. In addition, to basic routing, it can also provide services such as DHCP, DNS, BGP, IDS, firewall, proxy and VPN. As a result, STH readers are often interested in what are the best items to purchase in terms of barebones units for pfSense appliances that are in the data center. We will regularly update this list. We have a number of other hardware picks.
Official pfSense Appliances
pfSense has a number of pre-configured appliances that are both low power and come with the commercial pfSense version. This has features such as the ability to easily create AWS VPNs. We suggest looking at the pfSense store as your first stop when selecting a pfSense appliance.
1GbE WAN Solutions
In terms of 1GbE WAN solutions, we have two main recommendations. Both are centered around Rangeley processors with include Intel QuickAssist. The Intel Atom C2758 has both QuickAssist as well as an 8 core CPU. The Intel Atom C2558 on the other hand has only 4 cores but is both less expensive to purchase and uses slightly less power. The issue is that the C2558 still has RAM, disk drive and chassis costs which combine to make up almost as much or more than the CPU/ motherboard. For a few dollars more, we generally prefer building with the C2758 SoC.
- C2758 based – Supermicro SYS-5018A-FTN4 – this unit has plenty of power to handle firewall duties as well as a 1GbE WAN connection (or two.) Power consumption is extremely low and the 1U short-depth chassis with a SATA DOM or a USB stick and ECC DDR3 SODIMMs will be all that you need to get going. Cost is around $600 (see eBay and Amazon
). We reviewed the Supermicro A1SRi-2758F motherboard found inside this unit if you want more information.
You can build a similar solution based off of lower spec processors/ motherboards such as the A1SRi-2558F and A1SRi-2358F but at the end of the day we prefer higher-performance parts for when advanced network features such as Suricata are added.
10GbE Solutions
For 10GbE solutions we really like the Intel Xeon D lineup. Specifically, we like the Intel Xeon D-1518 CPU. It provides significant single and multi-core performance while maintaining a low power posture.
- Supermicro SYS-5018D-FN8T – this unit combines 6x 1GbE ports with 2x SFP+ ports and also has a PCIe slot (via riser) available for an additional NIC. The barebones system includes a CPU, motherboard, and cooling all pre-installed in a short-depth 1U chassis with an 80 Plus Gold power supply. You can simply add RAM and either a USB drive or SATA DOM to get going. It is a fast but low power option as a pfSense appliance. Cost is around $800 (see eBay and Amazon) which is very reasonable and you should be able to fully configure a system for under $1000.
We also will suggest that while the onboard Intel X557 10GbE NIC is great, potentially getting a Chelsio 10GbE card for higher connection interfaces may be a good idea. We have a guide to pfSense NIC options here.