pfSense Machine Recommendation

[Deleted member 83050]

Recently i have been doing a bit of digging on the internet about pfSense Firewall and planning to set it up in my home network. I have figured out the basics on how to get it working on a machine. Just had a few questions related to it and looking forward for some advice.

1. Since i am just starting out, i don't want to spend a lot of money initally. Was thinking of getting a old small form factor PC like Lenovo Mini PC or Dell Optiplex and flash pfSense on this. As per my research i have to buy a Dual/Quad Port 1GbE or 10GbE NIC PCIe card because i need minimum of 2 ports. What are the options available in the market? I am a little hesitant to import these products from China via AliExpress. Can i get it somewhere in India Itself, like LT Store?

2. Another option is to get an industrial PC something like this but this seems a bit expensive. Are there any cheaper industrial PCs available?

3. Another option which comes to my mind is to build a custom PC under a certain budget like 15-20k(with NIC) and flash pfSense on it. A noob question - Does AMD work fine with pfSense or i need to buy intel CPU only?

I am also a little worried about power consumption. What are the ways to minimize it?

My requirements:
1. I am currently on the 200 Mbps Plan but i might move to a higher plan maybe 500 Mbps with some other ISP. What things i need to keep in mind in order to remain future proof? Is it safe to get a 2.5 GbE ONU?
2. I may also want to setup two ISPs(dual wan) in failover or load balancing. What kind of NIC do i need then?

 

[Skeeter]

anything decided yet?
I am confused between a Mikrotik router with sfp cage and building own x86 router.

 

[Deleted member 83050]

I have currently dropped the idea of getting a pfSense machine. It's very costly and honestly not worth it at least for my use case. I have a really normal usage of internet in my household like browsing, streaming, gaming, WFH and zoom calls.
Also setting it up is really time consuming and I am very busy nowadays.
From what I shortlisted I really liked the skullsaints Onyx PC which @vishalrao bought. It's easily available but I am not sure about the technical support if on runs into issues. You can have a look at Netgate appliance if you have the budget as @Chip said.
Getting optiplex PCs and adding multiple network cards is too much of a hassle honestly and you may not find good support if you run into issues.

 

[Skeeter]

you are right about the support part.
Official NetGate stuff are too costly.

 

[Chip]

Take a look at Protectli they offer mini PCs that can easily run pfSense. They are cheaper than Netgate appliances but after shipping and customs they too can get expensive. But then you have to decide how much you want to spend on these things and what features you need. Otherwise for home use a normal router with a SPI firewall and an IPS/IDS like the one you see with Asus routers is more than good enough

I nearly bought a Netgate but changed my mind when I saw their SSD is not user upgradable. And on 26/10/23 Netgate played a nasty trick - no pfSense Plus is no longer available for free for home/lab use. They want us to pay $400/year. Those who have pfS+ like I do can continue to use it till the day it needs a reinstall OR Netgate stop offering updates for pfS+ with no subscription. However there may be a chance that Netgate will offer a home subscription plan for a reduced price. Let's see. pfSense CE edition is free as usual but may remain a zombie system when Netgate eventually pull the plug on it. These guys are a slimy bunch.

In the mean time get OPNSense. It has a below par UI making it less user friendly than pfS CE/+

 

[WieldyBinkie]

Hey @Chip, are you gonna move to CE or stay on Plus? I was thinking of moving to CE once 2.8.0 release. Even if they do a paid Home/Lab tier, it think its gonna be on their TAC lite price tier ($129/year).

 

[Chip]

I am staying with pfS+ for now, may migrate lock stock and barrel to OPNSense if these guys screw around or come up with unaffordable home plans. I am ok with <$50/year subscription fees but that too is ridiculous considering the open source nature of the pfS project. It reminds me of some smart alec who charged us for custom firmware upgrades for Linksys routers back in the '00s, can't recall his name. These are open source code bases and cannot be sold.

 

---

[WieldyBinkie]

TAC Lite Available for $129/year Like I said @Chip

 

[Chip]

That's like Rs 10k+ per year and not really my cup of tea. The reason I went with pfS in the first place is the open source bit. I may downgrade to CE when the time comes. It's easy to do.

 

[JB701]

check out routeros chr too. not open source but its a one time $40 for lifetime license .

 

[Chip]

@JB701 For a router I prefer a one time fee or an open source. I am not familar with Router OS at all but may be tempted to buy a license to try it out. Let me see. Right now the path of least resistance for me is to downgrade to pfS CE OR move to OPNSense which I am familiar with.