Consumer FW&Router or pfSense?

[Digital]

I am moving next month to a new apartment, where I get 1/1 Gbit/s fiber connection, which is set up so that by default you have one RJ45 socket in the wall and the main router/FW gives you one address with to that port. Obviously I want to have my own network, so I am going to need NAT.

 

Problem is, the connection I have now is 15mbit download and 1mbit upload. I have been using Juniper SSG5 which is fine for above-mentioned speeds, but the ports on the device are 10/100 and anyhow the maximum throughput of the firewall would be 160mbit/s. So I need a new router and firewall - but which do you suggest - consumer firewall/router or custom made pfSense machine?

 

I am interested in networking, so I don't really want to go for consumer electronics - even though they are pretty capable - they usually lack the options to experiment. Professional equipment that can handle gigabit speeds are on the other hand way too expensive (if you know some that are not, please advice).

 

Also, how beefy machine do you need to run pfSense with gigabit speeds - nothing fancy for starters, so no QoS i.e.

[Digital]

Also, how do you get wireless out of pfSense, or do you need wlan AP in addition?

[jj9987]

pfSense is fun and has more features than any consumer router on the market. If you have the interest, time and money, definitely go for one.

Custom machine is definitely more expensive, tho you can look around eBay for good deals on some older CPUs, a newer Pentium could even handle that load, though if you want high speeds (gigabit) over VPN, then you need to look a little further, maybe even an i3.

 

Do think a bit further ahead - what are your future expectations? VPN? Plugins? Traffic filtering, QoS? It might be more expensive and more difficult to upgrade later on, but that depends how you plan to use it really.

 

For wireless, yes, you will need an access point. PCI-E/USB wireless cards are crap, access points are way higher quality and more reliable. Something from Ubiquiti line-up would be pretty awesome.

 

Finally, don't forget you will need a proper network card as well. HP NC364T quad-port NIC is widely recommended as well as some Intel ones, though watch out, there are quite many fake ones on eBay. The HP/Dell and some other OEM ones are usually rebranded Intel cards and you only want to go Intel. Forget others.

 

EDIT: Also, check out https://www.reddit.com/r/PFSENSE/. There are a lot of similar posts that have been discussed, plus the pfSense team is also active there.

 

EDIT2: Final thing. If you are considering building a homelab, you could also consider buying an old server and running pfSense in a virtual machine there, alongside other services. Do take note, that if the server is offline, so is your whole network. At least the part that reaches outside.