Question Best practices and pointers for a firewall PC ?

[SSri]

Happy to be back after a long time!

I am looking to buy or build a system for PfSense / Untangled / IPFire .

I have a business grade Virgin fibre, ISP router, cisco switch, 2 UniFI APs, Cat6 all over the house, etc. I had a PfSense, which was quickly hijacked by a very close friend of mine. Since then, a lot happened and never managed to replace it.

It's about time, I get another one as we are thinking of adding 2 more APs at home, 1 AP for the back garden, convert LEDs to smart switch, door-bell camera and perhaps mount a couple of cameras (side entrance and back garden). These will happen over a period of time. For the record, we have an ADT monitored alarm systems.

I am drawn between an interesting choice as a starter: a virtualisation route including firewall and either buy a used/new (preferably low-powered) 4-cores pc or build one. I believe the best practice is always keep the firewall as a stand-alone device than running in a virtualised server.

I am pretty rough on the latest hardware. I would appreciate some expert recommendations in this department! If building, Ryzen 3 3300x or Ryzen 5000 series or any best value 4 or 8 cores intel chips.

Thanks every one for the help. Have a super good day and be safe please!

 

[COLGeek]

Is this for a residence, or place of business? How many users/devices are in this network?

Why not secure your PfSense device properly and lock down your current network without adding more stuff (more is not necessarily better)?

 

[SSri]

Many thanks for your reply.

Is this for a residence, or place of business?

Residence please.

How many users/devices are in this network

3 users normally, unless we have guests/friends come over.

Devices: Leaving the wired ones, about 15 devices connect wirelessly at the moment. The number of wireless connected devices will go north, given the smart home plans.

Why not secure your PfSense device properly and lock down your current network without adding more stuff (more is not necessarily better)?

I fully agree. Securing and locking away the network with something like PfSense is a sound recommendation.

However, as I had set out earlier, I need to start off with PfSense before adding additional hardware like mutli-vm box. A firewall box is required, though. I need a multi-core CPU, as I do want to look at IDS/IPS. I won't replace / upgrade the firewall hardware unless it gives up on us. The PfSense device, which I had earlier, was lovingly taken away.

The ambiguities are:

• Re-PfSense or an equivalent: My mind says virtualise, while my heart says stand alone (perhaps 4-cores).
• CPU advise. If virtualised, 12 cores CPU. I am not sure if they come with stock coolers and integrated graphics. Otherwise, Ryzen 3 3300X, 5 5600G or i5 11400 may be. TBH, I am behind the curve off late. My choices may not be correct.
• Build or buy used

Thanks again!

 

[SSri]

After spending some time thinking and reading about these, I will not virtualise the router. I will stick a stand-alone PfSense or a subscribed Untangled router.