My $300 pfSense Firewall Appliance – Part 1: Unboxing

hydn · April 10, 2025, 4:39pm

Read the full article: My $300 pfSense Firewall Appliance – Part 1: Unboxing

For the past three years, I’ve been putting off an upgrade to my network’s firewall. During that time, I was balancing multiple priorities: maintaining uptime with multiple ISPs, managing VPN performance limitations, and constantly watching the market for hardware that could check all the boxes without blowing the budget. I knew I needed better throughput,… continue reading.

hydn · April 10, 2025, 4:48pm

Some larger high-res photos (without lossy compression of the linuxblog.io):

This is Part 1, focused on the device I ultimately selected. Below, you’ll also find Part 1 and Part 2 of the decision-making process that led here:

Choosing the Perfect Network Firewall Device for under $300 — Part 1

My Quest for the Ultimate Home Office Firewall — Ok, well, Part 2

BertStare · April 10, 2025, 11:54pm

This is a cool little bit of hardware, but i cant help but feel like you overcomplcated the matter. A lenovo m720q (or similar) and a mellanox cx3 2x10gbe sfp+ card can be had for $1-200 and will get a bit more oomph.

hydn · April 11, 2025, 12:21am

Welcome to the community! thanks for taking the time to leave some feedback.

Very possible! Living on an island in the Caribbean does complicate things a bit. Even if you gifted me a Lenovo Tiny (I actually have two), customs still assigns a value — gift or not — and charges duties based on their own assessment.

Returns aren’t practical either. Most used devices I buy when I’m in the U.S., so I can test and return them if needed. Shipping anything more than an envelope back from St. Kitts via FedEx starts at $100, so buying brand new to reduce risk often makes the most sense.

That said, I do take my time when deciding for analysis. Some of it’s location-driven, but some is just me being picky. I wasn’t interested in another Lenovo box this time. As mentioned in the article, I specifically wanted the extra ports + minimum x2 SFP. My current setup (pictured below) has 3 Ethernet lines running directly to 2 servers, my workstation, and the switch.

I wanted to keep close to that setup while routing the rest through the 1U switch:

The red cable is ISP1 and ISP2 is plugged in the back via USB WAN port:

With the new hardware appliance, I’ll be able to slide this in and plug everything up..

Oh, another example, is I recently gifted @shybry747 something. He also lives here. He called me and said something to the effect of: “what’s the best route to ship this here to reduce the cost on both me and him”. That said, I wouldn’t live anywhere else given the choice. Ha

Once again, thanks for adding the info and feel free to expand on the options because it will probably be helpful to the vast majority of readers.

Dpwcnd · April 11, 2025, 2:30pm

Would go with opnsense over pfsense. Got a similar box as well (n100 4*2.5gbs) purchased directly from AliExpress. The most ironic part is the firewall is Free BSD based posted in a Linux community.

hydn · April 11, 2025, 3:14pm

Hi @Dpwcnd welcome to our Linux community.

TBH, between the two, I was originally leaning toward OPNsense.

I went with pfSense mainly for performance and patch speed. WireGuard, for example, is significantly faster on pfSense (sometimes 2x faster) due to better integration.

pfSense also tends to patch critical security updates faster. OPNsense is often days but sometimes weeks slower than pfSense and still lags behind on certain features.

As for FreeBSD on our Linux & Technology forums, it’s not really about OS tribalism. Generally, if something solves a tech problem, it’s welcome.

Edit:

The FW appliance is for a home lab, so pfSense won’t be the only solution I test. This is a chance for me to explore, learn, and compare pfSense as well as OPNsense but also:

IPFire — Linux-based. Strong support for IDS/IPS, VPNs, and QoS. Good web UI.

Sophos XG Home Edition — Feature-rich firewall with a modern UI. Excellent UTM (Unified Threat Management) features. Free for home use with restrictions to features.

NG Firewall — Slick web GUI, very user-friendly. Strong content filtering, app control, and VPN. A free version available, but many features require a paid license.

VyOS — Enterprise-grade and CLI-based (Debian under the hood). Rolling release with strong routing features and VPN. I’m too noob to jump into this before pf/OPNSense.

However, I want to start with pfSense first and see how that goes.

Brad · April 12, 2025, 7:13am

Can you link to where you purchased the hardware please?

hydn · April 12, 2025, 7:24pm

HI @Brad see link:

Or via Amazon listing for easy returns if you are in the US.

Hopefully, once I test this, I can actually report something positive. I was already asked by someone who tried a similar spec box:

How are the i226-v going? I have the same NICs in a miniPC i got and because the manufacturer hasn’t updated the NVM for the NICs they drop out continuously in PFsense. Made it useless for PFSense use.

Not the same device, so my fingers are crossed because I can’t return it.