Hardware for 10G OPNsense solutions
Hardware for 10G OPNsense solutions
So I've been looking at moving everything in my rack to 10G, and the last piece of the puzzle is my router / firewall (for OPNsense). Currently using a NUC BOX-155H (2.5G). Generally I've always gone with the NUC route over cheap Chinese boxes, as they get BIOS updates among other other reasons. However for 10G choices I haven't found any clear "winner"? I could really use some help / suggestions. I would like to keep it to a 2U of space, and pretty quiet though. Here is what I've looked at so far, and my thoughts / concerns: Minisforum MS-01 - Price is great on this one. However I see lots of complaints across the board about reliability on all Minisforum's machines. This does sort of concern me. Protectli VP6670 - Available with open source BIOS, supposed to be quiet. A bit pricey, however not horrible. Supermicro SYS-111AD-HN2 - This I think might be more reliable, as it should be "server grade"? However it's by far the most expensive option. I think it would be my clear winner though if it weren't for the loud server fans. I don't think this would be tolerable noise-wise where my network rack is currently located. Yes I briefly looked at say something like the DEC2752 from OPNsense directly. However I like the freedom to just repair something easily, and do whatever I want with a device. I kind of assume pfsense and OPNsense hardware are essentially branded PCs, but as soon as I assume...
Currently not available. I’m on 1G symmetrical with a locked-in price for now. After the current offer ends, the goal is to upgrade to a faster connection (hoping for another multi-year deal). Presently: ONT (1G) → Firewall (2.5) → Switch (10G). You’re suggesting flipping the order to ONT → Switch → Firewall, which feels less appealing compared to getting new hardware.
Technically distinct but often treated as similar in real use. Layer 2 switches are typically used together. If the switch supports VLANs, the router mainly manages DHCP, DNS, and routing to unknown IP ranges that switches aren't aware of—whether internal or external.
I kept thinking more about it, and it really felt like the right choice. None of the choices stood out as the best, so I went ahead and created a compact mini-ITX unit. The main issue was that the only motherboard with Intel Networking onboard was from Asus, which wasn’t ideal. Still, I thought it might be useful to have it ready just in case. The 10G Intel card is inside the brown box beneath the RAM and SSD. My case is set to arrive tomorrow—Silverstone ML09. I haven’t built a mini-ITX project before, nor have I seen an SFX PSU, but it’s impressive how compact everything is.
Everything looks good now. I'm curious about why I didn't choose this path earlier. I just decided to stick with the specs you mentioned: Intel 265K, Asus B860-I Gaming Wi-Fi (only Mini-ITX with Intel LAN), 32 GB DDR5 6000, 1 TB MP600, SF850 PSU, and Intel X550-T2. It ended up costing about the same as a MS-01 but with more power. Still fits on my rack. The network card has two large fans for good cooling. I discovered my ONT supports 10G speeds, possibly faster than 2G on my fiber plans. Also, upload speeds are no longer an issue, even though they weren't fast before. I didn’t go into too much detail about that since uploading isn’t a big part of my usage.
I realize it’s a bit late… yet the Lenovo m720q looks promising. I bought one on eBay for $150; it comes with an i5 8500t, 16GB RAM, and a 256GB NVMe drive. The PCIe slot is included (just need a slightly bigger board). It’s quite energy efficient, compact, quiet, and perfect for a Proxmox router or HA node. If TrueNAS runs on its own subnet, set up NICs only on that subnet you use for traffic. This avoids hitting the firewall during subnet hops and lets switches handle routing instead—unless you have layer 3 switches, in which case you’ll need to block things like WebUI and SSH. That way, you restrict communication to specific subnets while still allowing SMB or NFS through directly to your switches.