Which Hardware to Choose For pfsense? Netgate VS Protectli, Qotom, Yanling, etc...

I ran pfSense on old hardware for years... But when I started to move to an "off grid" model at my home in the mountains I looked for low power consumption and reliability. I listened to Tom and bought a Netgate SG-4860. I've never regretted it. I had one problem with the first one and even though it was technically out of warranty, because it was a known issue at Netgate, they replaced it at no charge. That said, for the 9 days I was without my SG-4860 I had to fall back to a plastic box router... not the best scenario. The replacement has been trouble free for years now and I was able to pick up a backup off eBay that is the exact same model and features so I keep it updated and on a shelf - just in case. Couldn't be happier with Netgate products or support.

ramosel

REALLY appreciate you keeping these PF videos updated and relevant

slipnfall

Another great video Tom! I'm glad to see other channels covering this topic. Keep up the great work!

RandomTechChannel

I bought a Netgate 6100 shortly after I started working from home during lock-down (I got the 6100 because I also wanted to experiment with 10G fibre). I'd previously had pfsense virtualised on a ESXi server along with my TrueNAS servers. Whilst that worked flawlessly, anytime I needed to shut down ESXi for whatever reason, I wouldn't have Internet access! The 6100 has been rock-solid.

gh

I’d support Netgate if their devices were even close to reasonably priced. I’m in Australia and paying 1k for 4100 BASE is way too much.

rockfreek

I started with a Netgate SG3100 about 7 or so years ago. It ran out of steam when I upgraded to 1Gbit WAN at home. I bough an old Dell R210MkII and a 4-port Intel NIC and it's been bombproof. I do keep the SG3100 in the rack as a standby and have the ports of the two Pfsense boxes brought out to a patch so can quite quickly switch between should I need to witch to the Netgate. Not exactly hot-swap, but it will suffice. I also have a Chinese fanless box that runs Pfsense for demonstrations to clients / exhibition use and that has been fine.

I have needed support from Netgate and have always been impressed. If I were to implement a mission critical system, it would be based on Netgear hardware.

rjy

I just set up pfsense at home on an old Sophos XG105 rev3 box that we had decommissioned. I did upgrade from 2 to 4 GB RAM and so far Im really happy with the performance. That said, if I were to ever deploy pfsense for a business, I would go with Netgate.

timalbrecht

I used to run pfSense, for business use, on old hardware, but, for about 2 years I started to use SuperMicro SuperServer E300-9A-4C model for the main offices. Probably, in the future, I will use NetGate, due to all the great things they are doing. Thank you for your videos and opinions, Tom!

PictureStrain

I've been running pfSense on Supermicro's 1U Atom based servers for years with great results. Started with d525 based systems, then moved to the c2000 and now the c3000 series. Work great and are solid enough for a production environment. I can also buy two of them and put them in fallover for what one Netgate appliance of the same capability would cost. I paid for pfSense Gold for years and also did their paid training when it was offered. I wish both of these things were still an option to support Netgate.

KonjonoAwesome

running on a qotom box myself and had a broken gigabit port for awhile now, been watching for a 2.5gbe version to replace with. you are exactly correct, it is enough for my homelab/home entertainment needs. I have a few simple traffic rules for game servers etc and it does what I need.

derekp

Have about 70 SG1100s in the wild. Absolutely love them. They realistically pull about 500mbps throughput which is still way more then what most of our customers can get through local ISPs.
A thought on the Qotom, we deployed a couple of these. They will not turn on after a power failure and need to be manually started. Occasionally get calls about them.

zaca

I purchased 2x Protectli Vault FW4B - 4 Port, Firewalls for my primary residence and a vacation home.
I installed one in my primary residence 1st and it would reboot 2-3 times during operational hours.

I configured the 2nd one, same mess.
Returned to Amazon and purchased 1x Netgate 2100 for primary residence and 1x Netgate 1100 for vacation home.

I couldn't be happier.
Not a single issue.

wagnerj

I have used a SG-2100 since it came out and am very pleased. Yes the Netgate hw is not cheap, but it is reliable.
I have only had one problem… the last update (23.01) failed but Netgate was very quick to submit an image for me to manually load on the box. So now I can also have an opinion about their service, which is exelent.
I will for sure buy another netgate, but understand the people that find it expensive.

steensadolin

Great vid.
I really wanted to run pfSense but the boxes to run it on and the Netgate boxes are costly so I wound up buying a MikroTik router. This is for home use so it fine enough for what I do.

antoniom.andersen

Initially, I ran pfSense on a refurb HP compact desktop computer. When it died, a couple of years ago, I got a Qotom mini PC, with i5 CPU (including AES-NI) 4 1 Gb Ethernet ports, 4 GB RAM and 32 GB SSD. It runs very well. I agree, however, what's good for a home user might not be good for business use.

James_Knott

Informative video, I switched last year from wireless ISP to gigabit fibre and am considering putting a pfsense appliance in place of the ISP supplied router so I can move my IOT devices etc. onto VLAN, implement a good firewall etc.

With my wireless ISP I always used a dd-wrt router, with a couple of my older dd-wrt routers set up as access points and wireless bridge access points. I did not get as far as setting up vlans or subnets for guest networks, IOT devices etc.

I'm a database guy though, not a network guy, so my knowledge of all things network is rudimentary. Is pfsense worth my while or can I accomplish the same thing with dd-wrt equipped routers?

ravenseyeimages

Thank you for the post and your insights. Your sharing the knowledge is much appreciated!
We deploy our SaaS retail/pos/erp software for small businesses and looking at a network-in-a-box type of solution with bench tested devices so it can be supported quickly. We are in Canada and some our customers are in remooote locations!. We had instances where the DSL goes down in the dead of winter and only option is the LTE failover
Would appreciate your input on a couple if use cases
1. Netgate vs Sophos? - know the answer- but a bit of insight would be great
2. Dual firewall deployment for fail over with LTE modem on each
3. Worst case scenario - an additional windows device with cellular LTE to get into the network when everything else fails (we do this currently)

krishnaprasad

I've had pfsense running at 100+ locations using PCengines hardware over the last 10-15 years - very reliable, but good to see what is out there

echoztrip

I have a qotom box here, same one you bought... I needed a "cheap box" to run on and didn't have a spare to run with. Its a j4125 proc, 8gb ram, and 400gb ssd. So far, can't really complain. Seeing low CPU usage, low temps, low ish ram usage (still under 20%). Intel i225 v3 nics. Seeing full available bandwidth through it, love having the 5 nics... next one will probably be netgate

AlanDike

I use also PCEngines APU 4D4 as hardware for pfSense and I have tens of boxes and no one of them broke, and previously I was using PCEngines ALIX and I still have some in production after more than 10 years.
If the performance fit’s the purpose I recommend them as really reliable hardware.

Calauu