As my whole lab and network was getting to the 10Gbit era I was looking for a nice piece of hardware to run OPNSense.
Because I already have a Mikrotik 8-port SFP+ switch (CRS309-1G-8S+IN), I wanted SFP+ ports because DAC Cables are just ridiculous cheap. I really can recommend the guys over at fs.com, they have good quality and are very cheap. Also, none of the equipment I ordered there let me down till now.
At first, I was looking into Thin-Clients and also some SFF PCs like the Lenovo or Dell 1l variants but just wasn’t satisfied with the performance. The big drawback of mini PCs is the limited expandability with PCIe devices.
Supermicro SYS-E300-9D-4CN8TP
Finally, I settled on the Supermicro SYS-E300-9D-4CN8TP, CPU is already on-board, and I had some ECC DDR4 memory lying around. I just needed to get a decent datacenter SSD for reliability and settled on the Samsung PM883 240 GB.
This little beast has 4 x 10Gbit, 2 of them being RJ45 and the other 2 SFP+. And with its Xeon D-2123IT 4c/8t it’s beefy enough for anything you throw at it.
Another really nice feature is the dedicated IPMI port which removes the need to ever plug a monitor into this bad boy.
Conclusion
I am really happy how the whole process went and OPNSense plays very well with the hardware. Every update went fine, and I always felt good knowing I’d be able to remote into the machine without plugging a display n it.
Maybe the machine is a bit overpowered for my “home-use”, but at least I’m sure I’ll never need to be worried about a bottleneck for my WireGuard VPN tunnels.
IPMI was also great for first time setup as you can mount an ISO remote via the IPMI which eliminates the need of flashing an installer to a flash drive.
PS: 32 Gigs of memory are way too much for a lab firewall ;)