CosmicRangerNov 2

OPNsense Bare Metal vs Virtualization

https://sh.itjust.works/post/49034430

OPNsense Bare Metal vs Virtualization - sh.itjust.works

Looking for some advice / recommendations / considerations on running OPNsense on bare metal vs virtualized, and if virtualized how best to do so. I currently have OPNsense running bare metal on a Protectli FW6E Vault, with the following specs: - Intel i7-8550U CPU @ 1.80GHz - 120GB mSATA (1% utilization) - 16GB RAM (6.5% utilization) - 6 Gigabit Ethernet NIC ports The Vault running OPNsense is the primary firewall and router, any wireless devices connect through a dumb AP running OpenWRT. Connected over Ethernet I have a RPi running HomeAssistant OS (would probably also move to virtual if that’s the chosen direction) as well as a TrueNAS setup. How much of a performance hit would be expected running in some sort of container vs the current bare metal setup? Are there any other concerns with running the main firewall / router virtually vs bare metal to take into account?

Show threadpercentNov 2

I went with a dedicated mini PC with one of those motherboards that are designed for building a network appliance. It has been running very smoothly for a few years, and I just log in occasionally to run system updates.

I want my Internet connection to continue working, regardless of my tinkering with home server stuff.

Show threadlornosaj
Can you tell more about hardware/mini PC you have?
Nov 2 at 11:04pmWeb
Show threadpercentNov 3

Sure! It’s completely solid-state; no fans or other moving parts. The case is designed to dissipate the heat. The CPU is some low-power Intel Pentium. I don’t remember exactly which model.

I ordered a pre-built one from Protectli because I needed it fast, but you can save quite a bit if you prefer to build one. These little motherboards and cases can be found pretty easily online.

Show threadlornosajNov 3
Ill check out Protectli, thanks!
Show threadpercentNov 3

I just found my order confirmation email. Mine is model FW4C (now superseded by the V1410). Purchased almost two years ago.

I’m very satisfied with mine. Nearly 100% uptime, except for occasional reboots after major system updates.

Protectli Vault FW4C - 4 Port Intel® J3710, 2.5G NICs - Protectli EU Store

FW4C: 4-Port firewall micro appliance/mini PC, built to run open-source software. Includes EU-based support & 30-day money back guarantee.

Protectli EU