When designing or selecting an all-in-one network appliance, it’s crucial to understand both the hardware specifications and the costs associated with the solution. For some users, commercial off-the-shelf (COTS) appliances are ideal, while others may require a highly customizable solution that can handle a wider variety of tasks.

In this post, we’ll compare popular network appliances against our custom-built appliance that can handle the following roles:

  • Firewall
  • DNS Filter
  • VPN Server
  • XDR (Extended Detection and Response)
  • IDS/IPS (Intrusion Detection/Prevention Systems)
  • SIEM (Security Information and Event Management)
  • MDM (Mobile Device Management)
  • Web Server
  • Web Server Scanner
  • Software Management Server
  • WLAN Controller
  • Image Deployment Server
  • Backup Server
  • Cloud Document Manager

Let’s explore and compare four popular commercial appliances alongside our custom-built appliance.

1. Ubiquiti Unifi Security Gateway (USG)

Overview: A budget-friendly option for home or small business networks requiring basic firewall, VPN, and routing functions.

  • CPU: ARM Cortex-A9 Dual-Core (1 GHz)
  • RAM: 1 GB
  • Storage: 256 MB Flash
  • Network Interfaces: 3 x Gigabit Ethernet Ports (WAN + LAN + LAN)
  • Power: 12V DC (max 5W)
  • Cooling: Passive cooling

Cost:

  • Device: ~$120 USD
  • Licensing: Free (UniFi Controller software is free)

Strengths:

  • Great for basic security, VPN, and network management tasks.
  • Easy to deploy and integrate into the UniFi ecosystem.

Limitations:

  • Limited processing power for complex tasks like IDS/IPS, XDR, or SIEM.
  • Limited storage for logging and performance tracking.

2. pfSense SG-3100

Overview: A flexible firewall and VPN appliance that’s perfect for SMBs, featuring pfSense open-source software for comprehensive networking features.

  • CPU: ARM Cortex-A15 Quad-Core (1.2 GHz)
  • RAM: 4 GB
  • Storage: 8 GB eMMC
  • Network Interfaces: 4 x Gigabit Ethernet Ports (2 WAN + 2 LAN)
  • Power: 12V DC (max 12W)
  • Cooling: Passive cooling

Cost:

  • Device: ~$299 USD
  • Licensing: Free (pfSense is open-source; premium support available for ~$199/year)

Strengths:

  • Good performance for firewall, VPN, and routing.
  • Flexible platform supporting IDS/IPS and XDR with add-ons.

Limitations:

  • Not optimized for more resource-intensive roles like SIEM, MDM, or Web Server.
  • Requires more technical expertise for setup and maintenance.

3. Cisco Meraki MX84

Overview: A cloud-managed security appliance offering advanced security and network management features ideal for medium to large enterprises.

  • CPU: Intel Celeron Dual-Core (2.0 GHz)
  • RAM: 8 GB
  • Storage: 16 GB Flash
  • Network Interfaces: 10 x Gigabit Ethernet Ports (8 LAN, 2 WAN)
  • Power: 100-240V AC
  • Cooling: Active cooling

Cost:

  • Device: ~$799 USD
  • Licensing: ~$400/year for cloud-based management and security updates

Strengths:

  • Comprehensive cloud-based management.
  • Strong Firewall, VPN, and IDS/IPS support.
  • XDR features included in the Meraki subscription.

Limitations:

  • High initial cost and annual licensing.
  • Not designed to support heavy server functions (e.g., Web Server, Backup Server).

4. Protectli Vault 4

Overview: A highly customizable appliance that can run a variety of open-source software platforms such as pfSense, OPNSense, and VyOS.

  • CPU: Intel Celeron J3160 Quad-Core (1.6 GHz)
  • RAM: 8 GB
  • Storage: 120 GB SSD (expandable)
  • Network Interfaces: 4 x Gigabit Ethernet Ports (2 WAN, 2 LAN)
  • Power: 12V DC (max 12W)
  • Cooling: Passive cooling

Cost:

  • Device: ~$239 USD
  • Licensing: Free (supports open-source software, but optional premium support is available)

Strengths:

  • Flexible and customizable, perfect for running multiple network services.
  • Expandable storage and memory to support multiple roles such as Firewall, VPN Server, XDR, and more.

Limitations:

  • Requires more technical expertise to deploy and configure all the services.
  • No cloud management, which could be a drawback for businesses that prefer centralized monitoring.

5. Custom-Built Network Appliance (DIY)

Overview: For those who want a truly customizable solution that is packed neatly into a single hardware device, a self-built network appliance can handle all the tasks you need and more. By selecting your own hardware components, you can tailor the appliance to your specific requirements, whether for a small business or an enterprise-level deployment.

Suggested Hardware Components:

  • CPU: Intel Atom C3758R (or higher, depending on the use case)
  • RAM: 8 GB DDR4 (or higher, depending on the use case)
  • Storage: 2x500 GB SSD (with redundancy, such as RAID-1 for reliability)
  • NICs: Multiple 1GbE/10GbE NICs (depending on the number of interfaces needed)
  • Power: 25W+ PSU (depending on hardware specifications)
  • Cooling: Passive or Active (for better thermal performance) cooling.

Software Stack:

  • Firewall: pfSense or OPNSense
  • DNS Filter: Pi-hole or Unbound
  • VPN Server: OpenVPN, WireGuard, or IPsec
  • XDR: Suricata or Wazuh for network monitoring
  • IDS/IPS: Snort, Suricata, or Wazuh
  • SIEM: ELK Stack (Elasticsearch, Logstash, Kibana) or Wazuh
  • MDM: Munki (iOS) or Waydroid (Android)
  • Web Server: Apache or Nginx
  • Web Server Scanner: Nikto, OpenVAS
  • Software Management Server: Chocolatey or Foreman
  • WLAN Controller: Unifi or OpenWRT
  • Image Deployment Server: Cobbler or FOG Project
  • Backup Server: Bacula or Kopia
  • Cloud Document Manager: Nextcloud or Paperless NGX

Cost Breakdown:

  • Hardware (Custom Build): $200+ (depending on specifications)
  • Licensing: Free (open-source software, no licensing fees for the software stack, though optional commercial support for specific tools may incur additional costs)

Comparison Table: All-in-One Solutions vs. Custom-Built Appliance

Feature Ubiquiti USG pfSense SG-3100 Cisco Meraki MX84 Protectli Vault 4 Custom-Built Appliance
Firewall Basic Advanced Advanced Advanced Highly Customizable
DNS Filter No No No No Yes
VPN Server Yes Yes Yes Yes Yes
XDR No No Yes No Yes
IDS/IPS No Yes Yes Yes Yes
SIEM No No No No Yes
MDM No No No No Yes
Web Server No No No No Yes
Web Server Scanner No No No No Yes
Software Management No No No No Yes
WLAN Controller No No No Yes Yes
Image Deployment No No No No Yes
Backup Server No No No No Yes
Cloud Document Manager No No No No Yes

Conclusion

Ultimately, the choice was obvious to us after considering the specific needs and budget. Plus, it’s good to challenge yourself occassionally. It is especially rewarding if you’ve never seen it done before.

As always, don’t be afraid to Be The Change!

<
Previous Post
Step 1: Determining Hardware Requirements
>
Blog Archive
Archive of all previous blog posts