In The Lab: 6-port $3,000 pfSense Box

We recently posted a video on the Lenovo ThinkEdge SE50 on our TikTok account that went over swimmingly well. We received numerous comments revolving around using the SE50 as a pfSense router. The notion is widely unpractical, given the cost of the SE50 (it starts around $2500 US). But the system does have a lot of ports in a tiny, rugged box. So, we listened to our social media audience and went ahead and configured pfSense on the ThinkEdge SE50 to act as a firewall for our network.

We recently posted a video on the Lenovo ThinkEdge SE50 on our TikTok account that went over swimmingly well. We received numerous comments revolving around using the SE50 as a pfSense router. The notion is widely unpractical, given the cost of the SE50 (it starts around $2500 US). But the system does have a lot of ports in a tiny, rugged box. So, we listened to our social media audience and went ahead and configured pfSense on the ThinkEdge SE50 to act as a firewall for our network.

What is pfSense and why the SE50?

For those not entirely sure what pfSense is, it is a FreeBSD software-defined firewall solutionthat can be downloaded to a device and used on a network. This software is completely free to use and is really simple and easy to install. PfSense is available as a productized offering that includes the software and support. But for our purposes, and why it’s so popular in homelab circles, we downloaded the latest free image to get rolling. The license costs nothing and the feature set is unrestricted, making pfSense the perfect playground for security and network practitioners.

If you haven’t checked out the full review of the ThinkEdge SE50, you can check it out here. To recap the important parts as to why we can do this: the ThinkEdge SE50 is one of the most versatile IoT machines pushed out by Lenovo. The uses on the SE50 range from what we are doing now, with simply installing pfSense, all the way to smart manufacturing within a warehouse. With the explosion in IoT sensors and other rugged-edge computing needs, the SE50 is a fantastic option.

The SE50 that was sent to us has an Intel Core i7-8665UE, Integrated Graphics, two 16GB SO-DIMM DDR4-2400, and a 256GB SSD. Importantly our system has the optional Intel I350-T4, 4x RJ-45 add-in card, in addition to the two onboard Realtek RTL8119i, 2x RJ-45. With these specs, pfSense doesn’t have any problems being configured on the SE50.

The hardware requirements for using pfSense is relatively simple, you need two network ports (the community prefers Intel I-450s, but there are many, MANY more that fit the bill). A CPU that supports AES-NI (and that’s more for future-proofing), and a small amount of RAM (more if you want to do some networking monitoring on tools such as Snort or Suricata).

What is important to note is what type of network the SE50 will be deployed on. If the SE50 was deployed on a homelab network, it just becomes complete overkill, but entertaining, for that type of environment. If it was being deployed in a small-to-medium business then it might be justified to have a machine like the SE50 in place.

The big thing to remember though is that the specifications of the machine that is being configured with pfSense aren’t as important as getting it configured correctly. If there is going to be a lot of data and traffic coming through a network, then having a high-end machine like the SE50 may be necessary to filter and protect the rest of the network.

Setting up pfSense on the SE50

The setup process for pfSense is really simple and easy to follow. If the setup does get confusing, there are a variety of videos that detail how to set it up. Some of the main steps that we followed: Setting up a USB installer. Plugging it into the SE50 along with a display and keyboard. Following the quick prompts for initial configurations, and then setup finished. We went with the default everything in terms of setup and configurations for pfSense.

Setting up pfSense in itself isn’t difficult, but putting any new router into service does present some logistics challenges. Since the way that you are supposed to set up pfSense is to completely replace the current router and put the machine that is configured with pfSense in its place.

We weren’t able to completely replace our current router because of the number of devices and VMs that we had set up on our current network. So what we had to do was plug the port that is supposed to be a WAN into our existing network to be served an IP address from our local DHCP server. This caused a double NAT situation on our network, essentially creating a network inside our current network. This isn’t that big of a deal for our testing purposes, however, this method of deployment isn’t the most ideal for most environments.

If you are to set this up in a fresh environment, it won’t be this challenging since your machine would just completely replace your current router. Throughout the trouble that we did have, we had to change the port that we were using.

Initially, we had our LAN port in one of the Intel ports on the SE50, and then connected directly to a laptop via Ethernet, but that wasn’t working. However, what did eventually work was when we physically switched to the next port for plugging in the laptop. Most of this was self-inflicted as by default pfSense needs one WAN and one LAN port, and we had six we needed to guess which was which.

Once we were able to get connected into the pfSense dashboard, which is as simple as typing in the IP address that the machine is set on, everything went smooth from there.

In terms of testing the SE50 as a pfSense router, flowing our 300Mb service through it won’t exactly saturate the CPU. To get a feel for the monitoring capabilities, we opened up YouTube and put on a video at 1080p so we could monitor the network through the traffic graph on pfSense. We saw small network spikes while the video was playing, showing the notebook pulling down cached segments of the video.

Watching a video alone might not take up to much, so what we did next was download Ubuntu, just so we could have more traffic run through the SE50. We also opened up a couple of other tabs with videos playing on those just to see what would happen.

The ThinkEdge SE50 was able to handle any traffic that we were putting through it, while at the same time, taking little to no system resources. Nothing was being stretched in terms of CPU usage, or RAM.

Conclusion

Setting up pfSense is really easy to do, there’s a reason why it’s so wildly popular in the home lab. Everything was straightforward for us once we were able to get past our initial problem of trying to get into the pfSense wizard/dashboard area.

What we did see, however, in terms of our case of using the ThinkEdge SE50, is that this system is completely overkill. Our SE50 comes in right under $3,000, which is pretty expensive since all we did was install pfSense on it. Price tag aside, there isn’t anything that the SE50 wouldn’t be able to handle. The ThinkEdge SE50’s original design is able to handle smart manufacturing in warehouse environments, so there isn’t going to be any problem in setting this up for a home network. But social media wanted us to do this, so we did. You’re all welcome!

When you factor in the price tag, there are plenty of other machines that are available on the market that can run pfSense without any trouble as well. You can take a look at the ThinkCentre M90n-1 Nano, which we reviewed last year. This product is also an IoT machine like the SE50, however, it is more compact and significantly less expensive than the SE50, starting at $359.99. There is also the Netgate 1100 (Netgate sponsors pfSense), that already has pfSense installed on it, and it retails on Amazon right now for $199.99.

As you can see, there are plenty of other options, and we definitely recommend looking at other devices on the market before spending $3,000 on the SE50. The bottom line is, the SE50 is way too much for this task and it’s downright silly to even consider it. That said, is it cool to say that we did it? Yeah, we think so.

Engage with StorageReview

Newsletter | YouTube | Podcast iTunes/Spotify | Instagram | Twitter | Facebook | RSS Feed

Conner Crull

Recent Posts

Samsung 990 EVO Plus SSD Review

The Samsung 990 EVO Plus is a solid choice for those looking to upgrade their storage, especially if you need…

15 hours ago

The Ultimate Nextcloud Server Guide

This article demonstrates building a high-performance, customizable cloud storage server using Ubuntu Server 24.04.1 and Nextcloud Hub 9. It requires…

2 days ago

Flexibility and Efficiency: MiTAC TYAN HG68-B8016 Multi-Node Servers

The MiTAC TYAN HG68-B8016 stands out as a highly flexible platform ideally suited for cloud providers offering tailored server configurations.…

2 days ago

High-Performance Storage and AI Driving Animal Conservation at the Zoological Society of London

High-density storage solutions and advanced AI significantly impact the monitoring, protecting, and understanding of animal populations. (more…)

5 days ago

VergeIO: A High Performance VMware Alternative

The polished VergeIO platform elevates it above alternatives like Proxmox, and it's much more cost-effective and flexible than VMware. (more…)

1 week ago

How Amazon WorkSpaces Meet Today’s Corporate Desktop Challenges

While not all DaaS solutions are created equal, our experience with Amazon WorkSpaces demonstrated its reliability and cost-effectiveness. (more…)

1 week ago