ZenArmor. It integrates nicely with Opnsense and offers all of the features that I was looking for.
ZenArmor. It integrates nicely with Opnsense and offers all of the features that I was looking for.
I run a pretty hefty home lab, so my costs are fairly high compared to some.
Overall: $155/mo
I’m a Sysadmin, so my names are purely functional:
host-pmx-01 through 03, my 3 node Proxmox cluster
vm-[SERVICE], optional 01-03 if needed
ct-[SERVICE], for LXC containers
It makes it easy to reference things via DNS for service discovery.
Average load for me is about 750W. I run my desktop from one of the UPS units in my rack, so when that’s on it sits around 1.1kW.
The 750W load is across 4 rack servers(1 is the NAS with 12 disks) and 3 switches.
Unless someone has physical access to the ports/switch that the traffic flows through, they would not be able to see anything besides broadcast/multicast traffic if they were just snooping with Wireshark. The internal switch of proxmox and any hardware switch you have will forward unicast traffic to the ports those Mac's reside on, so without port mirrors setup, no one but you should be able to see that traffic.
Between 3 switches, 4 servers, and my desktop also using one of my UPS units, I average about 850w, with peaks up to 1.1kw when my desktop is running. Luckily, electricity where I live is only 13cents/kwh.
It’s been done to death because memes from Australia will kill you…
I expose quite a few services to the web, so having that extra layer of protection is nice. And it allows me to control what leaves my network from an application perspective, not just TCP/UDP