One Year With a $290 AliExpress Firewall: Lessons From the Homelab

A while back I came across someone’s write-up of a 1U firewall appliance they’d picked up from AliExpress for $290. Intel N100, four 2.5G Intel i226-V ports, a PCIe slot for SFP+ modules. Runs pfSense. One year on, they reported zero freezes, zero reboots, quiet as you like, cool enough in a home office with no air conditioning.

That last detail stuck with me. No AC and it just keeps going. That’s the kind of reliability review I actually trust, because nobody’s trying to sell you anything.

The hardware itself is interesting. The N100 is one of those chips that makes you reconsider assumptions about what “low power” means. Four cores at a 6W TDP, and apparently capable of pushing 4.5 to 5 gigabits through WireGuard without breaking a sweat. Someone in the comments pointed out they were worried it wouldn’t handle their 5Gbps fibre connection. The short answer is: it probably would, depending on how many inspection rules you’re throwing at it. pfSense’s main limitation here is that it’s largely single-threaded, so raw core count doesn’t help you as much as clock speed does. Worth knowing before you spec anything up.

The tips buried in the original post are the genuinely useful part, and they’re the kind of thing nobody tells you until you’ve already made the mistake. First: buy the smallest fast NVMe you can find. pfSense doesn’t need storage. It needs fast storage in small quantities. Someone else mentioned buying a 512GB drive for a Pi-hole box and feeling a bit silly about it afterwards. I understand that feeling completely. There’s a reflex in IT to overbuy on storage, because historically running out of disk space was a disaster. For a dedicated network appliance, that reflex is wrong. Second: 2GB of RAM is enough. Don’t buy 8GB. The box isn’t doing anything that needs it.

I don’t currently run pfSense at home. I have a router doing the basics and I’ve told myself for about two years that I’ll get around to something more serious. I won’t pretend that’s a coherent plan. It’s just inertia dressed up as patience. But posts like this make me think about it more concretely, because the barrier is genuinely low now. A couple of hundred dollars, a Saturday afternoon, and you’ve got proper VLAN support, a real firewall, and something you actually understand and control.

There’s something quietly satisfying about that. Not in a prepper way, not in a “the cloud is coming for us all” way. Just the straightforward satisfaction of owning your own infrastructure, at least the bit between the wall and your devices. The ISP modem does what it does. Everything behind it can be yours.

The discussion around the post got into whether these boxes are sufficient for higher-end fibre connections, and the honest answer seems to be: for most people, yes, with caveats. If you’re running deep packet inspection on a 5Gbps symmetric connection, you probably need to think more carefully. If you’re running a home office in Melbourne’s outer suburbs on a 100/20 NBN connection and mostly want proper network segmentation and something that isn’t the ISP’s default firmware, this kind of hardware is more than enough. Which describes a lot of us.

The only thing that gave me pause was the SFP+ performance note. Even with two 10G ports, real-world throughput through pfSense tops out around 4 to 6Gbps because of that single-threaded constraint. That’s not a dealbreaker for home use, but it’s worth being clear-eyed about what you’re actually buying versus what the spec sheet implies.

For $290 from AliExpress, one year of silent, stable operation is a pretty strong result. I’ve paid more for hardware that lasted less.