Building a 10Gbps Home Firewall on a Budget
HP t730 Thin Client repurposed as a 10Gbps home firewall with dual SFP+ ports.
Transforming an old HP t730 Thin Client into a dedicated 10Gbps home firewall is both practical and cost-effective. With pfSense as the operating system, a dual-port 10GbE NIC, and proper network configuration, you can achieve multi-gigabit routing performance without investing in expensive enterprise hardware.
Hardware Breakdown
Below is a structured table with the components used in this build along with their specifications and costs:
| Component | Specifications & Role | Price (USD) |
|---|---|---|
| HP t730 Thin Client | AMD RX-427BB 2.7GHz, 12GB RAM, 64GB M.2 SATA. Repurposed as the core system; available used for a great price. | ~$50 |
| 64GB DDS M.2 SATA | Storage upgrade to support pfSense installation and logging. | ~$19 |
| 10Gb NIC Network Card (X520-DA2) | Dual SFP+ ports based on the 82599 chipset. Enables 10GbE connectivity on both WAN and LAN. | ~$24 |
| ONTi 10G RJ45 Copper SFP+ Module | 10GBase-Tx Ethernet module; provides flexibility if connecting to copper 10G infrastructure. | ~$19 |
| JDSU 10Gb SFP+ Module | Multimode 300m MM Duplex SFP+ Transceiver LC for fiber links or DAC connections. | ~$3.65 |
Total Build Cost: Approximately $116
Setting Up pfSense on the t730
-
Install the 10GbE NIC:
Open the t730’s case and insert the low-profile dual-port 10Gb NIC into the available PCIe slot. No extra power connections are needed, and the unit’s power supply handles the additional load. -
Boot and Install pfSense:
Create a bootable USB with the pfSense installer. Boot the thin client from USB and install pfSense on the internal storage. Intel/Chelsio drivers (likeixgbefor Intel) ensure the dual SFP+ ports are recognized. -
Interface Assignment:
Assign one SFP+ port as WAN and the other as LAN. Optionally, reserve the onboard Gigabit NIC for management. Configure basic IP settings, DHCP, and firewall rules through the pfSense web interface.
Leveraging SFP+ and VLANs for 10Gb Performance
Using SFP+ modules and VLAN configurations maximizes the benefits of the 10GbE setup:
-
Flexible Connectivity:
Use DAC cables for short runs or install compatible transceivers if linking to a fiber or copper 10G network. One port can connect to your upstream modem/switch while the other handles LAN traffic. -
VLAN Trunking:
Define multiple VLANs (e.g., Home, IoT, Guest) on the LAN port. This allows a single 10G physical link to carry segmented traffic, with your managed switch handling intra-VLAN transfers at line rate. -
Optimized Routing:
pfSense’s advanced settings—such as enabling hardware offloading for supported NICs and fine-tuning CPU performance (using “PowerD” in hiadaptive mode)—help maximize throughput even when routing between VLANs.
Performance Validation with iperf3
Comprehensive iperf3 testing confirms the system’s capabilities:
-
Gigabit Line Rate:
Basic tests show the t730 easily handles ~940 Mbps on standard gigabit links. -
Multi-Gigabit Throughput:
Using multiple parallel streams, throughput reached approximately 1.7–2.0 Gbps in test scenarios. With optimal hardware on both ends, further scaling up to 3–6 Gbps is realistic for sustained flows. -
VPN Performance:
With AES-NI acceleration, pfSense handled an IPsec tunnel at around 800 Mbps—far exceeding what many pre-built consumer routers can achieve.
These results are consistent with industry benchmarks for repurposed hardware running pfSense and underline the effectiveness of the DIY approach.
Cost Comparison: DIY vs. Pre-Built Solutions
| Solution | Key Features | Approximate Cost (USD) |
|---|---|---|
| DIY HP t730 Firewall | Fully customizable pfSense router with dual 10GbE SFP+ ports and advanced features. | ~$116 |
| UniFi Dream Machine Pro | All-in-one appliance with integrated switch, controller, and 10GbE SFP+ WAN port. | ~$379 |
| Netgate Official Appliance | Enterprise-grade appliance with higher performance and vendor support. | ~$600–700 |
The DIY build offers substantial savings (up to 75%) while providing multi-gigabit throughput and the flexibility to customize advanced firewall and routing settings.
Advantages and Considerations
Advantages:
-
Cost-Effective:
Achieve high-performance 10Gb routing at roughly one-third the price of pre-built solutions. -
Flexibility and Customization:
Full control over network configuration and package installation via pfSense. -
Educational Experience:
Gain hands-on expertise in networking, hardware repurposing, and system optimization.
Considerations:
-
DIY Setup Effort:
Requires assembling hardware, installing pfSense, and initial troubleshooting. -
Thermal Management:
The compact t730 may need additional cooling for sustained 10Gb traffic. -
No Vendor Support:
Reliance on community support and self-troubleshooting is required, unlike commercial solutions with warranties.
Conclusion
By repurposing an HP t730 Thin Client and installing pfSense, you can build a robust 10Gbps home firewall that delivers impressive routing, VPN, and VLAN performance—all for roughly $116. While not a plug-and-play solution like the UniFi Dream Machine Pro, this DIY build offers a level of customization and cost savings that appeals to networking enthusiasts and home lab operators alike.
