ha-wirelesscontrol-migration/HARDWARE_BUYING_GUIDE.md

OPNsense Hardware Buying Guide

🛒 Recommended Purchase: Protectli VP2420

Why This Model?

• Perfect for gigabit internet with DPI/IDS/IPS
• Future-proof with 2.5GbE ports
• Expandable RAM (8GB → 32GB)
• Low power (6-10W, fanless, silent)
• Excellent support from Protectli
• Coreboot firmware (extra security)
• Made for 24/7 operation

Specifications

CPU:     Intel Celeron J6412 (4 cores, 2.0 GHz)
RAM:     8GB DDR4 (upgradeable to 32GB)
Storage: 256GB M.2 SSD
Network: 4x Intel i226-V 2.5GbE
Power:   6-10W (passive cooling)
Size:    Small, fanless, silent

Performance Capabilities

• ✅ 1 Gbps throughput with Zenarmor DPI
• ✅ Suricata IDS/IPS + Zenarmor simultaneously
• ✅ ntopng network monitoring
• ✅ Months of detailed logs
• ✅ VPN server (WireGuard/OpenVPN)
• ✅ Multiple VLANs for network segregation

Where to Buy

Option 1: Protectli Direct (Recommended)

Website: https://protectli.com/product/vp2420/

• Price: ~$429 (8GB RAM, 256GB SSD)
• Shipping: Usually 3-5 business days (US)
• Support: Excellent US-based support
• Warranty: 1-year standard, 3-year available
• Customization: Can upgrade RAM/SSD before shipping

Configuration Options:

• 8GB RAM / 256GB SSD: $429
• 16GB RAM / 256GB SSD: $479
• 32GB RAM / 512GB SSD: $579

Recommended: 8GB / 256GB (sufficient for home use)

Option 2: Amazon

Search: "Protectli VP2420"

• Price: ~$450 (varies)
• Shipping: Amazon Prime (2 days)
• Support: Through Protectli
• Returns: Amazon's easy returns

Pros: Faster delivery, easy returns
Cons: Slightly higher price, limited configuration

Alternative Hardware Options

Budget Option (~$250): Qotom Q555G6

Specs:

• CPU: Intel Celeron J4125 (4 cores, 2.0-2.7 GHz)
• RAM: 8GB DDR4
• Storage: 128GB mSATA
• Network: 4x Intel i225-V 2.5GbE
• Performance: 1 Gbps with Zenarmor Free/Home

Where: Amazon, AliExpress
Price: $220-280
Caveat: Less support, longer shipping from China

Good for: Tight budgets, tech-savvy users

Premium Option (~$750): Protectli VP4650

Specs:

• CPU: Intel Core i5-1235U (10 cores, up to 4.4 GHz)
• RAM: 16GB DDR4 (up to 64GB)
• Storage: 512GB M.2 NVMe
• Network: 6x Intel i226-V 2.5GbE
• Performance: Multi-gigabit with full Zenarmor Business

Good for:

• Multi-gigabit internet (2.5G+)
• Running many services (Suricata + Zenarmor + VPN + more)
• Future-proofing for 10+ years
• Small business use

Overkill for: Most home networks under 1 Gbps

📦 What's Included

In the Box:

• Protectli VP2420 unit
• Power adapter (12V)
• VESA mount kit
• Quick start guide
• WiFi antennas (if configured)

NOT Included:

• Monitor (only needed for initial setup, then headless)
• Keyboard (only for initial setup)
• Ethernet cables (use existing)

Initial Setup Requirements:

1. Monitor (HDMI) or laptop for console access
2. USB keyboard (for initial config)
3. Ethernet cable to modem/switch
4. ~30 minutes of time

After initial setup, manage entirely via web interface (no monitor needed).

💳 Total Cost Breakdown

Hardware: Protectli VP2420

• Device: $429 (8GB/256GB from Protectli)
• Shipping: Free (usually)
• Tax: Varies by state
• Total Hardware: ~$430-460

Software: Zenarmor

• OPNsense: FREE (open source)
• Zenarmor Free: $0 (limited features)
• Zenarmor Home: $59/year (recommended)
• Zenarmor Business: $149/year (overkill for home)

First Year Total:

• Hardware: $430
• Zenarmor Home (Year 1): $59
• Total: $489 first year
• Then: $59/year ongoing

5-Year Total Cost of Ownership:

• Hardware: $430 (one-time)
• Zenarmor: $59 × 5 = $295
• Total: $725 over 5 years
• Monthly: $12.08/month

🆚 Cost Comparison

Commercial Parental Control Services:

Qustodio Premium:

• $138/year for up to 15 devices
• 5 years: $690
• Does NOT include router/firewall

Net Nanny:

• $90/year for 1 device, $140/year for unlimited
• 5 years: $700
• Does NOT include router/firewall

Circle Home Plus:

• $130 device + $10/month subscription
• 5 years: $730
• Basic features compared to Zenarmor

OPNsense + Zenarmor:

• $725 over 5 years
• Includes enterprise firewall
• Includes network security (IDS/IPS)
• Includes traffic analysis
• More features than commercial services

Winner: OPNsense for same cost, more features!

⚡ Quick Buy Decision Guide

Buy VP2420 If:

• ✅ Internet ≤ 1 Gbps (most homes)
• ✅ Want to run Zenarmor + Suricata
• ✅ Planning to use VPN
• ✅ Need reliable 24/7 operation
• ✅ Value excellent support

Buy Budget (Qotom) If:

• ✅ Budget is critical ($250 vs $430)
• ✅ Internet ≤ 500 Mbps
• ✅ Okay with less support
• ✅ Comfortable troubleshooting

Buy Premium (VP4650) If:

• ✅ Internet > 1 Gbps (2.5G+ fiber)
• ✅ Running many services
• ✅ Small business use
• ✅ Want maximum future-proofing

Don't Buy Any If:

• ❌ Happy with basic MAC blocking
• ❌ Don't need application visibility
• ❌ OpenWRT limitations are acceptable
• ❌ $0 budget is absolute requirement

🚚 Delivery Timeline

Protectli Direct:

• Order Processing: 1-2 business days
• Shipping: 3-5 business days (US)
• International: 7-14 days
• Total: 1 week domestic

Amazon:

• Prime: 2 days
• Standard: 5-7 days
• Total: 2 days - 1 week

AliExpress (Budget Options):

• Shipping: 2-4 weeks
• Customs: May add delays
• Total: 3-6 weeks

📋 Pre-Purchase Checklist

Before ordering, ensure you have:

• Measured available space (device is ~6" × 4" × 1")
• Confirmed power outlet near router location
• HDMI monitor for initial setup (or laptop for serial console)
• USB keyboard for initial setup
• Ethernet cables (CAT6 recommended for 2.5GbE)
• Budget approved ($430 + $59/year)
• Spouse/partner on board with purchase 😊

🔧 What to Do When It Arrives

Day 1: Unboxing & Setup

1. Connect: HDMI monitor, keyboard, power, ethernet to modem
2. Boot: Install OPNsense (30 minutes)
3. Configure: Basic WAN/LAN settings (30 minutes)
4. Test: Verify internet works (10 minutes)

Day 2: Advanced Config

5. Install: Zenarmor plugin (15 minutes)
6. Setup: Zenarmor trial (15 days free) (30 minutes)
7. Configure: Basic parental policies (2 hours)

Day 3: Home Assistant

8. Install: OPNsense HA integration via HACS (30 minutes)
9. Setup: API keys and entities (1 hour)
10. Test: Device tracking and controls (1 hour)

Day 4-7: Optimization

11. Monitor: Watch usage patterns
12. Adjust: Fine-tune policies
13. Test: Verify all features working
14. Deploy: Set Archer AX72 Pro to AP mode

🎁 Bonus: What Else You Can Do

Once you have OPNsense running:

• VPN Server: Access home network remotely (WireGuard)
• Guest Network: Isolated WiFi for visitors
• IoT VLAN: Segregate smart home devices
• Ad Blocking: Network-wide ad blocking (AdGuard)
• DNS over HTTPS: Privacy-enhanced DNS
• Traffic Shaping: QoS for video calls
• Intrusion Detection: Suricata IDS/IPS
• Network Monitoring: ntopng analysis

All included FREE with OPNsense!

📞 Support Resources

Protectli Support:

• Email: support@protectli.com
• Phone: (720) 339-9885
• Hours: Mon-Fri 9 AM - 5 PM MT
• Response: Usually < 24 hours

OPNsense Community:

• Forum: https://forum.opnsense.org/
• Documentation: https://docs.opnsense.org/
• Reddit: r/OPNsenseFirewall

Zenarmor Support:

• Forum: https://forum.opnsense.org/index.php?board=76.0
• Email: Via Zenconsole portal
• Documentation: https://www.zenarmor.com/docs/

✅ Final Recommendation

Buy the Protectli VP2420 for $430

It's the sweet spot for:

• ✅ Performance (handles gigabit + DPI)
• ✅ Price ($430 vs $750 premium)
• ✅ Support (excellent from Protectli)
• ✅ Reliability (designed for 24/7)
• ✅ Future-proofing (expandable to 32GB RAM)

Order from: Protectli.com (best support) or Amazon (faster delivery)

Add: Zenarmor Home Edition trial (free for 15 days, then $59/year)

Result: Enterprise-grade parental control system for your 3 kids!

---

Ready to order? Visit https://protectli.com/product/vp2420/

---

This guide is specifically tailored for a household with 3 children (ages 14-17) and 22 devices needing comprehensive parental controls.