Hi All! I’m Finally settling into the house and getting some networking figured out. Not really too much in tune with the midrange options out there. I’m used to either an off the shelf router/AP handling internet and the lab side had a port forward to a VPN server or MX/Palo Alto/F5/Avaya VSP or ERS/Aruba.(Which sadly I don’t have the budget to acquire or power an MX at 14kw haha). I sold off my last set of lab gear before the move, so I’m starting fresh with the exception of a couple of ICX6610s and ICX7750-26Qs

Current plan would bring in a 10gb fiber handoff from the ISP into a ICX6610 stack that would handle all of the edge devices (APs, VOIP, Cameras, IOT, PCs) Looking at Aruba IAPs for WiFi. I’d use the 40gb ports as a trunk to the ICX7750s as TOR switches. That would leave a bunch of 10gb ports for the FW to connect into. I could handle most of the internal routing in the switches via ACLs. That would leave NAT/FW duties to square away.

On the FW side I’m not sure what could handle a 10gb handoff, and a couple hundred megs of VPN traffic? Appliances are nice, some of the Palo Alto/Juniper boxes are dirt cheap on ebay. With no support I’d stuck on whatever OS version is on it, feature wise I think I’d be fine. Anyone running a JunOS 12 or PAN-OS 8 box in production still? (I’m assuming these can do NAT, I’ve never had to try that though)

I think OPNSense/PfSense/VyOs would cover FW/NAT needs, if I could find a decent config to run it on?

Any options I’m missing? Any FW build recommendations out there? (I’ve seen a bunch of stuff spit-balled but not really any I built x and it performed y kinda posts)

TLDR: Any 10gb FW builds out there, or anyone running OOS PA/Juniper boxes for their networks?

Thanks!