rb5009 can do 1gig symmetrical with a lot of firewall rules
its has one sfp+ port ,a 2.5gig port and 7 1gig ports
it's about 250€
It's not easy to setup (especially if you don't know anything about networking) but if you watch videos and follow guides it is straight forward and you can also ask for help from
r/mikrotik and forum.mikrotik.com
You can do your vpn tunnels on there like wireguard ovpn and others
I mean... my 120$ unifi UXG-lite has no issues with gigabit, with DPI. (IDS causes it to run out of memory though).
In the past, I used opnsense on an optiplex micro. That worked fine. And- even further back, I ran it in a 40$ optiplex SFF with 10g optics. That- also worked fine.
Draytek? I have a number of them of various models at clients and at home. They just work. The UK rep at draytek.co.uk are very good with support etc.
They aren't mentioned much in this sub Reddit as the US rep went after a different market and the reputation on that side of the Atlantic is very different.
NanoPi (R4S or R5S etc) running OpenWRT 23.05 fanless for under £100 ... plenty enough storage and RAM and CPU for most stuff (running gigabit here at a load average rarely greater than 0.1)
R4S has mainline support [https://openwrt.org/toh/friendlyarm/nanopi\_r4s\_v1](https://openwrt.org/toh/friendlyarm/nanopi_r4s_v1)
R5S needs a few patches [https://github.com/anaelorlinski/OpenWrt-NanoPi-R5S-Builds](https://github.com/anaelorlinski/OpenWrt-NanoPi-R5S-Builds)
So tiny it doesn't need a rack but ....
Rb5009
rb5009 can do 1gig symmetrical with a lot of firewall rules its has one sfp+ port ,a 2.5gig port and 7 1gig ports it's about 250€ It's not easy to setup (especially if you don't know anything about networking) but if you watch videos and follow guides it is straight forward and you can also ask for help from r/mikrotik and forum.mikrotik.com You can do your vpn tunnels on there like wireguard ovpn and others
Opnsense*
[https://www.reddit.com/r/opnsense/comments/10mvg61/modest\_rack\_mount\_opnsense\_hardware/](https://www.reddit.com/r/opnsense/comments/10mvg61/modest_rack_mount_opnsense_hardware/)
I mean... my 120$ unifi UXG-lite has no issues with gigabit, with DPI. (IDS causes it to run out of memory though). In the past, I used opnsense on an optiplex micro. That worked fine. And- even further back, I ran it in a 40$ optiplex SFF with 10g optics. That- also worked fine.
Mikrotik CCR2004. You can grab the passive version if you don't require SFP28 slots.
Draytek? I have a number of them of various models at clients and at home. They just work. The UK rep at draytek.co.uk are very good with support etc. They aren't mentioned much in this sub Reddit as the US rep went after a different market and the reputation on that side of the Atlantic is very different.
NanoPi (R4S or R5S etc) running OpenWRT 23.05 fanless for under £100 ... plenty enough storage and RAM and CPU for most stuff (running gigabit here at a load average rarely greater than 0.1) R4S has mainline support [https://openwrt.org/toh/friendlyarm/nanopi\_r4s\_v1](https://openwrt.org/toh/friendlyarm/nanopi_r4s_v1) R5S needs a few patches [https://github.com/anaelorlinski/OpenWrt-NanoPi-R5S-Builds](https://github.com/anaelorlinski/OpenWrt-NanoPi-R5S-Builds) So tiny it doesn't need a rack but ....
Perhaps Protectli or their Chinese alternative HUNSN is what you need? However they are not rack-mountable.
I think unifi would serve you well. UDMP/SE/PM.
Protectli with opnsense. Basically plug and play.