Fendeil: Appliance Cluster

May 17, 2026

The project I'm currently working on in the NOC (Network Operations Centre) at Baarool Lab is the Fendeil: Appliance Cluster, which centres around two Protectli Vault Pro VP4650 Units, in RU 17-16 of the 20U, 600x600mm, Twoaie: Network Rack, that I am in the process of setting up with a Hierarchical or Tiered Topology. This configuration will improve network performance, scalability, and manageability by clearly defining the roles and functions of each layer.

The Appliance Cluster will be configured to function as both an Edge Router and a Perimeter Firewall. This dual functionality will allow (1) effective traffic management, (2) advanced security, (3) high availability and load balancing, (4) stateful inspection.

Hardware

From the outset I wanted to have two appliances running in the Twoaie: Network Rack to provide high availability and redundancy to ensure if one fails, the other can take over without interruption. This setup would also allow for better network segmentation and security management across different sub-networks.

When my research began to find an Appliance, I found there to be many dedicated hardware options on the market that have been built specifically to install open-source firewall and routing software based on the FreeBSD operating system, such as pfSense, OPNsense ...

This is when I came across the range of Protectli Vault models with 2, 4, and 6 Ports. After further research I settled on a pair of Protectli Vault Pro VP4560 Units which met the hardware criteria I had in mind for the Fendeil: Appliance Cluster. These network appliances are (1) pre-built, (2) can be rack mounted, (3) have 6 Ports per Appliance, (4) the ability to upgrade both the memory and storage capacity.

In addition to the two Protectli Vault Pro VP4560 Appliances, I purchased the Protectli Rack Mount Shelf that has been customised with pre-drilled holes — four holes per appliance — to mount two Protectli Vault Pro VP6650 Appliances in a standard 19-inch rack. The height of the Rack Mount Shelf is 1.875″ (47.62mm), which exceeds the 1U rack unit of 1.75″ (44.45mm). Protectli recommend that the rack shelf is placed at top-of-shelf mounting position where there is slightly more room. Otherwise the shelf will consume 2U. Since the height of the Protectli Vault Pro VP6650 Appliances measures 3" (76mm) I thought it would be better to place it below the Grinney: Gateway Cluster, and let it have a full 2U of rack space. This will also keep the rack arranged in a logical manner.

The core specification of the Protectli Vault Pro VP4650 Appliance:

  • Intel i5-10210U Quad Core (8 Thread) 1.6 GHz (Turbo up to 4.2 GHz)
  • 6x Intel 2.5 Gigabit Ethernet NIC Ports
  • 2x SO-DIMM 260-Pin DDR4 2666MHz Slots (Max 64GB)
  • M.2 SSD Slot accommodates NVMe or M.2 SATA
  • 16GB eMMC module on board

The units I purchased came with one Kingston 8GB SO-DIMM DDR4 2666MHz Memory Module, and 120GB SSD preinstalled. The 120GB of storage per appliance is currently suffice for my needs, and is easily upgraded if required in the future. On the other hand I did want at least 16GB RAM in each network appliance. I couldn't find anyone who stocked the Kingston Memory Modules that were preinstalled in the appliances, so what I decided to do in the end was to take one of the Kingston Memory Modules out of one unit and put it into the other for a total of 16GB RAM. Then before all the stock of Crucial Memory vanished forever, I purchased a pair of 8GB DDR4 3200MHz CL22 which work flawlessly in the other unit.

Software

During my hardware research, I had originally intended to install pfSense on my Appliance Cluster, but quickly found that I didn't like how the project is now being run. Neither was I impressed that the latest version, pfSense CE 2.8.1, of this open-source software can only be installed on Netgate's own hardware. The only image that I could download for my Appliance Cluster was the older pfSense CE 2.7.2.

Disappointed before I had even started with pfSense, I decided to find an alternative. It didn't take me long to find OPNsense, a fork of pfSense — which itself was originally based on m0n0wall — OPNsense was launched in 2015 to create a more open and community-driven alternative to pfSense. Perfect!

OPNsense is an open-source, FreeBSD-based firewall and routing platform that provides all the features that I need. But there is one caveat. FreeBSD does not currently have an accessible installer, and in turn I am unable to install OPNsense with my Assistive Technology Stack. So in the first instance, I'll need Sighted Assistance to help me figure out the exact keybindings I need to be able to install OPNsense on my own. I will take precise notes so that I can repeat this without Sighted Assistance or my Assistive Technology Stack in the future.

Once OPNsense has been installed, like the Teltonika, and MikroTik nodes in the Twoaie: Network Rack, I will learn how to configure, manage, and monitor the appliances from the command line via a SSH session. This is my preferred way to do this.

At the time of writing, I have no experience of OPNsense. The Documentation on the OPNsense website and the public forum look to be great resources, but I have decided to start with a book written by Julio Cesar Bueno de Camargo, titled "OPNsense Beginner to Professional: Protect networks and build next-generation firewalls easily with OPNsense". This should, at least, give me a high level overview of OPNsense.