Reddit mentions of TP-Link 8-Port Gigabit Ethernet L2 Managed Switch with 2-SFP Slots (TL-SG3210)

How many ports?

Here are the two models I deploy regularly.

http://www.newegg.com/Product/Product.aspx?Item=N82E16833181232

http://www.amazon.com/TP-LINK-TL-SG3210-10-port-Pure-Gigabit-1000Mbps/dp/B006B7R3YC

> ER6120

Here are the stats from the TPLink spec sheet for the ER6120 that make me concerned about this device:

> Concurrent Session 60000
> NAT Throughput 350Mbps
> IPsec VPN Throughput (3DES) 130Mbps

You can get far, far higher performance for only ~$200 more by using an SG2440 from store.pfsense.org instead.

Alternatively, if you're open to a 2-device solution, you can combine an SG2220 with a TPLink SG3210 and save $100 vs the SG2440 by doing MultiWAN-on-a-stick (using VLANs).

The NAT and IPSec throughput are far lower than what I'd consider acceptable for any of the deployments we do for our customers, mostly in the interest of future-proofing. The lowest-speed uplinks we're dealing with today are 200-300mbps (or 2x150mbps, 2x200mbps, 2x300mbps, etc), so a device like the ER6210 would have to be replaced in only a year or so anyway simply because it wouldn't support the growing demand of the network.

For our customers it makes sense to spend a little bit more now and get a lot more life out of the device, rather than buy a slightly cheaper device now and replace it with the next cheapest device every year or so down the road. However, you should make the choice that makes the most sense for your users.

One thing to keep in mind -- we consider TPLink's switches to be rock solid, but we always recommend having high quality vendor support for any firewall we pitch to our customers. Firewalls leave a lot of room for user error and less-savvy users frequently need hand holding when something goes wrong. If you want to be the one on the hook supporting that ER6210, that's fine, but in my opinion I'd rather have a reliable third party engineering team to fall back on for that sort of thing. That difference alone is enough to justify the small price difference for me, let alone the significant performance difference.

For a run-down of performance numbers on the pfSense store hardware, this post by one of the core developers is a reliable source:

https://www.reddit.com/r/PFSENSE/comments/3xqhqo/thinking_of_switching_to_pfsense/cy7evhu

There are people that could probably give better ideas than I, but I can't really recommend pfSense enough. There's so much that it does that it becomes a great learning tool and there's not much to lose. Even if you just try it out as a vbox vm in gns3.

Personally, I bought myself an inexpensive managed switch and built a pfSense router and have used both to do some really neat things. I've got VLANS + trunking, OpenVPN server, IPv6 (mostly), email reporting, static DHCP with DNS, and Snort running off of that box alone. Not enterprise grade, but enough to learn/test the concepts.

As for where to start, well I think the theory is best in this case. That's pretty much transferable anywhere. I mostly learned the theory side from the CCNA books, but the concepts are pretty much the same between vendors (minus the proprietary stuff, obviously). CBTNuggets has a pretty good series on it as well, and I've heard good things about Danscourses. You might try packet tracer if you plan to follow the Cisco side of it.

Hope that helps!