All you should need to do is run the traffic shaping wizard and plug in your numbers (10/10) and it will be limited. That will get you the basics. Beyond that you can fine tune the traffic shaping by:
Using floating rules and establishing alias's for gaming ports and then putting in rules and queues to limit traffic. So basically you would have
WAN - HFSC 9MB (this is your upload)
qNerf - Default - 5%
qWebSteam - 15%
-qAck -30%
qGaming - 50%
LAN - HFSC
-qInternet - 10MB (this is your download)
–qAck - 20%
--qNerf - Default -5%
--qWebSteam - 10%
--qGaming - 65%
qACK will be for TCP ACK packets
qWebSteam will be for 80,53 , and steam ports for upload / download , etc
qNerf will be for any traffic not recognized
qGaming should be for all your gaming traffic
This will require you to know the ports for the games people are playing and either make rules for each port set per game or make an alias called gaming ports , put all the ports in it and use that in your floating firewall rule.
Sometimes games can be tricky about what ports are being used so the best way to figure this out is to put up PFSense , run a PC behind it and have it play the game and run a port capture on it to see what ports the game is actually using. You can export the capture from PFSense to Wireshark. This will be the part that will be the hardest to do , getting the games qualified into proper port mappings and then having them hit the correct queues.
Running a 10/10 Internet connection with anything over 50 people is going to be rough as games like LoL (League of Legends) and others will tax it if your doing a tourney. For 250 people I would see if you could get another 10MB on download and give up 5MB on upload. If you see someone uploading alot ,then typically they are running a file sharing app and you need to shut them down. I would recommend using PRTG as well and make a port mirror on your switch so you can see the traffic and monitor it and when you see someone hogging the bandwidth - I do the following:
1. See what traffic / port they are passing and to what IP if it resolves.
2. Find the MAC of the PC . Make a static reservation in PFSense for that MAC to get a static IP.
3. Delete their current lease to force them to renew and get your static IP.
4. I make a LAN rule to block all traffic for that MAC to any connection on the network.
5. Now you can wait for someone to come up and say they can't get to anything and you can see what they were doing.
Typically they will have something like Spotify running or some other file sharing application.
If you have better switches and you can see what table switch port they are on , then you can just shutdown the port but alot of LAN's just run dumb gigabit switches at the tables and a Layer2 at the core for the most part. The above way is effective in shutting them down.
I would recommend thoroughly testing out your configuration by doing the above with a couple of PC's so you can see how it is going to perform. You will need to use Intel NIC's in the PFSense box for the best performance.
Btw - I run the network / Internet for LAN's that are about 120 people in size and we usually have 2 or 3 50/5 cable modems for our Internet and use load balancing with a similar config. I run a PRTG box to monitor my stats and I run a Dell Poweredge 2950 server with ESXi 5 that holds all our gaming servers. We use an Intel Dual Core 3GHZ 8G RAM , 80G SATA , 4 Intel Gigabit NIC PC running PFSense.
Sorry for the long post but the best advice I can give you is test , test , test before the event.
