Would this server work great for a pfsense firewall?
-
I'd expect tThat server is "wildly overspec'ed", for a "home" 1Gbit box. I haven't checked the network cards in it, make sure they're supported. Usually Intel netcards is good.
My Qotom (Mobile Core-i5) w. 4 x Intel netcards , can do 1Gbit wo problems. Guess it uses 8..20W , depending on load.
My guess is your server would be noisy & power hungry.
And be idling 90% most of the time./Bingo
-
-
That's almost certainly a better choice unless you need something rackmount.
Again though it depends on the NICs used.Steve
-
@eddles said in Would this server work great for a pfsense firewall?:
@bingo600 thanks for this. Does that stand even if I use IDS/IPS?
Would this NUC with dual NICs be a better option, would it be able to deal with gigabit fibre Internet with IDS/IPS? Many thanks again!
I would go for a unit with at least 3 Gbit Intel NIC's.
Or a unit that can take a 4-port Intel 340/350 NIC Card.
Watch out for fake cards from china, better to buy a used (pulled server card).It could be a "Mini server" (my choice would be a Mini-ITX) , with room for an intel 4-port card.
A Dual (Less power) / Quad Core i3/i5/i7 with 2.4+ Ghz and 8GB Ram is adequate.
Disk : depends a bit (32GB min), but with Intrusion detect , i'd go for 128 or 256 GB SSD.Remember a super small cabinet ==> High fan pitch
Large fan(s) ==> less noiseChose cpu power according to usage (snort/suricata), i can't help there (Make sure CPU is 64bit and can do AES-NI).
Example of units w, built in netcards (Fanless)
https://www.ebay.co.uk/itm/133643463675
https://www.ebay.co.uk/itm/133877899545
https://www.aliexpress.com/item/1005002747355032.html
https://www.aliexpress.com/item/32920921042.htmlI'd also consider the Netgate 5100 or the new 6100 , if they can deliver.
Think i read the Dell T310/T320 tower isn't loud , and mega powerhungry , maybe investigate.
/Bingo
-
@bingo600 Thank you for your reply! I was hoping for a rackmount solution, as I already have a rackmount server. It's in the garage, so noise, heat & space isn't a problem. My issue is that I can't really find anything that has a significantly lower power consumption than a Dell PowerEdge R200.
You say 2 NICs aren't enough - I should have at least 3, why? I'm curious.
I'm a bit wary of Chinese made computers, especially when they're run 24/7 and are a fairly important part of the network, which is why I'm looking at more well established manufacturers.
Thanks for your time!
-
@eddles said in Would this server work great for a pfsense firewall?:
You say 2 NICs aren't enough - I should have at least 3, why? I'm curious
To consistently saturate a 1G WAN you may need more that a 1G LAN bandwidth.
Also you may benefit from more than on LAN interface but that depends on the details of your network architecture.
-
Having 3 NICs available gives you far more choice in your network setup. You can add a separate subnet for a DMZ for example. Or add a 2nd WAN. Or create a LAGG to a switch and run VLANs over it.
-
Re: 3+ interfaces
As mentioned aboveWith 2 interfaces and more than 2 "inside lan/vlan"
IF-1 : Wan
IF-2 : Inside Lan(s)Depending on your Lan/Vlan structure , every packet traversing from Inside Lan1 to Inside Lan2
would pass IF2 , to be routed.
Now you have shared your IF2 BW with 2 lans.Might not be an issue for "normal use" , but heavy Xfer's would (might) saturate IF2.
Then again if you're just planning on one IF to connect to the switches , you would have same issue.You could try with 2 , but make sure you can put more in.
But by all means go for a PizzaServer
Dell 210/211 does not seem that "Overspec'ed"
Supermicro has nice rewiews (Watch out for Atom CPU ... Intel bug)
https://www.ebay.co.uk/itm/154747206773I'd still make sure to get a 4 x Intel 340/350 card in it , and min. 8G Ram
/Bingo
-
Maybe ??
https://www.ebay.com/itm/185168618080
https://forum.netgate.com/topic/124734/watchguard-firebox-m400-m500/399
-
If you're going to go that route you should install it yourself so you know how to do it if at some point in the future you need to re-install. You are paying someone else to do the fun bit there.
Also that seller is violating our trade mark doing explicitly what is not allowed. It is not a 'pfSense firewall':
https://docs.netgate.com/pfsense/en/latest/general/sell-pfsense.html#using-the-pfsense-name-and-logoSteve
-
@stephenw10
Couldn't he just "reinstall it" , i'd never trust an externally installed vers anyway.I specifically showed that box , due to the i3 + 8G Ram
Seems like he should have left out the word firewall
/Bingo -
Yeah, anyone buying anything like that should absolutely re-install pfSense themselves. It's probably a (relatively) clean install but you should always assume it isn't.
That particular seller has violated a number of things but IANAL so I'll not comment on specifics
Steve