Core 2 duo PC for pfSense in business deployment
-
… unfortunately I have like 6 boxes ill have to replace because of it.
As others have said you will need to plan to replace those in ~2 years. Unfortunately there are no socket 775 CPUs that support AES-NI even if you fit a Xeon 771 CPU with one of those adapters.
But can you really be relying on hardware that old if this is a business critical deployment?
Until that time though I imagine that would fit your requirements just fine.
Steve
-
That's a workable box all around with the exception of IPsec. You might hit a wall without the AES-NI on your Core2. It all depends on what your VPN expectations are.
The other concern is the power consumption. you will be running at least 100w each. If you can hold off a bit, you could get the new SG-3100. As long as your not running Snort with a ton of rules or ntopng you should be fine. You also get support!
Im using a old Core 2 Duo 2.4Ghz HP Elite 8000 which is on 24/7 and the machine only uses 35watts on idle.
-
That's a workable box all around with the exception of IPsec. You might hit a wall without the AES-NI on your Core2. It all depends on what your VPN expectations are.
The other concern is the power consumption. you will be running at least 100w each. If you can hold off a bit, you could get the new SG-3100. As long as your not running Snort with a ton of rules or ntopng you should be fine. You also get support!
Im using a old Core 2 Duo 2.4Ghz HP Elite 8000 which is on 24/7 and the machine only uses 35watts on idle.
What will you do when the motherboard fails?
-
… the machine only uses 35watts on idle.
That's about 5-times what an APU2 consumes under load.
-
… the machine only uses 35watts on idle.
That's about 5-times what an APU2 consumes under load.
So what? It would be at least 5 years to recoup the purchase price in these parts, and from a green perspective it's probably neutral at best to throw out a working system to replace it with another one. Tossing out an idle power consumption without any context is ridiculously common on this board but really pointless.
-
I am using Lenovo M58p E8400 and another one with E8500 in a small LAN without any problem for ~2-3 years.
It have extra:- 2 x LAN Gb cards ( 2 + 1 ports )
- 1 USB Ethernet 100 Mbps. ( for guest AP when need it )
It run without any problem: Suricata, pfBlockerNG, OVPN site-2-site and OVPN server for mobile, postfix…
OVPN speed it is max ~100Mbps without compression.This MB have Intel AMT 5.0 so you can control it remote, power ON/OFF....
Consumption on work ~45-60W.I can recommend it for home and small office if you have one.
-
@n3by This was all pre pandemic. When the pandemic hit and people started doing Zoom, Meet, and other encrypted calls, my core 2 duo box struggled. People were unhappy.
I purchase a cheap I-5 on I-Bay, 80 dollars at the time, and that fixed the problem. Actually, because they were so cheap, I bought two of them and did HA.
-
Things move on after 6 years! One of which is that there's no AES-NI requirement so C2Ds are still good.
Steve
-
@stephenw10 Yeah I remember when they made that decision. I guess as long as the core 2 unit can keep up without the AES instruction support that's ok, but I had other things bite me, like docker and UISP refusing to run on CORE 2s. With hardware that can do AES so cheaply why take that chance? I suppose if you are just using it at home it might be all right, but if you get any number of users there are going to be problems. Teleconferencing is so ubiquitous that I think using a core 2 duo on any size audience is asking for discontent from your users.
One of the installs I have has 17 apartments and I was using a core 2 unit. As teleconferencing came on I could watch it fall behind on DNS and I could see latency encroach. So that might be maybe 34 users with 2 devices each so say 70 devices. So with Roku, Firesticks, and other streaming devices and then the pandemic it got pretty dicey and people started to complain. Now granted I run Suricata and pfBlocker. With the 3rd gen I-5s things were obviously much better. Just recently I bought a couple of used 6th gen I-7s for 120 each. Yea, they say that that is way over kill, but my users commented that the response improved. I noted that the gui response for management improved too.
You can run pfSense on some marginal equipment. BSD is pretty awesome, but if you can find the nickels it is worth spending them. If you can afford the Netgate equipment that is even better.
-
Absolutely. Even 6 years ago C2D was so old it should not have been running in anything critical. Hardware that age may fail. At any time!
-