Hardware recommendation on 150mbps/10mbps?
-
I works in a small company.
Current setup:
18mbps download/1mbps upload
12-14 workstations, 6-8 wifi devices.Atom D525
2GB RAM
5 intel gigabit ports
120 GB SSD
unifi access pointpfSense with FreeRADIUS 2
No IDS/IPS/SquidThe coming setup:
150mbps download/10mbps upload
20 workstations, 10-12 wifi devices.pfSense with FreeRADIUS 2, Suricata IDS(monitor 3-4 vlans)
No SquidAny hardware recommendation for pfSense? Budget under $900 and it should be power saving.
Currently I am very interesting with Qotom J1900/3215u box, but I do know it has no enough power.
Thanks a lot.
-
No VPNs?
Steve
-
No VPNs
Thanks for your reply.
-
Then your requirements are modest.
I would expect our SG-2440 to handle that without any issues for example.
https://store.pfsense.org/SG-2440/You might want to test it with the hardware you already have to be sure need to upgrade yet.
Steve
-
Then your requirements are modest.
I would expect our SG-2440 to handle that without any issues for example.
https://store.pfsense.org/SG-2440/You might want to test it with the hardware you already have to be sure need to upgrade yet.
Steve
Thanks for the recommendation at first.
But I knew suricata is a CPU/RAM hunger application(a little bit more than snort.) So I said celeron J1900/3215u may have not enough power for this.
I tried snort on 1 vlan with IDS mode. Atom D525/2G ram failed to react for loging-in with ssh temperately when starting/stopping monitoring on that interface and RAM usage almost full comparing to 10%-20% usage without snort. 4GB RAM may be not enough.
Also, the "Atom C2xxx LPC failures" title is quit scary even some of the users haven't met the failure.
-
Snort/Suricata can eat a ton of RAM but they should not use that much if configured correctly.
If you just enable all the signatures then they might use >2GB but you almost certainly don't need them all.
Steve
-
J3455B and an i340-t4 (if you need four ports), very cheap and low power(especially if you get an eBay server pull NIC). If you want to install 2.4.0 Beta you can even install to a USB flash drive(s).
-
If I don't consider power saving, Jetway NF592-Q170 motherboard recommended by some threads of hardware board may be a very comfortable choice.
Here is a bare-bone with i5-6500 cpu.
http://mitxpc.com/proddetail.php?prod=RS-JNF592VI5-FIOBy the way, I tried a vlan with much less hosts than previous and cut down a lot of signatures as what Steve suggested. Then got much less CPU/RAM usage in the old machine. Thank you, Steve.
