PFsense hardware recommendation HELP!
-
Hello
There is already a pfsense system on an old xeon processor. However, the CPU is usually between 80-100%. This causes some services to be disabled (such as ntopng).
Now I want to buy new hardware. But I want to get your advice.
Services I currently use/or will use:- Snort/suricata
-Ntopng - Pfblockerng
-OpenVPN 50 users - DNS Resolver service
-200-250 users in total - 15 Vlans
- I will connect the LAN part to the switches with an SFP + card. (video transfers are too much)
- I want to make INTER-VLAN access via pfsense
-And of course, I think there needs to be good hardware against attacks coming from LAN-WAN.
The company I will use is very sensitive to outages. So disruption is not desired.
about this
I'm considering an i5 or i7 10 -12 generation processor. But I'm not sure if I'm thinking right.
What kind of hardware do you think it should be?CPU
RAM
DISK
SFP+ cardThanks in advance for your recommendations.
- Snort/suricata
-
@enesas said in PFsense hardware recommendation HELP!:
considering an i5 or i7 10 -12 generation processor.
I would pick the i7-12th generation just to be on the safe side...
-
What is the actual CPU currently in use?
What bandwidth does the firewall need to pass?
-
@stephenw10
CPU: Intel(R) Xeon(R) CPU E5520 @ 2.27GHz (2266.82-MHz K8-class CPU) -
@enesas said in PFsense hardware recommendation HELP!:
E5520
Ok pretty old then but capable. If it's running at 90% it must be passing significant traffic. What bandwidth does the firewall need to pass?
Almost any current CPU will be as fast or faster than that Xeon though.
-
I bought a Qotom mini PC, as described in my sig. Works well.
-
@JKnott said in PFsense hardware recommendation HELP!:
I bought a Qotom mini PC, as described in my sig. Works well.
IS YOUR CONFIGURATION SIMILAR TO WHAT I AM SAYING?
I ASKED FOR COMPARISON.
-
@stephenw10 said in PFsense hardware recommendation HELP!:
@enesas said in PFsense hardware recommendation HELP!:
E5520
Ok pretty old then but capable. If it's running at 90% it must be passing significant traffic. What bandwidth does the firewall need to pass?
Almost any current CPU will be as fast or faster than that Xeon though.
The Wan side has approximately 1 Gbit Bandwidth.
If I do local or inter-Lan, this can reach 3-4 gbit.
(not always) -
@enesas said in PFsense hardware recommendation HELP!:
IS YOUR CONFIGURATION SIMILAR TO WHAT I AM SAYING?
The configuration depends on how you set it up. I do have a VLAN for example, but I do not use snort, etc.. You need hardware with enough resources to do what you want. With my system, the CPU is running at less than 10% when running speedtest at over 900 Mb down.
Regardess, you don't have to get what I got. There are plenty of other mini PCs around and many are intended for use with pfSense or OPNsense. They are also available with varying number of Ethernet ports. Mine has 4.
-
@enesas said in PFsense hardware recommendation HELP!:
IS YOUR CONFIGURATION SIMILAR TO WHAT I AM SAYING?
I ASKED FOR COMPARISON.
So, why shout at him...no where in your original post did you asked for comparison...you asked for recommendation and indicated you're considering i5 or i7 processor. He gave you an i5 processor hardware recommendation, didn't he?
Ultimately, only you, as network administrator of your network will determine what's best for you. We all had to make our own choice of hardware for what we want to accomplish with our network.
-
@stephenw10 said in PFsense hardware recommendation HELP!:
What bandwidth does the firewall need to pass?
@enesas Without providing that information very little specific advice can be given.
You already have a bench mark (your existing system), relative generic processor comparisons are easily found online. For balanced systems bench marked for pfsense performance see https://www.netgate.com/pfsense-plus-software/how-to-buy#appliances
There is no justification for shouting given your (some what lazy request) and considered responses received.
-
I didn't shout at anyone! Maybe there is a pronunciation error due to translation. Don't be sorry about this.
Thank you all for taking the time to help.
-
@JKnott Thank you very much
-
@enesas said in PFsense hardware recommendation HELP!:
I didn't shout at anyone!
You wrote in all CAPS:
@enesas said in PFsense hardware recommendation HELP!:
I ASKED FOR COMPARISON.
It was probably just a mistake but it reads like you are demanding a comparison.
It's all good!
Steve
-
Thanks everyone I bought the hardware.
️
500gb NVM
i7 12 . GENERATION
32GB RAM.
Lan: sfp+ NICThe hardware may be a little high, but that's okay, after all, we don't change it all the time. :)
-
@enesas Good choice...should last at least five-years...congrats!
-
Yeah that should handle just about anything!
-
@NollipfSense
Why 12th gen? Is the CPU instruction set that much different? -
@coxhaus said in PFsense hardware recommendation HELP!:
Why 12th gen? Is the CPU instruction set that much different?
It was the OP's choice and I just affirmed...
