Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Help re new pfSense box please

    Scheduled Pinned Locked Moved Hardware
    2 Posts 2 Posters 519 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      orangehand
      last edited by

      Hi
      I need to spec up a rackmount box for a UK customer who has 2 x VSDL WAN connections and a few VPN users. I would want to run Squid to for a LAN of about 25 users. Need to keep it sensibly priced without compromising on quality/reliability. This would be to replace their absurdly over-priced Watchguard. I may well suggest 2 in fallover/redundant mode.

      Can you point me at the sort of processing power I would need for this? I cannot seem to work out what the box will need to cope with the above demands.

      I am assuming that an Intel quad-port NIC (assume total of 5 ports) and a decent SSD (RAID 1'ed??) would be 2 of the standard parts for this.

      Many thanks

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        UK VDSL is likely to be up to 2x 80Mbps so most current hardware will do that with ease even with Squid running.

        Any descent SSD should not fail for long time though 2 in a gmirror is not a bad idea. Better to save on SSDs and double up on total hardware if you can.

        Two issues I see:

        1. Squid will always use the default system route so only one of the DSL connections. It's not possible to load balance between them from Squid if it's running on the same box. You can load balance other traffic though or policy route it via the non default WAN perhaps.

        2. You can't really use an HA setup with PPP connections that are terminated on the firewall. To do it will correct failover you need to use a different device in front of the pair running the PPP. But that then represents a new single point of failure.

        Steve

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.