Which Netgate device for school
-
@keyser I have several customer that use the XG-1537 specifically because of the built-in IPMI management feature.
They the buy a SG-1100 as a “backdoor” VPN device to allow them to access the IPMI from all over the world regardless if the 1537 is up or down. -
@keyser said in Which Netgate device for school:
Remember to get it with a Raid-kit to make the boot/log drive redundant
Alternatively, get two devices and set them up in a High Availability config for redundancy. It costs more, but you'll be able to install updates and reboot during school hours.
Since any device can be set as HA (with matching hardware) I think what that page is trying to say is if you get a 1U device with quantity 2 they'll put them both in the same 1U rack space (1 1U rack, both units). They used to sell them that way for prior models; we have one. (might want to double check with Netgate on that before ordering...)
-
@keyser Thank you all for your answers. I'm glad to hear that all the devices are capable, because at some point we will have BYOD in our school. I have a little follow up question. You mean 1 Gbe internaly, right? Because our Plex server later will be having QSFP+. I can't really predict how fast devices will be using 10 Gbe in our school or if it would be better to stick with the cheaper option because by that time newer devices will be better.
To the HA argugent: Good point, probably I will use our old router with pfSense for a HA setup (and maybe the old DSL connection as well). IPMI is a strong factor for the XG 1537.
-
@dualbrot said in Which Netgate device for school:
use our old router with pfSense for a HA setup
Note the states will only sync if the network interfaces are the same.
-
@dualbrot said in Which Netgate device for school:
@keyser Thank you all for your answers. I'm glad to hear that all the devices are capable, because at some point we will have BYOD in our school. I have a little follow up question. You mean 1 Gbe internaly, right? Because our Plex server later will be having QSFP+. I can't really predict how fast devices will be using 10 Gbe in our school or if it would be better to stick with the cheaper option because by that time newer devices will be better.
They all have 10Gbe interfaces and can handle way more than 1Gbe - however, they cannot handle 10Gbe @ wirespeed.
My reference to 1Gbe was merely a guess at your WAN speed once Fiber is installed.
If you want a firewall capable of handling QSFP+ (4x10Gbe) wirespeed traffic you need something orders of magnitude more powerfull than pfSense Appliances (and pfSense for that matter).
Also: Are we talking packet inspection or just “simple” firewall’ing? If the latter then look into letting a switch do the routing with an ACL applied on the inside network, and your firewall handle connections to external clients.To the HA argugent: Good point, probably I will use our old router with pfSense for a HA setup (and maybe the old DSL connection as well). IPMI is a strong factor for the XG 1537.
Unless your old box has exactly the same interfaces/drivers for interfaces, that will not work. The only supported HA systems use two identical boxes.
-
@keyser said in Which Netgate device for school:
wirespeed
Ok, for the HA setup, do mean the exact same number and designation of interfaces or is it about the physical hardware?
-
@dualbrot Per the link I posted in the docs, "States in pfSense are bound to specific operating system Interfaces. For example, if WAN is em0, then a state on WAN would be tied to em0"
-
Thanks for the information!
-
@Diane9K I agree with you, the information was helpful
-
This post is deleted! -
This post is deleted!