Q: Hardware to run PfSense....

Wylbur · Sep 3, 2024, 2:05 AM

I have had problems with buying referb boxes to run PfSense. Soemthing about the security attached making them Winderz machines. Can't get Linux oo BSD to load and correctly see a multi-port Intel eithernet adapter. So can't get PfSense to run on it.

I am in love with PfSense. It is giving me info I need, with the options I selected it is now correctly recovering from my ISPs change in IP addresses on/in their fiberoptic modem (ONT). And more. But the box I'm using is OLD. And I don't know that I can get a replacement powersupply for it if the fan dies.

I am running 200/200MbS connection, with a VLAN to keep all Wifi traffic out of my LAN, and I have a lot of streaming traffic going via WiFi with no hitches. Becasue of the consulting work I do, I have three laptops on my desk. And I have the file server and a LInux desktop in my office as well. Everything is smooth. Anything wired is connected over gigabit switches.

I had looked at the Netgate 1100 and 2100, and I don't think they can handle a peak work load (multiple simultaneous file copies).

What is the recomendation for hardware for what I am doing (I am making use of snort, service watchdog, and a few others)?

I'd like to buy off the shelf, but I may have to have one built. There is a MicroCenter close to me and they have done all they can to get the referb units to work -- The failures with them are rather wierd. I've run a Knoppix linux test DVD on it and it can't see more than one port of a two port ethernet adapter card. BSD can't either. Plug in RJ45 to wrong port and it doesn't even detect it.

Thanks in advance.

SteveITS · Sep 3, 2024, 2:05 AM

@Wylbur The 2100’s switch ports are gigabit. Internet is firewalled/routed so CPU limited to 600-700 Mbps. Bit less with Snort.

Be careful with watchdog; if Snort restarts watchdog can see it stop and try to start it. Like unbound also.

In your refurb hardware are they Intel NICs?

Wylbur · Sep 4, 2024, 1:48 AM

@SteveITS

Yes, I'm using Intel NICS (dual port adapter cards). They are also Gigabit if I remember correctly.

So far I have watchdog behaving when Snort stops and restarts itself.

ps. The bottleneck is my ISP. 200/200Mbs is sufficient for all I do. I can get them to kick up to 300/300, but I don't see the need.

bmeeks · Sep 4, 2024, 12:54 PM

@Wylbur said in Q: Hardware to run PfSense....:

So far I have watchdog behaving when Snort stops and restarts itself.

Very, very bad idea to configure Service Watchdog to monitor either of the two IDS/IPS packages available for pfSense. I'm the volunteer package maintainer (meaning the developer) for both packages, so I speak with definitive knowledge .

Service Watchdog does not know how to correctly monitor the IDS/IPS packages, especially on multiple interfaces. It will sometimes needlessly issue a restart command when the IDS/IPS package is in the middle of automatically restarting itself. That will lead to multiple instances running on the same interface. I've coined those as "zombie" instances as they will continue to alert and block, but will not respond at all to any configuration changes made in the GUI. The only way to regain control is to manually kill the zombie instances.

TLDR: do not use Service Watchdog to monitor the IDS/IPS packages.

juliaroberts98135 · Sep 26, 2024, 10:35 PM

This post is deleted!