The pursuit of the perfect PFSense server
-
The pursuit of the perfect PFSense server
It all started when researching free firewall options. I found PFSense and I really liked it!
I played around with it in a virtual environment and decided this is what I wanted to use for my
main router/firewall, but I wanted a hardware solution. I had pretty much decided on an inexpensive
platform when I got wind of the new AES CPU requirements for the upcoming versions of the software
so I decided to start my life with PFSense off right with no need to replace hardware in two years.
I looked into using only CPU devices that would support AES onboard encryption. I was comfortable
with Xeon processors and knew that the 5600 series would support AES so that was my starting point.
My requirements were as follows: "Inexpensive" (I'll come back to this later), Rack mounted, Quiet,
Xeon 5600 AES supported CPU. I thought about an inexpensive desktop but I had just purchased and put
together an awesome Rack environment in my home office and I didn't want another desktop.
So with requirements in hand it was e-bay time. I started looking at Xeon 5600 servers but they
seemed too expensive for the project so I found a great little Supermicro 1U server (SUPERMICRO
6016T-MR 1U SERVER 2x L5520 8GB MEM NO HDD CSE-512 X8DTL-I) that had a motherboard that supported both
5500 (which it came with) and 5600 Xeon CPUs and it was a dual CPU MB. I thought I had a couple of
Xeon 5620 laying around but they turned out to 5500's. No worries, e-bay time again. So I purchased
two Xeon 5620 CPUs to replace the 5520 CPUs (5500 CPUs do not support AES onboard). I also needed
a Intel based NIC that support four ports (could of gone with two but what the hell) since I wanted to
run at least two LANS as well as the WAN. Since the box was only 1U I needed a riser card to support
the NIC. I already had a spare hard drive so that was technically "free". See running total below.1 Supermicro Server $139.00
2 Xeon 5620 CPUs $11.99
2 Thermal Paste $20.82
1 Supermicro PCIe Riser $22.62
Intel 4 Port NIC $26.99
Sub Total: $221.42$222 Bucks! Not a bad deal. Probably over kill for a PFSense Firewall/Router but it will support
the new requirements. So everything comes in but there's something visually wrong with one of the CPU's
to I contact the seller and they send me two more and let me keep the original ones sent. Cool, I've got
a spare if they work. I get the CPU's swapped out, the riser card installed, the NIC card installed, and
the Hard drive installed. I fire the thing up and WOOOSHHH, it's like I just started a Jet Engine. Yes
I know rack mounted server hardware can be loud and it is but this was 3 or 4 times worse than the two
Dell 610's and one Dell R410 that I already have running. They are just barely tolerable. This super-
micro was not!
Back to the drawing board. So I'm looking at the three fans that I think are the problem. Each Fan
is like three fans put together back to back. So I figure I'm commented now and I purchase three new
replacement Fans, but the problem is they don't really fit the Fan Bracket so I rig something up. I fire
the thing up and it's much quieter but after about 5-10 minutes the server is overheating and starts
beeping. Great!3 Noise blocker NB Fan's $44.97
New Total: $266.39So now I'm getting a little frustrated and I let it sit for awhile. I start to look at my options.
I can purchase a 2U Rack server chassis or try to replace the CPU heatsinks with different heatsinks and do
away with the other Fans completely. The CPU heatsinks are passive only. They do not have a Fan sitting
on top so I look into what it would take to replace the 1U heatsinks with ones that have a Fan. The only
ones I can find are also loud and kind of expensive. There's that stupid word again, expensive.
I purchase two 2u CPU Heatsink/Fans for a 2U rack mounted server. I install the new Heatsink/Fans and
fire it up again (no cover). The server is still loud but this time it's the power supply fans. Disclaimer,
do not try this at home, I stick my fingers into both power supply fans to get them to stop so I can see how
loud the new CPU Fans are and I slightly cut my fingers. Yeah I can be a dumb ass sometimes. But the noise
level is now tolerable. So I've got my MB with CPU's, Heatsink/Fans, 8 GB memory, and HD that I want to use.
Now I need another server case that must be 2U and I've got to have the MB face plate for the back, more cost.2 Intel Heatsink/Fans $34.99
2 Supermicro MB Face Plates $15.98
New Total: $317.36Boy it's a really good thing (or maybe it was a bad thing) that I didn't write this up while keeping this
running total or might have stopped here and cut my loses ;). $317.36 and two slightly cut fingers, this is
not turning out like I had planned. In the mean time I knew in the back of my head that I was spending way
more than I wanted to so I let the project sit again for a little while. And every day that stupid 1U server
with no cover on it and two over sized CPU Heatsink/Fans staring at me in the face. Stupid computers!!!
So I really wanted to switch out my really old Linksys/Cisco WAN/LAN router and I'm checking out some
YouTube video's of people who have taken a Watchguard firewall appliance and turned it into a PFSense box.
I'm thinking nice! This would be a great stop-gap while re-think everything I've done so far. So it's e-bay
time again and I find a great deal for a Watchguard XTM 510. The seller is only 20 miles away from where I
work so I take a long lunch and save my self some shipping cost. And it's a beauty! No scratches or marks,
looks brand new and it's really quiet! But now I need a serial port cable and serial to USB adapter as well
as a Compact Flash card and as usual Amazon is your buddy. I've got a 2.5 HD laying around so I'm good to go
there.Watchguard XTM 510 $99.99
Serial/USB Cable $9.99
USB/RJ45 Cable $12.79
8 GB Compact Flash $13.99
Compact Flash Reader $14.99
New Total: $469.11The Watchguard XTM 510 has been operational for about four weeks now and it's been great! It's quiet and
fast and is almost everything I wanted yet it only supports CPU's that don't support AES. Early on as I'm going
through the PFSense forum, I run across a very long thread that is about the Watchguard XTM PFSense conversion.
Of course it's an interesting read all about how you can swap out the lowly Celeron Intel processor with something
better and add more memory and who couldn't resist that bit of detail. So it's back to e-bay and the purchase of
more memory and a better CPU.Intel Q9400 CPU $14.00
Corsair 4 GB Mem $24.99
2 Thermal Paste $20.82
New Total: $528.92So with the Watchguard upgraded and working perfectly I've got to decide what to do with my other setup. Do
I spend more money to solve the noise issue or do I drop it and cut my loses. I am not a gambler and I don't
really like Vegas because I never know when to hold, fold, or cut my loses. Hell I still own some BP Stock!
The watchguard has been in service for two weeks and I'm getting ready to go on vacation but I don't want to wait
until I get back to decide what to do (probably should have) so I decide to purchase a 2U server chassis. but I
can't just buy the $89 dollar one! No, I have to buy the NORCO 2U Rack Mount Six Hot-swapable SATA server. This
was a total "I have to purchase this and get it in before I leave" deal. It is a nice server chassis.
I had been looking at many 2u server chassis for several weeks but could never pull the tigger and somewhere
along the way I thought the server chassis that I just purchased supported a full size power supply so while I was
on vacation I wanted to make sure that the power supply I bought was quiet and of good quality and I wanted it to
be deliveried right when I got back from vacation so I would spend the weekend putting the system together.
Unfortunately I was wrong! Big time wrong! The PSU that I ordered is not going to fit the server chassis that
I have and it wasn't until this morning that I figured it out while I wait for delivery. I went ahead and pulled the
motherboard and installed it in the new chassis. I pulled out the old ruler and sure enough, I'm a dumbass! I had
measured the height without really thinking about the width which is signficantly smaller than a normal PSU.NORCO 2U Rack Mount Server Chassis $221.93
EVGA SuperNOVA 750 G3 PSU $140.85
New Total: $891.70And here I sit, dumb founded… I can't believe that I'm sitting here after about 3 months and $892.00 out of
pocket and I still don't have a server up and running that supports the new PFSense AES requirements. This is not a
rant about the new requirement, this is just a tale to say, don't be like me! Choose your platform wisely and some-
times trying to go cheap may not necessarly be the cheaper option...Y-ASK
-
TL;DR - Cheap. Simple. Works.
Pick two :)
-
Or just go to the pfsense store ;)
You could of had a sg-2440.. for $550 at your door in a day or so.. Nice any tiny fits anywhere… Quiet as a mouse.. And rocks pfsense for sure.. etc.. And yeah has your AES requirements ;)
-
Or just go to the pfsense store ;)
You could of had a sg-2440.. for $550 at your door in a day or so.. Nice any tiny fits anywhere… Quiet as a mouse.. And rocks pfsense for sure.. etc.. And yeah has your AES requirements ;)
Yeah, that was kind of my point and a great suggestion. Plenty of options out there, some better than others.
Y-ASK
-
Update for anyone interested, the EVGA SuperNOVA 750 G3 PSU did not arrive on time Saturday by 8 PM as promised and paid for, so I called FedEx and asked that they return the package before delivery. Got confirmation that Amazon would provide a full refund so I ordered what I hope is a correctly sized power supply.
Remove EVGA SuperNOVA 750 G3 PSU -$140.85
Add FSP Group 700W PMBus V1.2 $179.99
New Total: $930.84I will probably continue my search for a cheaper alternative that supports AES and use this particular system for something that can actually use the horse power. Right now the Watchguard XTM is working great!
Y-ASK
