Pfsense capabilities
-
Hello everyone,
Im new to this and I tried the search for info dough it seems I'm little lost in finding a solution for my problem. We are very small hosting company that host about 200 domains but we do not have a firewall infront of our servers (except APF). In the next few months we are going to purchase 3 more servers from Dell and we would like to have a real firewall for all of them (5 servers = 1000 domains). My question is : Can pfsense be our firewall and what hardware we should use? ie. what processor, how many NICs etc.
Sorry for posting newbie question. I did tried to search this forum but I came to the point that I have no idea what I'm reading and what pfsense can do for me. ???Thanks in advance
-
The biggest factor in determining your hardware requirement is what sort of bandwidth you hope to have. What is your internet connection?
Then if you want to use any packages, squid, squidguard, snort etc. that will also increase your requirement.Steve
-
The biggest factor in determining your hardware requirement is what sort of bandwidth you hope to have. What is your internet connection?
Thanks for your reply Steve. We are currently connected to 100MBit/s network and we hope it will be more than enough for this year.
Then if you want to use any packages, squid, squidguard, snort etc. that will also increase your requirement.
What would be your choice? :D
Thanks again
-
There's loads of good information on the forum, though it can be a bit tricky to find!
I was reading this thread recently which has some interesting info: http://forum.pfsense.org/index.php/topic,14366.0.htmlAre you expecting to push 100mps up and down through the pfsense box?
The biggest message from the above thread and others is: use intel NICS. Use 'server' nics if you can.
Perrsonally I'm using an old Watchguard Firebox which is way overkill for my requirements. However they are cheap from Ebay!
Steve
-
Steve,
thanks for the link. I will try to research as much as I can and will also take a look at the Firebox. Our goal is to create a firewall on a long run and that's why I'm asking the questions you were kind enough to provide answers to.Are you expecting to push 100mps up and down through the pfsense box?
We do expect to push that much since we plan to include hosting for game servers. At this time we are using only a fraction of the bandwidth we have, but when we start to gain more popularity, we will certainly push 100mps.
Thanks for the link and please, inform me if you find anything interesting like the the link you posted. -
Be saure you can push all of the domains through PFSense and route it to the correct servers.
-
Be saure you can push all of the domains through PFSense and route it to the correct servers.
Can you be more specific? Thanks.
-
You can only forward any single port on an IP to a single device. If you're running multiple game servers that all use the same port you'll need to have one WAN IP per game server. For HTTP (not HTTPS) you can use the likes of HAProxy to handle redirecting clients to the correct server.
-
I understand that.
As to gameservers (those are not our main priority), they will use multiple ports so no problem there.
For now we are focusing on a 5 server computers and about 1.000 domains in the next year or so. What would be your choice of hardware? -
Ibm Xseries X3630 M3 and runs ESXi on it. It will handle all you need.
-
Official hardware sizing guide
You're probably going to want to search the forum for advice on sizing and tuning the state table for a large number of states. ISTR that more memory will be important, particularly if you're running packages like HAProxy.
