The best way to install a small UTM?
-
A Soekris net6501 has significantly more power and RAM than the ALIX gear… they have similar small cases for them too.
-
At the net6501-70 price-point I would be looking at something like SuperMicro SYS-5017C-LF instead. Not saying the Sokeris is overpriced, I think it's a decent price-point considering what it is.
In terms of running an embedded system once you overcome the partition size limitation (I have posted previously how to increase them, or use 2.1 RC) you will have problems with the squid blacklists and clamav definitions not persisting between reboots. This is a problem because the code expects a hard drive instead of a RAM drive. It shouldn't be too hard to work around this, however you may instead wish to evaluate an industrial SSD (8 to 32GB should be more than enough) with a full install.
-
My take so far is that lots of people want to have a form factor similar to a 4 port netgear router but capabilities that really need serious processing horsepower. I'd bet most people would be more happy with the performance of a cheap micro atx barebones computer with a real hardrive and a couple cheap intel gigabit lan cards. Scanning and filtering can max out atom and other imbedded processors faster than you can say "I will never see gigabit throughput on this tiny box".
-
For my use case, it is in remote places in Nepal. Solar powered. A system that takes 12V DC (10-15V as the solar charger comes in and a night when the battery gets low). Willing to give it up to 10W power for 24/7 operation. Speed doesn't matter - in big centres we can now get 1-5Mbps. In these remote places it it 192Kbps and the town phones and internet goes via satellite - latency is typically 800-1000ms.
The Alix can handle plenty of speed for home users in the 5-20+Mbps range. It just needs more memory! If I could get Alix2D13 boards with 1GB memory soldered on them (rather than 256MB) I would be very happy, and I suspect it would suit a lot of others for home and small office. -
They have you on a energy diet do they?
http://downloadt.advantech.com/ProductFile/PIS/MIO-2261/Product%20-%20Datasheet/MIO-2261_DS%2801.16.13%2920130116151702.pdf
http://www.advantech.com/products/MIOE-220/mod_72B62C09-313A-43D9-A089-43A97F2F0170.aspxhttp://www.advantech.com/products/MI-O-Extension-Modules/sub_1531e24b-76c7-4fe9-9d9a-f4bd6254bd64.aspx
These can fill the bill getting you down to about 5W-8W and enough memory and processor for you.
If you were in a building mood. -
The Alix can handle plenty of speed for home users in the 5-20+Mbps range. It just needs more memory!
Is that due to running out of swap space at startup? My pfSense runs fine on 256MB RAM and almost always has over 100MB free but I guess you are running nanoBSD pfSense while I'm running the full variant.
-
I am OK with 256MB for a vanilla install with 2 OpenVPN instances (to/from 2 other offices), sometimes an OpenVPN server for a few road warriors, and the usual set of firewall rules. But if I want to monitor usage (e.g. bandwidthd, gradually the data files get bigger in mem disk and real available memory drops) or try content filtering (Squid+SquidGuard with no cache) or… then things get tight. When OpenVPN instances lose their connections and re-establish there is a high transient memory use (both OpenVPN itself and the various bits of PHP that run in the background responding to the WAN/gateway event...).
If memory use on the dashboard stays around 45-60% all is good. If memory use is already 80%, then the transient events don't always complete properly, and there can be a killed OpenVPN instance, due to "out of swap space" (= "out of real memory").
So yes, 512MB or 1GB memory on the board would remove this issue for only a few dollars. Unfortunately the Alix boards were designed a long time ago when it was more than a few dollars for the memory. And it is not possible to have them do a production run with just more memory. Eventually the "new Alix" will come with everything changed - more CPU, Gb ethernet and more memory. That is nice, but I just want memory now :( -
P.S. I might also be able to help out on the solar power issue. I have about 20 years now in that also.
Whats your specs on that system?
-
[The Alix 2d13 supposedly has a 44pin IDE connector. In theory that should be able to take a DOM such as Transcend TS1GDOM44V-S (see [url=http://www.transcend-info.com/industry/products_details.asp?ModNo=26&Func1No=1]http://www.transcend-info.com/industry/products_details.asp?ModNo=26&Func1No=1) available from http://www.memoryc.com for about US$25. You could use "full install" pfSense, swap to the DOM (which should fix your transient event problem) and recover RAM by writing logs to the DOM. RAM recover might even remove the need to swap for the transient events.
I have used the 1GB 40pin IDE module in my home pfSense (plugged directly into the motherboard IDE connector) for over 4 years without any problem. Of course, "your mileage may vary."
-
If you can find deals on thin clients with proper spec, that is an option. I found some that were better priced than the Alix boards I've used. These were also new.
See this post. I have 2 of them with upgraded disks of 4 GB, and run offices which averages 5 GB-10GB daily using Squid, Snort, etc.
http://forum.pfsense.org/index.php/topic,64393.0.html