Hardware for PfSense+Snort+Litesquid
-
Hi,
Set up my first pfSense attempt on Alix last week, and it seems to be happy, until Snort is enabled, that is.
I'd like to run Snort on both WAN(single) and LAN, lightsquid (squid in transparent mode), and possibly VPN. So, the question is – will something like this do it?
http://www.ebay.com/itm/Barebones-Mini-ITX-PC-Intel-D2500CC-PicoPSU-80-M350-pfsense-Firewall-2x-Gbe-LAN-/200837671164?pt=US_Firewall_VPN_Devices&hash=item2ec2dba8fcOr something more powerful is needed? Snort planning blog post indicates at least the RAM will have to be expanded, but other than that -- will this box cut it?
Thanks!
-
What is your WAN bandwidth? Do you need VPN?
Steve
-
Currently 45/5 on the WAN, don't see it going higher than 90/5 in the next few years.
VPN is a nice to have as an option, but not immediately required. -
Yes you should be OK using that hardware on a <100Mbps connection but you may have to tune Snort carefully. If you just load up everything it may bog down a bit. It will be fine at 45Mbps. You won't get more than ~50Mbps VPN and that's without anything else running.
Steve
-
Thanks, that really helps!
Are you aware of any other off-the-shelf setups that'd offer a better performance?
-
There are loads that offer better performance but they cost more and aren't silent. ;)
For example: http://www.hacom.net/catalog/pfsense
What are your priorities?
Steve
-
Yea, most of these are probably a bit of an overkill. Trying to keep the cost, size and noise down – so I guess only building a mini ITX rig with Celeron or i3 would do better than this little machine?
Too bad Intel won't put a second LAN port on their NUCs -- those are nice little machines.In any case, thanks -- I think the constraints as you've described are perfectly acceptable for now, and there's always an upgrade path later :)
-
Depending on how much noise you can put up with you should at least consider a low end Sandy/Ivy bridge box with a Celeron. Say a G1610T. Those are cheap and low power, you can go passive cooling for some additional cost. You can build up a system for very close to the cost of an Atom box and it will be far more capable. Importantly any socket 1155 has loads of very easy upgrade options should you find you need even more. With the Atom you need to replace the whole board.
Have a search on the forum, there are quite a few threads in which people have detailed similar builds.
Steve