Hardware for PfSense+Snort+Litesquid

aag

Hi,

Set up my first pfSense attempt on Alix last week, and it seems to be happy, until Snort is enabled, that is.

I'd like to run Snort on both WAN(single) and LAN, lightsquid (squid in transparent mode), and possibly VPN. So, the question is – will something like this do it?
http://www.ebay.com/itm/Barebones-Mini-ITX-PC-Intel-D2500CC-PicoPSU-80-M350-pfsense-Firewall-2x-Gbe-LAN-/200837671164?pt=US_Firewall_VPN_Devices&hash=item2ec2dba8fc

Or something more powerful is needed? Snort planning blog post indicates at least the RAM will have to be expanded, but other than that -- will this box cut it?

Thanks!

stephenw10

What is your WAN bandwidth? Do you need VPN?

Steve

aag

Currently 45/5 on the WAN, don't see it going higher than 90/5 in the next few years.
VPN is a nice to have as an option, but not immediately required.

stephenw10

Yes you should be OK using that hardware on a <100Mbps connection but you may have to tune Snort carefully. If you just load up everything it may bog down a bit. It will be fine at 45Mbps. You won't get more than ~50Mbps VPN and that's without anything else running.

Steve

aag

Thanks, that really helps!

Are you aware of any other off-the-shelf setups that'd offer a better performance?

stephenw10

There are loads that offer better performance but they cost more and aren't silent.  ;)

For example: http://www.hacom.net/catalog/pfsense

What are your priorities?

Steve

aag

Yea, most of these are probably a bit of an overkill. Trying to keep the cost, size and noise down – so I guess only building a mini ITX rig with Celeron or i3 would do better than this little machine?
Too bad Intel won't put a second LAN port on their NUCs -- those are nice little machines.

In any case, thanks -- I think the constraints as you've described are perfectly acceptable for now, and there's always an upgrade path later :)

stephenw10

Depending on how much noise you can put up with you should at least consider a low end Sandy/Ivy bridge box with a Celeron. Say a G1610T. Those are cheap and low power, you can go passive cooling for some additional cost. You can build up a system for very close to the cost of an Atom box and it will be far more capable. Importantly any socket 1155 has loads of very easy upgrade options should you find you need even more. With the Atom you need to replace the whole board.

Have a search on the forum, there are quite a few threads in which people have detailed similar builds.

Steve