Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Urgently needed - Examples of Enterprise Level pfSense use

    Scheduled Pinned Locked Moved General pfSense Questions
    11 Posts 5 Posters 8.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H Offline
      heper
      last edited by

      whatcha gonna use openvpn for ? openvpn is really cpu intensive if you want to push >100mbit over it

      1 Reply Last reply Reply Quote 0
      • M Offline
        Mr. Jingles
        last edited by

        To introduce myself: I am an economist. Which means I will whine about many things, but certainly, when ever seeing the opportunity to whine about economics, expect not to invite me in: I am already on board, I sneaked in right behind you when you weren't paying attention. Obviously, I simply got lost and ended up in this forum, while still looking for the correct forum where people like me should reside.

        (Trying to be funny: you decide  ;D ).

        That being said:

        @communityuk:

        covering c32000 homes.

        a major Social Housing provider

        Is the c a typo error and is this 32k social housing houses that get free WiFi?

        Any help you can give in providing the evidence we need would be very gratefully received.

        I'd advise you to contact the admins/owners of this fine place and ask for their consulting. I'm sure you'll need it if you win it, and I'm sure the company behind this project is more than willing to help you out with some consulting  ;D

        6 and a half billion people know that they are stupid, agressive, lower life forms.

        1 Reply Last reply Reply Quote 0
        • S Offline
          Supermule Banned
          last edited by

          Its actually very easy to setup but difficult to maintain.

          I run pfSense in an Enterorise environment running a cloud hosting provider seeing heavy bandwith usage.

          I can provide you with a lof of scenarios for this solution, but not for free when we are discussing this magnitude of setup.

          1 Reply Last reply Reply Quote 0
          • M Offline
            Mr. Jingles
            last edited by

            @Supermule:

            Its actually very easy to setup but difficult to maintain.

            That tickled me, Mule: what is difficult to maintain?

            6 and a half billion people know that they are stupid, agressive, lower life forms.

            1 Reply Last reply Reply Quote 0
            • S Offline
              Supermule Banned
              last edited by

              This scenario takes 10+ pfsense boxes to be maintained and running in CARP scenarios to secure uptime in different physical locations spread across North England to secure uptime and redundancy.

              If you run 1 or 2 boxes then you cant take multiple nodes out of the equation without sacrificing bandwith and uptime…

              1 Reply Last reply Reply Quote 0
              • chpalmerC Offline
                chpalmer
                last edited by

                example 1
                I have a client using wireless links in the 3.x gig range (licensed) with multiple locations and primarily for (private) VOIP solutions throughout their region. They use bare metal units running pfSense and only use the routing capabilities "inside" the network with only one firewall enabled at the point where the network touches the rest of the world.

                The system is used in the broadcast industry and works very well for them.

                example 2
                I have a main data room at my main location that hosts company servers and my primary pfSense loaded box. This location hosts (as of right now) 6 OpenVPN connections to our other business locations including a couple of "customers" systems we installed so we can maintain their networks. Simple example but the OpenVPN connections are very rock solid.

                and this if you haven't seen it…

                https://doc.pfsense.org/index.php/Comparison_to_Commercial_Alternatives

                Triggering snowflakes one by one..
                Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

                1 Reply Last reply Reply Quote 0
                • M Offline
                  Mr. Jingles
                  last edited by

                  @Supermule:

                  This scenario takes 10+ pfsense boxes to be maintained and running in CARP scenarios to secure uptime in different physical locations spread across North England to secure uptime and redundancy.

                  If you run 1 or 2 boxes then you cant take multiple nodes out of the equation without sacrificing bandwith and uptime…

                  Thanks Mule  ;D

                  Ah, now I see: it's configuration management-related (yes, even economists can learn words out of their own field  :-X ).

                  Question comes up: how do the Google's of this world manage this, with their a quadrillion servers?

                  A simple rsync of changes doesn't cut it, I understand, as box 1 needs a different config than box 7.

                  6 and a half billion people know that they are stupid, agressive, lower life forms.

                  1 Reply Last reply Reply Quote 0
                  • chpalmerC Offline
                    chpalmer
                    last edited by

                    https://forum.pfsense.org/index.php?topic=89479.0

                    Cross post.  :o

                    Triggering snowflakes one by one..
                    Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

                    1 Reply Last reply Reply Quote 0
                    • S Offline
                      Supermule Banned
                      last edited by

                      Do you know how Google routes their traffic and how its distributed??

                      We are talking 32.000 end users…. Streaming, downloading and who needs to be secure and in a controlled environment.

                      Peak hours is maybe averaging 5+mbit pr. user and that amounts to 20 GB/s average bandwith....and the peaks can be much higher.

                      Since you cant adjust kern.ipc.maxsockbuf to much more then 4262144 then you will run into bandwith issues using pfsense with less than 10 boxes as the endpoint and that is only average use....

                      Use L3 switching instead and give every user a SOHO FW as a gift...

                      1 Reply Last reply Reply Quote 0
                      • C Offline
                        communityuk
                        last edited by

                        I guess we really should have mentioned that this is a not a network that will route ALL traffic via a single pfSense, that would be insane :-)
                        pfSense would be deployed within local segments of the network where Internet connectivity would also be deployed. OpenVPN would be used to
                        connect key locations together over the network.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.