Help Setting up an enterprise network
-
Hey,
I am setting up a network for around 800 users and planning to use pfsense based on my previous experience.
I am planning to use a blade server to run pfsense. Can you suggest the best possible hardware and configuration for this?
Thank you.
-
The brand new XG1540 from the pfSense shop would do the job and if you need it redundant then
it would also be running with two of them also smooth.If money is rarely you could also set up two Hyper-V server (cluster) and then run the pfSense
in a so called VM. -
Thank you.
Getting the device shipped to the place I live in and getting it cleared through the customs department would be very painful as time consuming.
It would be easier to get a blade and setup the stack myself. Can you suggest me a model where pfsense will work without issues? I read in the forums that a few HP models have issues with the boot loader. -
It would be easier to get a blade and setup the stack myself. Can you suggest me a model where pfsense will work without issues? I read in the forums that a few HP models have issues with the boot loader.
I really think you could try out a Supermicro board where the Intel Xeon D-1540 SoC is soldered on, but there fore
I would rather then waiting until some peoples where trying it out first, to be sure that you not running in a trap.Lanner has also some really wicked hardware, likes the FW-889x appliances, that could be matching, try
out asking them first, because some of them getting BIOS problems running pfSense on them.At the moment the only well known appliance is from Supermicro with an Intel Xeon E3-12xxv3
that would be really fast and stable running.- Intel Xeon E3-1230v3 4 Cores @3,3GHz
- Comtech AHA363PCI or Intel I210-T1
- 16 GB ECC RAM
- 1 SSD
For how many users this should be?
What services you will be offering?
DHCP,QoS, Snort, Squid, DPI, HAVP,… -
Will definitely check them out.
Are there any PFsense distributors in India from whom I can purchase pfsense devices? Does anyone happen to know
-
@BlueKobold:
- Intel Xeon E3-1230v3 4 Cores @3,3GHz
- Comtech AHA363PCI or Intel I210-T1
- 16 GB ECC RAM
- 1 SSD
For how many users this should be?
What services you will be offering?
DHCP,QoS, Snort, Squid, DPI, HAVP,…The setup would be running anywhere between 600-800 users.
About the services, it would be running a site-site VPN, DHCP, Squid, captive portal, qos, snort, havp -
pfSense partners
Have a look under India, it is a store located in Germany, but they are shipping world wide!Otherwise you could buy spare psart from supermicro and then fiddle out your self a box
you like, either based on the Xeon D-1540 or Xeon E31230v3. -
The setup would be running anywhere between 600-800 users.
Then please better to run it in a VM, not only based on this numbers, but plus the
told by you offered services it would be better in my eyes. If on the both VPN endpoints
pfSense is used I would be really recommend a Comtech AHA363PCIe compression adapter.About the services, it would be running a site-site VPN, DHCP, Squid, captive portal, qos, snort, havp
As telled above, then better to go with a Xeon E5-server and set it up in a VM. Also a Chelsio adapter could be good
to offload the entire NAT work. -
@BlueKobold:
The setup would be running anywhere between 600-800 users.
Then please better to run it in a VM, not only based on this numbers, but plus the
told by you offered services it would be better in my eyes. If on the both VPN endpoints
pfSense is used I would be really recommend a Comtech AHA363PCIe compression adapter.About the services, it would be running a site-site VPN, DHCP, Squid, captive portal, qos, snort, havp
As telled above, then better to go with a Xeon E5-server and set it up in a VM. Also a Chelsio adapter could be good
to offload the entire NAT work.What is the difference between running it on a VM vs bare metal? How does it affect the performance?
-
What is the difference between running it on a VM vs bare metal? How does it affect the performance?
I personally love more running pfSense on bare metal, but if then you are maxing out the numbers and services
you are in a trap!!! You must then take another hardware, but at a VM you can max up the entire things could
really need to be updated. Let us imagine the following:E3-1230v3 with 8 ECC GB RAM
Then you are able to upgrade to the maximum as;
E3-1286v3 with 32 ECC RAM this is then the maximum nothing
will be able to insert what gos higher, faster and more!But if you have a Server such as dual Xeon E5-26xxv3 with a huge amount of RAM
and pfSense installed in a VM you will be able to give the VM more cores if needed
and more RAM if needed! Or plain all Cores and RAM, this would be allow you more
to install.For sure it would be better to have a Xeon E3-12xxv3 and a miniPCIe or PCIe card
with an on board soldered ASIC/FPGA chip to utilize all the Firewall rules, IDS/IPS rules
and queues for sure. Or let them do anything else it will be code for in the pfSense distro.