Go to hardware
-
i want to have/recommend 'go to' hardware for pfsense. the installs would be primarily for small businesses or savvy home users/networks. i want something with minimum 3 interfaces (i know i can use vlans with a single LAN interface, but i prefer to have a minimum of 3 interfaces (obviously 1 WAN, 1 LAN and 1 OPT).
my only confusion comes from my history with installs on a alix board and on old pc hardware with a good CPU and a decent amount of ram.
the alix board needed a nano install which is limited in features. the install on the old PC gave me all the features i needed and no limitation of read/write on the platter hard drive.
if i go with something like this, http://store.pfsense.org/SG2440/ what are my main concerns? i want to be able to recommend this to a small business owner and not have to worry about not being able to run certain packages or worry about read/writes if i enable logging for things that are not normally logged.
thanks.
-
I think is an excellent choice, just read its spec and feedback from users.
You could choose a mSATA SSD unit in order to have more space (30GB or 128GB)
Personally I built my pfSense unit from scratch (see my signature) around a Supermicro MB equipped with C2558.
I let pro-user to provide you with more detailed feedbacks.
-
if i go with something like this, http://store.pfsense.org/SG2440/ what are my main concerns?
It is not only the one or the other box, they are offering to us, it is more in my opinion that we have now
all some devices we can trust on that pfSense will be still running smooth and proper on and on top
that we are able to choose between many different devices! And the real concerns are in my eyes;- 100% supported Intel GB LAN Ports
- 3 miniPCIe slots!!!!! For all miniPCIe devices that are mostly common used (mSATA, Modem and WiFI)
- AES-NI and Intel QuickAssist support will be for surely first assembled and inserted to the netgate/pfSense
devices as the coders now this devices exactly!
i want to be able to recommend this to a small business owner
Boxes this match really to the point to the pfSense software to build firewalls from the lower bottom
to the highest top matching and working as an UTM devices but without the pain of paying licenses
for AntiSpam, Antivirus, Web & Mail scanning and VPN connections. And this boxes would be in stock
if one fails you could get another one really fast as a replacement for the company, so that the saved
configuration can be really easy reinstalled for a proper and fast exchange of this units.and not have to worry about not being able to run certain packages or worry about read/writes if i enable logging for things that are not normally logged
Then it be wise to tell or ask here around before you are buying something, things such as;
- number of users
- number of services
- which exactly services
- Internet connection speed
- which throughput is really needed
As an example: Heavy VPN and QoS usage, many VLANs, Squid & SquidGuard, Snort and DPI
would not be the same as you ask us for a pfSense box for a SMB with 10 - 20 users and then
the SG-xxxx boxes would not really matching and fitting your needs.Related to the pfSense software it would be a firewall, but related to the hardware it can be a real
UTM device with features such as hardware accelerated VPN (AES-NI), acceleration of several services
likes IDS/IPS and DPI (QuickAssist).Having the security of the older USB Stick method, but are able to insert a faster Cache with mSATA
devices would be also a fine thing and on top support for modem and WiFI would it make more round
for me.For the logging option I really suggest to store this in or on an external devices such a small $50
RaspBerry PI 2 on a huge SD Card or connected USB HDD. For greater logging stuff it would be
also sufficient to go with a NAS, SG-2220 unit, or a mini ITX Intel Atom board with mSATA or SSD
as RAID1. -
if i go with something like this, http://store.pfsense.org/SG2440/ what are my main concerns? i want to be able to recommend this to a small business owner and not have to worry about not being able to run certain packages or worry about read/writes if i enable logging for things that are not normally logged.
- It has eMMC which should cope with many many writes. If the customer is going to use packages that can write a lot of stuff and/or need more space then buy it with SSD.
- The pfSense store devices will be the first hardware tested with any new release. Thus you will know that the hardware really works with new versions of pfSense+FreeBSD.
- Replacement units readily available (assuming you are in a country within easy shipping range of a pfSense store outlet)
- The extra bit on the price supports the project, ensuring ongoing support and development
I have 3 of these. If you want real hardware rather than VM, then I am struggling to think of a reason not to get the appropriate SG series from the pfSense store.