1u rack mount recomendations
-
Don't the Dell PowerEdge 1950 G2's have broadcom NIC's? I've heard that there are some issues with broadcom.
They do have Broadcom NICs, as do quite a few of the other Dell models people use. They're very good NICs, solid performance, reliable. The only issue I'm aware of there is in 8.3 base versions (2.1.x releases), they don't support jumbo frames because of a driver issue. That does work in 2.2 though, and isn't an issue in the majority of firewall use cases.
-
I'd love the known rock-solid hardware with custom updates & support, but from what I see that is a wee bit over my budget.
Right now I'm looking at the Dell 1950 G3's & G2's (2 port), likely with 16 gigs of RAM and an SSD. Then I'm planning on adding a 4 port Intel GB NIC.
-
Even running Snort you're unlikely to need 16GB of ram.
Steve
-
Hey Steve,
On one of my boxes, I am testing Snort (blocking mode) and Suricata (passive mode) and its using about 8GB of memory for two interfaces with fully loaded rulesets. Not a typical setup but I am also not using Squid.
btw - I really want to know if thats you in your Avatar! Always been wanting to ask lol…
-
Well I'm sure you could use 16GB, or at least >8GB, if you try but it shouldn't be necessary IMHO. If I were looking at second hand servers I wouldn't be looking for 16GB specifcally.
Yes that's me in my avatar. :)
Steve
-
So maybe to be on the safe side bump it up to 24 gigs of ram?
-
-
The different firebox models require various ammounts of tweaking to get pfSense installed. The cheaper and more commonly available X-e boxes will not manage 1Gbps, even after upgrading the CPU.
Hi Steve, Steve here.
For some time now, and with your help, I have been running WG X550e Fireboxes with pfSense 2.1.5 for my company offices and for my datacenter firewall. We run an MPLS VPN so all our company Internet traffic goes out the datacenter firewall.
Yesterday, we upgraded our datacenter connection to 40mbps but the speed on this side of the Firebox is 38mbps down and 35 up.
Can you elaborate a bit on your comment about the X-e boxes not reaching 1Gbps? Is there any reason to think I am losing throughput within the X550e I am using in the datacenter?
The FB in the datacenter has been upgraded to 2GB memory and the SL7EP chip. My LAN connection on the datacenter FB connects to an Allied Telesis x600 Gigabit router and my test laptop was connected to that.
Any input is greatly appreciated.
Steve -
So maybe to be on the safe side bump it up to 24 gigs of ram?
Board
19" dual rack case
8 GB RAM
SSD 120 GB
Intel Quad Port server adapter
custom holes in the front brackets
All in all for ~$350 to realize -
Hi Steve,
Those X-e boxes won't reach 1Gbps throughput due to the CPU. If you fit the 2GHz Pentium-M they will hit wire speed or at least some other limit, likely the NICs. I get 5-600Mbps through mine with the 1.7GHz CPU, or course is varies greatly by what traffic you are sending, packet size etc!
There are some test values shown here: http://www.copyerror.com/2012/10/27/watchguard-firebox-core-x550ex750ex1250e/4/Steve
-
I get 5-600Mbps through mine with the 1.7GHz CPU, or course is varies greatly by what traffic you are sending, packet size etc!
Tom's test results don't appear to claim that kind of speed with that chip as he is using the SL7SM. Are you getting that performance out of the on-board ports or the expansion ports?
Steve, what firmware are you using? I upgraded some of my boxes from 2.0.3 to 2.1.5 and I'm wondering if the 2.1.5 drivers fully support the hardware.
I am considering upgrading to 2.2.5. Do you think its worth it?
I am using WG pfSense routers for all my offices and for our datacenter gw. Should I be looking at other hardware that will run pfSense? Is what I have good enough for a commercial website(s) NAT gateway as well as a VPN portal?
