SG-2440
-
a) Sure, if all you're doing is Firewall and NAT. No, if you're doing VPN, L7 shaping, Snort, etc.
b) Maybe, depends on the ruleset and how many interfaces you're running on. Memory usage is determined by the number and type of rules you enable and how you configure them. -
a) Sure, if all you're doing is Firewall and NAT. No, if you're doing VPN, L7 shaping, Snort, etc.
b) Maybe, depends on the ruleset and how many interfaces you're running on. Memory usage is determined by the number and type of rules you enable and how you configure them.Thanks for your input 8)
I may use VPN for remote access occassionally but it'll just be for me and used rarely. Not sure about L7 shaping but would like to have a tinker with Snort. I may use QOS to guarentee a certain amount of bandwidth of the one user on the LAN.
In the beginning I will be using the WAN interface for the fibre connection and then using the LAN connection for the two users on the LAN. Later on I'd like to use a third interface for my ESXi server (which will use a few VLANs).
My rules will be fairly basic: Allow all outbound and only allow port 25/443 to a few VMs on my ESXi host. I'm sure there will be a couple more than these but thats all I can think of for now.
I could live without Squid and Snort but I'd like to know that they are there and available should I decide to use them.
Let me ask this, if I don't use Squid but I do use Snort will 4GB of memory be ok?
Let me also ask, if I don't Squid AND Snort will 4GB of RAM be ok?
Appreciate the help!
-
Let me ask this, if I don't use Squid but I do use Snort will 4GB of memory be ok?
This could good be running well.
Let me also ask, if I don't Squid AND Snort will 4GB of RAM be ok?
This is absolutely enough.
-
I'm hoping to pull the trigger this weekend to order this firewall.
Since I live in the UK, what are my options for getting a power supply with a UK plug on it that will work with the SG-2440?
-
I'm hoping to pull the trigger this weekend to order this firewall.
Since I live in the UK, what are my options for getting a power supply with a UK plug on it that will work with the SG-2440?
I personally would ask a pre-sales question about this behavior at the pfSense-store! Perhaps they can
tell you what to do or they send you a GB ready one or what ever you should consider to buy in GB it self
but better from them as a failing information about the forum! Email: sales@pfsense.org -
Thanks!
The order has been placed and I am now excited ;-)
-
So my SG-2440 arrived on the weekend and i have set it up with my Draytek 2820. The Draytek is used as an ADSL modem in bridged mode and I am using the PPPoE client on the WAN interface of the SG-2440 in pfsense.
I seem to be having quite a bit of packet loss on the WAN interface. I thought it may be the speed/suplex setting? But I can't find where you can change this? I can see where you change the speed/duplex settings on other interfaces but not the WAN interface. Can someone help please?
Not sure if theres something else I can check with regards to packet loss? I'm meant to be getting between 8 and 10mb/s but am currently getting under 3! If I run a continuous ping on the LAN interface from my desktop on the LAN there is zero packet loss but if i ping (say) 8.8.8.8 then I get up to 15% packet loss.
I'm still finding my way around pfsense so would appreciate any help ;)
-
Could be your phone line or the draytek adsl is a finicky thing at best
-
The Draytek is a real router and if it is not in the so called bridge mode your were creating a double NAT
or router cascade.I seem to be having quite a bit of packet loss on the WAN interface.
ok what Internet connection speed do you have? And what kind of Internet connection is that in real?
(ADSL2+, VDSL, VDSL Vectoring, FTTH/FTTC)I thought it may be the speed/suplex setting?
This could really good be.
But I can't find where you can change this? I can see where you change the speed/duplex settings on other interfaces but not the WAN interface. Can someone help please?
Forcing Interface Speed or Duplex Settings
Not sure if theres something else I can check with regards to packet loss? I'm meant to be getting between 8 and 10mb/s but am currently getting under 3!
From what Internet connection speed you got 8 MBit/s - 10 MBit/s or the 3 MBit/s?
In normal SPI/NAT and firewall rules are "eating" some throughput likes 1% - 3% of all.
And with a double NAT or router cascade you will have loss something likes 3% - 5% from all WAN throughput.
If you have configured now something like Squid, Snort, SquidGuard, pfBlockerNG, QoS and VLANs it will
be then "eating" even more and more and more from your entire throughput. What method for the measuring
do you were using? iPerf from client to server will be the best thing in my eyes but NetIO would also march.If I run a continuous ping on the LAN interface from my desktop on the LAN there is zero packet loss but if i ping (say) 8.8.8.8 then I get up to 15% packet loss.
This might be but is not really saying anything about the throughput capabilities from the SG-2440 in any kind
of direction. Try out iPerf first at the WAN port and then through the Internet. -
Thanks for the replies but I found the issue. I had selected the modulation type to "Multimode" instead of "ADSL2+" which was causing all the packet loss. Once I changed this everything worked great…no packet loss :)
I know the Draytek 2820 is a real router but you do have the option of turning it into a dumb ADSL modem:
Theres no double NAT going on here and the Draytek 2820 is purely a modem. No NAT. No wifi. No DHCP. No firewall!
In fact, I have noticed my broadband speed has gone up from 8Mbit/s to 9Mbit/s.
I am REALLY pleased with my SG-2440 purchase. I had my IPv6 tunnel up and running in no time. I'm really impressed with pfsense and the SG-2440.