Appliance VS Dedicated Pc/Machine
-
I am software developer and I am getting ready to launch a Proof Of Concept Visual recognition product that requires results in realtime (i.e 200-2000ms)
Firstly Please pardon my Ignorance as this is not my specialty area of expertise.
After a some research
I was looking at getting a SG-4860 and hook SNORT in there for good measure. Having said that I have a i7-2600k & i5 with SSD 120GIG 16 meg ram and 2 x HP NC360 T Dual cards that i could use as a the two dedicated RIG firewalls.
I do want to run a DMZ as my end goal. I have 2 x 120/10MB Cable connections and a basic load balancer.
I wont be doing a much VPN/Encryption as I will need to support all devices and want to keep everything easy and simple for my clients hence the DMZ. My main priorities are going to be SPEED and protecting my System/Backend/Webservices and SPEED for Realtime processing.
My question is what would be the benefit of getting 2 x SG-4860 or using the 2 above dedicated rig builds ?
Im hope its an easy question to answer and many thanks in advance
YipYip
-
Hi
Everything is run in software so there should not be that much difference between the dedicated hardware and similar or faster other hardware.
The benefits of the SG-4860 is that it is all done for you, so there are no driver or hardware issues and pfSense is tuned for the hardware. Power consumption is going to be less and it will take up less space than a typical PC that is re-purposed for the task, plus you get some support.
Many people use their own existing hardware or build from scratch without any issues, but it might take a bit longer to get there and get things working optimally, but for a lot of people that is the fun of it. Building a pfSense box is often part of a hobby and/or for the satisfaction of building your own.
If you are needing a pfSense box for work and a project with timescales you need to meet, then that suggests the SG-4860 might be better. If you have hardware you can reuse so avoiding the expense of the SG-4860, then you need to factor in the time it might take to set that hardware up, which may make it a false economy.
Regards
Phil
-
Having said that I have a i7-2600k & i5 with SSD 120GIG 16 meg ram and 2 x HP NC360 T Dual cards that i could use as a the two dedicated RIG firewalls.
You could install ESXi or another hypervisor on that and comfortably run multiple pfSense instances as well as a few more VMs in my experience. The HP NC360T will definitely be supported by ESXi. Otherwise, that hardware would be overkill for a single pfSense instance but will work just fine.
But if you want support and don't want to tinker too much, the official hardware is the way to go, hands down. Depends on your experience level and your DIY tendencies.
-
Having said that I have a i7-2600k & i5 with SSD 120GIG 16 meg ram and 2 x HP NC360 T Dual cards that i could use as a the two dedicated RIG firewalls.
You could install ESXi or another hypervisor on that and comfortably run multiple pfSense instances as well as a few more VMs in my experience. The HP NC360T will definitely be supported by ESXi. Otherwise, that hardware would be overkill for a single pfSense instance but will work just fine.
But if you want support and don't want to tinker too much, the official hardware is the way to go, hands down. Depends on your experience level and your DIY tendencies.
My DIY tendencies are strong that Im now 4 days straight into pfsense :D … Had issues with 2 low end mobis and then swapped in a MSI 990FXA GD80 with a AMD 6 core and everything started to sing.
IDS snort/siricata has been a drama with the old crappy mobi's. I was getting checksum errors and other not right stuff and was having to turn OFF a lot of the OFFLOADING networking tech which was not cool, the MSI/AMD board seems to fixed a lot of the dramas.
In your XP do the mobis play as much a part in problems as the NIC's ?
I have now ordered 2 x Supermicro AOC-SGP-I2 as I really just want to turn everthing on or either be able to see where the problem is via forward/backward hardware isolation as to the problem.
This will be a commercial solution (even though its POC and once proven moved to the cloud) so I do expect the bad people to have a go at some point and i want to be ready.
Is there a list of supported mobi's ?
Thanks
YipYip
-
I'd agree with Phil_D. If you have hardware lying around and don't care about spending time then by all means use your existing hardware.
At one stage you'd have to put a price on your own time though - and that's why I went with pfSense SG appliances.It's not as if I couldn't have built my own, but I preferred to use tested hardware, no fans, no moving parts and low energy consumption.
I accepted the slightly higher price tag for something that I knew would work out of the box and feeling good about supporting the pfSense project.I have previosuly built appliances etc. which gave me satisfaction, but at the moment I prefer to spent my time working on other challenges.
-
Couple years behind me with pfsense and if I would have gotten the pfsense book I would have been a lot better off.
$0.02
-
In your XP do the mobis play as much a part in problems as the NIC's ?
Thanks
YipYip
Honestly, in the 10 years I've been acquainted with pfSense (and running in production for 8 years) I've never really had a hardware problem. But I'm also not running at the edge of performance. In general, any hardware that runs FreeBSD runs pfSense, so if you're on the fringe, look at the supported hardware list for FreeBSD. I've run on Intel, AMD, and Via CPUs and Intel, Broadcom, Realtek, Via, and Marvell NICs without problems. Running both virtualized on VMware and on bare metal. Not sure this is the answer you're looking for, but unless you're on bleeding edge new hardware that isn't supported by FreeBSD, any issues are likely not caused by the hardware (unless it's defective). EDIT: or unless you're pushing the envelope of what the hardware is capable of.