Hardware recommendation on 150mbps/10mbps?

newabc · Mar 8, 2017, 2:47 AM

I works in a small company.

Current setup:

18mbps download/1mbps upload
12-14 workstations, 6-8 wifi devices.

Atom D525
2GB RAM
5 intel gigabit ports
120 GB SSD
unifi access point

pfSense with FreeRADIUS 2
No IDS/IPS/Squid

The coming setup:
150mbps download/10mbps upload
20 workstations, 10-12 wifi devices.

pfSense with FreeRADIUS 2, Suricata IDS(monitor 3-4 vlans)
No Squid

Any hardware recommendation for pfSense? Budget under $900 and it should be power saving.

Currently I am very interesting with Qotom J1900/3215u box, but I do know it has no enough power.

Thanks a lot.

stephenw10 · Mar 8, 2017, 12:57 AM

No VPNs?

Steve

newabc · Mar 8, 2017, 12:58 AM

No VPNs

Thanks for your reply.

stephenw10 · Mar 8, 2017, 1:08 AM

Then your requirements are modest.

I would expect our SG-2440 to handle that without any issues for example.
https://store.pfsense.org/SG-2440/

You might want to test it with the hardware you already have to be sure need to upgrade yet.

Steve

newabc · Mar 8, 2017, 2:41 AM

@stephenw10:

Then your requirements are modest.

I would expect our SG-2440 to handle that without any issues for example.
https://store.pfsense.org/SG-2440/

You might want to test it with the hardware you already have to be sure need to upgrade yet.

Steve

Thanks for the recommendation at first.

But I knew suricata is a CPU/RAM hunger application(a little bit more than snort.) So I said celeron J1900/3215u may have not enough power for this.

I tried snort on 1 vlan with IDS mode. Atom D525/2G ram failed to react for loging-in with ssh temperately when starting/stopping monitoring on that interface and RAM usage almost full comparing to 10%-20% usage without snort. 4GB RAM may be not enough.

Also, the "Atom C2xxx LPC failures" title is quit scary even some of the users haven't met the failure.

stephenw10 · Mar 8, 2017, 6:13 PM

Snort/Suricata can eat a ton of RAM but they should not use that much if configured correctly.

If you just enable all the signatures then they might use >2GB but you almost certainly don't need them all.

Steve

pfBasic · Mar 9, 2017, 4:11 PM

J3455B and an i340-t4 (if you need four ports), very cheap and low power(especially if you get an eBay server pull NIC). If you want to install 2.4.0 Beta you can even install to a USB flash drive(s).

newabc · Mar 10, 2017, 5:38 AM

If I don't consider power saving, Jetway NF592-Q170 motherboard recommended by some threads of hardware board may be a very comfortable choice.

Here is a bare-bone with i5-6500 cpu.
http://mitxpc.com/proddetail.php?prod=RS-JNF592VI5-FIO

By the way, I tried a vlan with much less hosts than previous and cut down a lot of signatures as what Steve suggested. Then got much less CPU/RAM usage in the old machine. Thank you, Steve.