Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Urgently needed - Examples of Enterprise Level pfSense use

    Scheduled Pinned Locked Moved General pfSense Questions
    11 Posts 5 Posters 8.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      communityuk
      last edited by

      Hi all,

      We are down to the very last stage of a major bid for a Wireless UK and Public Broadband network in the UK and we are proposing the use of pfSense within our solution.

      We have now been asked to provide some evidence of successful pfSense usage in an Enterprise environment but are struggling to find any online and have until Monday 2nd March 2015 to get our response in.

      Can anyone in this community provide an example???

      For your further information…

      Essentially we are looking at deploying both a Corporate Wireless Network connecting up to 40 Offices (3 Main the rest reasonably small) and also a major Public Wifi Broadband Network covering c32000 homes.  All in the North of England.

      The Corporate and Public networks will be interconnected with Employees of the Company (a major Social Housing provider) using the public network to connect into the Corporate network when they are out in the field.

      The corporate network will be used for General Data (i.e. Database, CRM etc.) and for VOIP.

      The Client is used to the "Cisco" way of life but are keen and interested to go down an "Open Source" route if it is fit for purpose.

      The main corporate links will be using Siae AlfoPlus80HD 80GHz "Milliwave" links running up to 2GB Full Duplex.  The next level of links will be using Ubiquiti AirFiber 24GHz Links and then on down to 5GHz links and 2.4Ghz at the public hotspot level.

      They have questioned the capability and scalability of pfSense and our proposed use of OpenVPN as opposed to the traditional VRF/MPLS route.

      We could use a VRF type solution by putting an OpenContrail Box in front of pfSense but believe OpenVPN is entirely the right way to go.

      Essentially, they want to believe and as such, need some real world examples/evidence of where this type of set up has been deployed and is successfully in use.

      I have to say this project will be hugely publicised over here and as such, I believe it would be a huge feather in the cap of pfSense and Open Source in general if we can win it!

      Any help you can give in providing the evidence we need would be very gratefully received.

      1 Reply Last reply Reply Quote 0
      • H Offline
        heper
        last edited by

        whatcha gonna use openvpn for ? openvpn is really cpu intensive if you want to push >100mbit over it

        1 Reply Last reply Reply Quote 0
        • M Offline
          Mr. Jingles
          last edited by

          To introduce myself: I am an economist. Which means I will whine about many things, but certainly, when ever seeing the opportunity to whine about economics, expect not to invite me in: I am already on board, I sneaked in right behind you when you weren't paying attention. Obviously, I simply got lost and ended up in this forum, while still looking for the correct forum where people like me should reside.

          (Trying to be funny: you decide  ;D ).

          That being said:

          @communityuk:

          covering c32000 homes.

          a major Social Housing provider

          Is the c a typo error and is this 32k social housing houses that get free WiFi?

          Any help you can give in providing the evidence we need would be very gratefully received.

          I'd advise you to contact the admins/owners of this fine place and ask for their consulting. I'm sure you'll need it if you win it, and I'm sure the company behind this project is more than willing to help you out with some consulting  ;D

          6 and a half billion people know that they are stupid, agressive, lower life forms.

          1 Reply Last reply Reply Quote 0
          • S Offline
            Supermule Banned
            last edited by

            Its actually very easy to setup but difficult to maintain.

            I run pfSense in an Enterorise environment running a cloud hosting provider seeing heavy bandwith usage.

            I can provide you with a lof of scenarios for this solution, but not for free when we are discussing this magnitude of setup.

            1 Reply Last reply Reply Quote 0
            • M Offline
              Mr. Jingles
              last edited by

              @Supermule:

              Its actually very easy to setup but difficult to maintain.

              That tickled me, Mule: what is difficult to maintain?

              6 and a half billion people know that they are stupid, agressive, lower life forms.

              1 Reply Last reply Reply Quote 0
              • S Offline
                Supermule Banned
                last edited by

                This scenario takes 10+ pfsense boxes to be maintained and running in CARP scenarios to secure uptime in different physical locations spread across North England to secure uptime and redundancy.

                If you run 1 or 2 boxes then you cant take multiple nodes out of the equation without sacrificing bandwith and uptime…

                1 Reply Last reply Reply Quote 0
                • chpalmerC Offline
                  chpalmer
                  last edited by

                  example 1
                  I have a client using wireless links in the 3.x gig range (licensed) with multiple locations and primarily for (private) VOIP solutions throughout their region. They use bare metal units running pfSense and only use the routing capabilities "inside" the network with only one firewall enabled at the point where the network touches the rest of the world.

                  The system is used in the broadcast industry and works very well for them.

                  example 2
                  I have a main data room at my main location that hosts company servers and my primary pfSense loaded box. This location hosts (as of right now) 6 OpenVPN connections to our other business locations including a couple of "customers" systems we installed so we can maintain their networks. Simple example but the OpenVPN connections are very rock solid.

                  and this if you haven't seen it…

                  https://doc.pfsense.org/index.php/Comparison_to_Commercial_Alternatives

                  Triggering snowflakes one by one..
                  Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

                  1 Reply Last reply Reply Quote 0
                  • M Offline
                    Mr. Jingles
                    last edited by

                    @Supermule:

                    This scenario takes 10+ pfsense boxes to be maintained and running in CARP scenarios to secure uptime in different physical locations spread across North England to secure uptime and redundancy.

                    If you run 1 or 2 boxes then you cant take multiple nodes out of the equation without sacrificing bandwith and uptime…

                    Thanks Mule  ;D

                    Ah, now I see: it's configuration management-related (yes, even economists can learn words out of their own field  :-X ).

                    Question comes up: how do the Google's of this world manage this, with their a quadrillion servers?

                    A simple rsync of changes doesn't cut it, I understand, as box 1 needs a different config than box 7.

                    6 and a half billion people know that they are stupid, agressive, lower life forms.

                    1 Reply Last reply Reply Quote 0
                    • chpalmerC Offline
                      chpalmer
                      last edited by

                      https://forum.pfsense.org/index.php?topic=89479.0

                      Cross post.  :o

                      Triggering snowflakes one by one..
                      Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

                      1 Reply Last reply Reply Quote 0
                      • S Offline
                        Supermule Banned
                        last edited by

                        Do you know how Google routes their traffic and how its distributed??

                        We are talking 32.000 end users…. Streaming, downloading and who needs to be secure and in a controlled environment.

                        Peak hours is maybe averaging 5+mbit pr. user and that amounts to 20 GB/s average bandwith....and the peaks can be much higher.

                        Since you cant adjust kern.ipc.maxsockbuf to much more then 4262144 then you will run into bandwith issues using pfsense with less than 10 boxes as the endpoint and that is only average use....

                        Use L3 switching instead and give every user a SOHO FW as a gift...

                        1 Reply Last reply Reply Quote 0
                        • C Offline
                          communityuk
                          last edited by

                          I guess we really should have mentioned that this is a not a network that will route ALL traffic via a single pfSense, that would be insane :-)
                          pfSense would be deployed within local segments of the network where Internet connectivity would also be deployed. OpenVPN would be used to
                          connect key locations together over the network.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.