Hardware and performance
-
Hi
I'm trying to use pfsense as a firewall/router/web filter/IDS. It will sit between my edge switch and my ISP-managed router. The only real routing bit will be the occasional inter-VLAN stuff plus acting as a gateway for internet traffic.
I have managed to get it all setup including with snort etc. and it seems to be working however the performance is terrible. It can take a good ten seconds to load a google search, but then sometimes it's instant. And on AJAX heavy pages like our IT helpdesk it just crumbles. It also seems to cause problems with Outlook and certain file attachments on our CRM but I think this is likely due to misconfigured snort settings etc.
The server has the following hardware. We have a 50mbps internet pipe but I'm only trying this with one user right now and it's like this. Am i skimping on hardware?
Thanks
Dell PowerEdge 860
Processor: 2.40 GHz Dual-Core Xeon (3060) - 800/4MB
Memory: 8GB - (4 x 2GB) - DDR2 - DDR2 ECC
Hard Drive #1: 80GB - SATA II - 7200RPM
PCIe Card #1 (FH): Dual Port Gigabit NIC - PCIe -
I'm trying to use pfsense as a firewall/router/web filter/IDS.
Nearly a really UTM without AV scanning, or?
For how many users this pfSense box must be running well, please?
200, 400 or 1000 users? A greater or newer model should be used
Witch other services do you use that are "eating" the CPU power?
Perhaps something like DPI?
Another CPU would be fine
Do you use Squid as a proxy?
Perhaps a SSD will help speeding things up?Processor: 2.40 GHz Dual-Core Xeon (3060) - 800/4MB
Available for ~$10 at eBay
Memory: 8GB - (4 x 2GB) - DDR2 - DDR2 ECC
Ok
Hard Drive #1: 80GB - SATA II - 7200RPM
A mSATA or SATA III SSD would be fine and would be speeding up caching using Squid.
PCIe Card #1 (FH): Dual Port Gigabit NIC - PCIe
Can be all, please tell us the vendor or upgrade this against a Dual or Quad Port card from Intel.
There are many options for you:
- Upgrading the existing box with a SSD and an Intel server NIC (2 or 4 Port)
If this not is helping out, you could use this as spare parts for another one! - Intel Celeron J1900 pfsense Box Box 1 Box 2
- SG-2440, SG-4860 or SG-8860 units from the pfSense store
- Self made box based on Supermicro Intel Atom C2000 (Rangeley) Boards
- Axiomtek NA342, NA342R, NA361, NA361R appliances
- Xeon E3-1241 Quad Core CPU starting @3,0GHz
- Intel Xeon D-1540
For sure not only for the 50 MBit/s WAN throughput but more tended to the other services you run on the box
and perhaps the number of users this box is serving. - Upgrading the existing box with a SSD and an Intel server NIC (2 or 4 Port)