New pfsense setup



  • Hello,

    we currently running an old pfsense setup with an old pentium pc and some low wan 4mb/4mb

    in Q4 of 2016 we get fiber to our site then we have 200Mb/200Mb.
    now i need a new pfsense setup for this, what we want is

    Wan 200mb/200mb
    Wifi network with 50+ customers in summertime more
    captive portal
    Some kind of proxy server where we can disable some sites like (porn/drugs/alcohol)

    what kind of setup do i need, keep in mind that when needed the wan speed could be upgraded to 500mb

    Please need some advise could a J1900 core do this ?


  • Rebel Alliance Global Moderator

    "Wifi network with 50+ customers in summertime more"

    What are you doing for wifi now?  Your sure not expecting to run 50 some clients off 1 AP are you, be it built into the router or not?  I would look at unifi ap for your solution to your wifi problem - proper place the correct number of AP needed to provide the coverage and density of clients per AP your looking for.

    As to pfsense box itself, pretty much anything should work with 200/200 - once you start getting into 500/500 if fully loaded with lots of sessions then you might need to make sure you get something that can handle that.



  • in Q4 of 2016 we get fiber to our site then we have 200Mb/200Mb.
    now i need a new pfsense setup for this, what we want is

    This could be done and realized by many hardware set ups, but WAN throughput and 50+ WLAN
    clients are not really all you will install as I read it out of the next lines and so please accept that
    any kind of packet, turned on feature, offered and used service or other needed options served
    by pfSense will narrow down the entire throughput a bit, step by step, but lower as expected
    so you should count this all together and then you should be able to ask what hardware is able
    to perform this out.

    Wan 200mb/200mb

    • PC Engines APU2C4
    • Jetway NF9HG-2930
    • SG-2440

    Wifi network with 50+ customers in summertime more
    captive portal

    I would set up inside a smaller miniPCIe card for the home usage and two WLAN APs
    connected over a switch to that network. Take the Radius Server with certificates for
    the internal usage of the whole family and the Captive Portal with vouchers for the
    guests and/or the garden party! So the WLAN APs should be supporting multi-SSID.

    • UBNT SR71-E
    • Compex WLE200NX
      or
    • 2 UBNT WiFi UniFi ac APs or
    • 1 UBNT WiFI UniFI ac AP and 1 UBNT outdoor M5 WiFI AP

    Some kind of proxy server where we can disable some sites like (porn/drugs/alcohol)

    Squid, SquidGuard and SARG, pfBlockerNG and also Black lists and White lists or OpenDNS.

    what kind of setup do i need, keep in mind that when needed the wan speed could be upgraded to 500mb

    pfSense SG-4860
    Supermicro C2558
    Jetway NF9HG-2930
    ASUS Q87T & Intel Core i3

    Please need some advise could a J1900 core do this ?

    The 200 MBit/s for sure, the 500+ MBit/s I really don´t know it, but all together with WLAN
    and Squid and perhaps pfBlockerNG or Snort on top it will be very unrealistic to me that an
    Intel J1900 can handle that load nicely. More a SG-4860 would match in my eyes to that.



  • Well wifi are a bunch of ap to cover the whole area.
    These are connected to a switch which is hooked to pfsense



  • What speed could be get with a j1900 this becaus of the low cost of this device.
    The sg4860 is pretty expensive and maybe above oure budget.

    Are there some cheaper alternatives. Or could i rebuild an old pc to pfsense router.
    Maybe an intel i5 with 2 intel nics.

    Dont knowthe cost but i think that is easyer to get in holland and cheaper



  • For commercial AP like Ubnt, Aruba, Mikrotik, 50+ users on 1 single AP should be fine (except for large area or too much blind spots due to concrete walls)

    @johnpoz:

    "Wifi network with 50+ customers in summertime more"

    What are you doing for wifi now?  Your sure not expecting to run 50 some clients off 1 AP are you, be it built into the router or not?  I would look at unifi ap for your solution to your wifi problem - proper place the correct number of AP needed to provide the coverage and density of clients per AP your looking for.

    As to pfsense box itself, pretty much anything should work with 200/200 - once you start getting into 500/500 if fully loaded with lots of sessions then you might need to make sure you get something that can handle that.



  • J1900 definitely able to deliver 1Gbps NAT (my friend has 1, but his board with Realtek chip can only do 600M under pfsense, but with Linux 1G is good, so in terms of CPU J1900 should be fine)

    @BlueKobold:

    Please need some advise could a J1900 core do this ?

    The 200 MBit/s for sure, the 500+ MBit/s I really don´t know it, but all together with WLAN
    and Squid and perhaps pfBlockerNG or Snort on top it will be very unrealistic to me that an
    Intel J1900 can handle that load nicely. More a SG-4860 would match in my eyes to that.



  • @edwardwong:

    J1900 definitely able to deliver 1Gbps NAT (my friend has 1, but his board with Realtek chip can only do 600M under pfsense, but with Linux 1G is good, so in terms of CPU J1900 should be fine)

    @BlueKobold:

    Please need some advise could a J1900 core do this ?

    The 200 MBit/s for sure, the 500+ MBit/s I really don´t know it, but all together with WLAN
    and Squid and perhaps pfBlockerNG or Snort on top it will be very unrealistic to me that an
    Intel J1900 can handle that load nicely. More a SG-4860 would match in my eyes to that.

    Only looking on the GBit/s at the WAN port and not seeing or counting then the rest of all installed
    installed packets om top of this and/or running services might be sounding good, but is nothing in
    real life if things went to the south.

    For commercial AP like Ubnt, Aruba, Mikrotik, 50+ users on 1 single AP should be fine (except for large area or too much blind spots due to concrete walls)

    I am counting 20 users for normal WiFi APs and as highest number 30 for each WiFi APs controller
    based from the enterprise class as the highest number for getting a good and fair throughput or
    connectivity for all users. Only by using Xirrus WLAN APs this is not the case, all others are mostly
    promising more then they are able to deliver later!

    Well wifi are a bunch of ap to cover the whole area.

    And this is the good way walking with UBNT and/or MikroTik devices they can be bought step by step
    and over their mAP or UniFi WLAN Controller they can be managed all at one time, also for home users
    and customers.

    These are connected to a switch which is hooked to pfsense