Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Firewall hardware

    Hardware
    4
    10
    4429
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fastcon68 last edited by

      I have a pair of machines that have finally come home.  A dual PIII 800 and a Dual PIII 733.  Both have Intel server nics intergrated into the system board.  I was debating turning them into PF-Sense firewalls.  Will the dual 800 or dual 733 handle 5 vpn tunnels with 2 heavy users internal users and lite vpn traffic?

      Does the new verison support the dynamic IPSEC tunnels like m0n0wall yet, I like to test it.

      RC

      1 Reply Last reply Reply Quote 0
      • GruensFroeschli
        GruensFroeschli last edited by

        What kinds of bandwidth are you talking about?

        @http://www.pfsense.org/index.php?option=com_content&task=view&id=52&Itemid=49:

        VPN - Heavy use of any of the VPN services included in pfSense will increase CPU requirements. Encrypting and decrypting traffic is CPU intensive. The number of connections is much less of a concern than the throughput required. A 266 MHz CPU will max out at around 4 Mbps of IPsec throughput, a 500 MHz CPU can push 10-15 Mbps of IPsec, and relatively new server hardware (Xeon 800 FSB and newer) deployments are pushing over 100 Mbps with plenty of capacity to spare. Supported encryption cards, such as several from Hifn, are capable of significantly reducing CPU requirements.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • F
          fastcon68 last edited by

          3 mb down / 512 kb upload by embarq

          1 Reply Last reply Reply Quote 0
          • F
            fastcon68 last edited by

            I went back and verified the hardware.  It is Tyan Thunder - LT-E.  It has 2 intel on board adapters (100 MB).  I have 1.5 GB of ram in the machine currently.  I am using a 256 MB flash card running M0n0Wall for some testing.

            The other machine I have is eactly the same specifications except it has dual 733 processors and 1 GB of ram.

            RC

            1 Reply Last reply Reply Quote 0
            • jahonix
              jahonix last edited by

              Both machines should be able to handle your 3mb/512k easily, including VPN.

              1 Reply Last reply Reply Quote 0
              • F
                fastcon68 last edited by

                That's great, It will allow me to recover two workstations and then build out a my server that has been acting as a firewall for some time.  Just time to order to 2 us cases and put both machines in that.

                RC

                1 Reply Last reply Reply Quote 0
                • GruensFroeschli
                  GruensFroeschli last edited by

                  You write that you have two internal heavy users.
                  I assume they are connected via 100Mbit wire, right?
                  They would be able to produce 100% CPU load.

                  Or are these internal users not encrypted but have to access stuff per VPN on the outside?

                  We do what we must, because we can.

                  Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                  1 Reply Last reply Reply Quote 0
                  • jahonix
                    jahonix last edited by

                    As I understand it the heavy users produce alot of outgoing traffic which is limited by the 3MBit connection.
                    You are absolutely correct otherwise.

                    1 Reply Last reply Reply Quote 0
                    • F
                      fastcon68 last edited by

                      My wife and I generate a bunch of outgoing and incomming traffice.  All VPN traffic is limited to my consulting business.  I do that during off peak hours and when needed.

                      My worksatation which is acting as a server has shares and VPN remote connections.

                      pppppThese get accesses very limited.  Mainly for remote backup. during the middle of the night via ftp.

                      My biggest need right now is to get dynamic ip-sec tunnels working so I can up pdate and continue working on two customer sites.

                      I two test machines that I can set up m0n0wall or the lastest verision of pf-sense alpha if it will support dynamic clients.

                      Once I get this working I have a different project that I am working on that will require dynamic vpn connections for customers.

                      I am looking into starting my own imaging consulting company that will providing web access to scanned images.
                      I know for that I will need to a larger firewall.

                      RC

                      1 Reply Last reply Reply Quote 0
                      • Y
                        YeOldeStonecat last edited by

                        I'd say way more than enough power.  You want that much power, electricity, heat, noise?

                        PFSense is not a UTM appliance, doesn't need a lot of power.  I've played with a lot of hardware and various *nix distros, I've come back to PFSense….because of QoS features.  I run it on one of my old IBM Thinkpad laptops, a mid-range P3.  Only 256 megs of RAM.  Onboad Intel NIC, I stuck in a Linksys PCMCIA NIC...she runs great.  5x users in the house..2 of which are VERY heavy users.  Plus I have an IPSec VPN tunnel to my office, do a lot of other VPNs to other clients.  8 meg connection.  Under the heaviest of loads on the network...I never got CPU utilization above 35%.

                        Laptop..nice and small, quiet.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post