Which Appliance should I buy?
-
I work for a non-profit (church) and was considering the purchase of a dedicated pfsense appliace to serve as the dedicated firewall for the next few years (hoping for at least 5). Details follow, please help me decide which model appliance I should purchase while keeping prices down! Also a few other questions after the details, thanks!
Details:
Transitioning to a 300/30 cable internet connection (will try for more up bandwidth later on, maybe 2 years?)
Plan on enabling snort and squid cache, hope for clam and a few other packages as well (network monitoring packages)
Will serve with at least 3 seperate gateways (seperate vlans) connected to individual dedicate IPs on a single internet connection
Will have bandwidth limits enabled through the firewall rules, in addition to DNS redirect and basic block rules
May decide to enable domain filtering as well through pfsense package (currently using dns filtering), filter would be based on domain name and key words.
Normal usage would be around 70 devices with peaks of up to 1,500 devices in the future, mostly cell phones with low actual usage.
Assume some VPN usage for the near future (prob a max of 5 connections)Questions:
- Obvious question, equipment recommendations and overall thoughts/experiences.
- Can I buy the base equipment package and add ssd storage to it after the purchase, raid 1 would be nice but not worried about it.
- How many of the packages would take advantage of the larger core count in the more expensive appliances?
- Is there any customization in the pre-installed appliance or is it just a basic install? Mainly for reinstall and upgrade purposes (keep in mind the ssd/hardware upgrades etc…)
- Is there any new appliance upgrades planed in the next 6 months?
Keep in mind that I'm trying to keep prices low but if it's worth upgrading then I want to do it now and not worry about it later, I doubt that we will be upgrading to a 1gig connection in the near future but if the appliance can handle all the packages + the 1 gig connection then that would be great.
-
Forgot to mention that I have been using pfense on several old machines for the past 3 years already at this non-profit. But I haven't been using packages due to the lack of reliability of said packages. (mostly seen in the install phase).