ProLiant DL120 - pfSense
-
Hello,
after a few months of test trials on a „regular pc“ I'm planning on scaling up the operation and getting a new server for my network/security needs.
I’ve got around 120 users (and quite a few more in possible future WiFi scenario) and a 1 Gbps down/up link.
My budget was not on the bigger side but this is what I’m ordering:
HP DL120 G9 E5-2603v3/8GB (with two ports of 1Gb - not Intel NIC)
120 GB SSD
Two HP Ethernet 1Gb 4 - port 366T Adapter (those are Intel made NIC's)If I’m not mistaken FreeBSD 10.3 is under the hood of our pfSense so… the E5 Xeon should be supported BUT the disk controller B140i is sadly not supported so no RAID for me. I think I read it somewhere here on the forum that I need to disable it in the BIOS before installing pfSense – that’s true?
I’m planning on running squid (transparent proxy to record the net activity), squidGuard (to block porn, torrents,…) snort (IDS IPS) and a VPN for up to 5 users.
After I get the hardware I’ll post some updates and stats.If someone’s already using this server or tried it – feel free to comment and share some experience : )
Cheers and thanks for a great product!
-
Do you know what chipset the onboard NICs use? They might be just fine. I'm running older HP 1U hardware with Broadcom NICs on board (bce driver IIRC) and they work great but my environment is a little less demanding than yours, WAN wise.
I wouldn't worry about RAID support. Using a single SSD should be more than enough.
What I would worry about, though, in a production scenario, is redundancy. I'd want two pfSense boxes in a failover pair. They don't have to be identical (but it makes things a tad easier). I run a DL360 as a primary pfSense box at one location, backed up by a VM running on ESX. The advantages are numerous, and the extra cost is almost nil if you already have a virtualization setup. Otherwise, I'd look at getting 2 servers to run pfSense. If you're in production, and don't want to have to do your software upgrades in the middle of the night, it's worth it for that reason alone. Just my 2 cents.
-
The onboard NIC is a Broadcom I believe, Dual Port 361i - it will probably server for a smaller LAN.
I too don't think that no RAID support will be a problem - I'll just make periodical backups and that's it.The redundancy issue is a valid one, I planned on using the current "test server" for when updates are urgent. It won't be even remotely similar to the new system but it will cover the bare functionalities.
Hardware Update:
Sadly there is not enough physical space in the server for 2 x 366T cards, so I'll be going with 1 x 366T card and 2 x (some low profile 2 port NIC's) -
The redundancy issue is a valid one, I planned on using the current "test server" for when updates are urgent. It won't be even remotely similar to the new system but it will cover the bare functionalities.
You can have redundancy (failover) via CARP with dissimilar hardware for sure. It can take a little planning but it's not terribly complicated. Good luck!