Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    First pfSense Build - Hardware recommendations and access points

    Scheduled Pinned Locked Moved Hardware
    22 Posts 8 Posters 7.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      Finger79
      last edited by

      I built an overkill pfSense setup in late 2013 for about $700 USD.

      • 2U case (Rosewill?  Aren't too many good manufacturers out there).
      • CPU:  Intel Xeon (Haswell) quad core @ 3.1GHz.
      • Mobo:  Some SuperMicro server motherboard.  4 Intel i250 Gigabit NICs.  Separate IPMI port.
      • RAM:  16 GB ECC Kingston DDR3 (Japanese Elpida chips).
      • Storage:  64GB Crucial SSD I had lying around.
      • PSU: Seasonic 80+ Gold.  Can't remember the output.

      To this day, it's been overkill for my home setup.  The 16 GB of RAM isn't even close to touched.  The CPU isn't even close to utilized.  The machine idles at maybe 50W, possibly due to the case fans.  I'd like something that barely sips power (<10 Watts) and maybe go with fanless.  The 2U case is too big: I'd rather go with 1U next time or even a SOHO sized unit like the 4860 that isn't rack-mount.  It's hard to DIY for 1U unless you buy the case and mobo together (Supermicro?  Dell?)

      To be fair, I haven't really fine tuned Snort or done much more basic firewalling and pfBlocker with lots of rules for malware C&C blocking (and Spamhaus DROP, Abuse.ch, and other IP block lists).  I just enabled FreeRADIUS for a WPA2-Enterprise EAP-TLS setup.

      I plan on building or buying a lower power rig and migrating to that hardware.  The 4860 in the pfSense Store looks nice and has 6 ports, which would come in handy so I can have separate DMZ and Internal Server zones, WAN, LAN, Guest Wi-Fi, Dev/Test zone, etc.

      But I don't need that much CPU or RAM.  Until the day I get Google Fiber as well as have some kids or something.

      I'll use the current server for an OwnCloud build (and get another HDD or two).

      1 Reply Last reply Reply Quote 0
      • ?
        Guest
        last edited by

        • 2U case (Rosewill?  Aren't too many good manufacturers out there).
        • CPU:  Intel Xeon (Haswell) quad core @ 3.1GHz.
        • Mobo:  Some SuperMicro server motherboard.  4 Intel i250 Gigabit NICs.  Separate IPMI port.
        • RAM:  16 GB ECC Kingston DDR3 (Japanese Elpida chips).
        • Storage:  64GB Crucial SSD I had lying around.
        • PSU: Seasonic 80+ Gold.  Can't remember the output.

        With that hardware you will be able to use pfSense as a full UTM device! With Snort, Squid, ClamAV
        and pfBlocker-NG.

        To this day, it's been overkill for my home setup.  The 16 GB of RAM isn't even close to touched.  The CPU isn't even close to utilized.  The machine idles at maybe 50W, possibly due to the case fans.  I'd like something that barely sips power (<10 Watts) and maybe go with fanless.  The 2U case is too big: I'd rather go with 1U next time or even a SOHO sized unit like the 4860 that isn't rack-mount.  It's hard to DIY for 1U unless you buy the case and mobo together (Supermicro?  Dell?)

        • high up the mbuf size to 1000000
        • increase the amount of RAM for Squid if it is in use
        • set more RAM for RAM disks if in usage

        Hold that machine and after a longer time you will be the lucky one of us!

        To be fair, I haven't really fine tuned Snort or done much more basic firewalling and pfBlocker with lots of rules for malware C&C blocking (and Spamhaus DROP, Abuse.ch, and other IP block lists).  I just enabled FreeRADIUS for a WPA2-Enterprise EAP-TLS setup.

        What about Squid & SquidGuard or Dansguardian and ClamAV and Snort?

        I plan on building or buying a lower power rig and migrating to that hardware.  The 4860 in the pfSense Store looks nice and has 6 ports, which would come in handy so I can have separate DMZ and Internal Server zones, WAN, LAN, Guest Wi-Fi, Dev/Test zone, etc.

        Please search first the forum for reaching full GBit/s over PPPoE if you use it!
        But the unit looks fine for me.
        Here is another one for ~$700 (Supermicro SYS-E300-D8)

        But I don't need that much CPU or RAM.  Until the day I get Google Fiber as well as have some kids or something.

        A powerful CPU able to drive pfSense as a full UTM and much RAM likes 8 GB or 16 GB will be not a bad thing
        as I see it right it is more for long time usage and installing more packets if wished or needed in some days
        and if electric power is cheap where you are living it may be a real gain to go a long time period with that
        set up! $700 : 120 month = ~$6 a month for a full UTM device is a really cheap price in my eyes!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.