Question about running pfSense on Dell Hardware



  • I'm currently running pfSense on generic i7 830 with 8gb Ram, 256gb SSD and dual Intel 1000T NICs.  It's running smoothly as our main firewall for 50 employees and with about 80 devices.  I have 3 ISP connections 25/25, 18/2 and another 18/2.  All works great.

    The company is growing and moving in a few weeks. I was planning to take a spare Dell 1950 III with Dual X5450 CPU's, 32GB RAM, (2) 73GB 15K drives for OS and (2) 146GB 15K drives for DATA and a Quad Intel I350-T4 PCI-E Adapter and loading Windows 2K12 R2 w/HyperV and running pfSense in a VM.  Plan was to build VM with 16GB RAM and 4 vCPU's running on the 146GB 15K drives in a RAID1.  I also need to run one more VM that will consist of 8GB ram and 2 vCPU's.  Should be a pretty light weight application.  Our new connection to the world will consist of (2) AT&T Fiber connections.  One will be 1000/200 for General everyday use, the other will be a 200/200 strictly used for 2 Site to Site VPN tunnels along with about 10 VPN users.

    So my questions are, will this hardware be suffice?  Will I run into any issues running pfSense in HyperV 2012?  Should I ditch 2k12 Server and load pfSense straight on the box?  My main reason for HyperV was to have the ability for Snapshots and backups in case I needed to get it up and running on another box quickly along with running that other VM mentioned previously.    I do plan on running pfSense with Snort, Suricata and/or pfBlockerNG but haven't messed with them much.

    Any feedback and suggestions are greatly welcomed!  we don't have much of a budget or I'd buy one of the Hardware Appliances pfSense runs on.  I'm just taking a server we already have.

    TIA!



  • I can't speak directly about Hyper-V, but pfSense in a VM works fine in production for us on ESXi.  The one thing I'd be concerned about is throughput with that setup.  We're running on slightly newer hardware with much lighter VMs (1vCPU, 1GB RAM) serving a 100x100 WAN connection and about 8 LANs and throughput between LANs is limited by pfSense, but it's not terribly important to us so I haven't tried throwing more vCPUs in the mix.

    As for the hardware setup, the hypervisor machines have 4 1Gbps NICs (either Intel or Broadcom, can't recall now) aggregated into a single logical connection.

    I'd say try it and see what you get.  Worst case you end up running on bare metal and wasting a lot of RAM and storage but it will likely do the job just fine.



  • Thank you very much for the reply.  Networking is not my strengths and I'm still learning.  I was debating about putting an Ubiquiti Edgerouter behind the pfSense to handle internal network traffic and VLANs.  Do you think this would assist in the Throughput concerns you mentioned?

    WAN <–> pfSense(NAT/Firewall/VPN) <--> EdgeRouter (as router only) <--> LAN


Log in to reply