Hardware recommendation on 150mbps/10mbps?



  • I works in a small company.

    Current setup:

    18mbps download/1mbps upload
    12-14 workstations, 6-8 wifi devices.

    Atom D525
    2GB RAM
    5 intel gigabit ports
    120 GB SSD
    unifi access point

    pfSense with FreeRADIUS 2
    No IDS/IPS/Squid

    The coming setup:
    150mbps download/10mbps upload
    20 workstations, 10-12 wifi devices.

    pfSense with FreeRADIUS 2, Suricata IDS(monitor 3-4 vlans)
    No Squid

    Any hardware recommendation for pfSense? Budget under $900 and it should be power saving.

    Currently I am very interesting with Qotom J1900/3215u box, but I do know it has no enough power.

    Thanks a lot.


  • Netgate Administrator

    No VPNs?

    Steve



  • No VPNs

    Thanks for your reply.


  • Netgate Administrator

    Then your requirements are modest.

    I would expect our SG-2440 to handle that without any issues for example.
    https://store.pfsense.org/SG-2440/

    You might want to test it with the hardware you already have to be sure need to upgrade yet.

    Steve



  • @stephenw10:

    Then your requirements are modest.

    I would expect our SG-2440 to handle that without any issues for example.
    https://store.pfsense.org/SG-2440/

    You might want to test it with the hardware you already have to be sure need to upgrade yet.

    Steve

    Thanks for the recommendation at first.

    But I knew suricata is a CPU/RAM hunger application(a little bit more than snort.) So I said celeron J1900/3215u may have not enough power for this.

    I tried snort on 1 vlan with IDS mode. Atom D525/2G ram failed to react for loging-in with ssh temperately when starting/stopping monitoring on that interface and RAM usage almost full comparing to 10%-20% usage without snort. 4GB RAM may be not enough.

    Also, the "Atom C2xxx LPC failures" title is quit scary even some of the users haven't met the failure.


  • Netgate Administrator

    Snort/Suricata can eat a ton of RAM but they should not use that much if configured correctly.

    If you just enable all the signatures then they might use >2GB but you almost certainly don't need them all.

    Steve


  • Banned

    J3455B and an i340-t4 (if you need four ports), very cheap and low power(especially if you get an eBay server pull NIC). If you want to install 2.4.0 Beta you can even install to a USB flash drive(s).



  • If I don't consider power saving, Jetway NF592-Q170 motherboard recommended by some threads of hardware board may be a very comfortable choice.

    Here is a bare-bone with i5-6500 cpu.
    http://mitxpc.com/proddetail.php?prod=RS-JNF592VI5-FIO

    By the way, I tried a vlan with much less hosts than previous and cut down a lot of signatures as what Steve suggested. Then got much less CPU/RAM usage in the old machine. Thank you, Steve.