Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NEED ADVICE: Planning to run pfsense on a real s**t server

    Scheduled Pinned Locked Moved Hardware
    5 Posts 4 Posters 799 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      powerrc
      last edited by

      I am working for a startup company , budget is very limited.

      Here is the thing , we are building a server rack with 10G fiber connection , firewall is the biggest headache , because as far as I know , I should go with Cisco firewpower 4110 ( I used cisco a lot before) , while it's way too expensive (> $60k).

      What I am looking for are:
      1. 10Gbps firewall throughput
      2. powerful enough to drop tons of packets in a short time ( we got dns amplification attack  a while ago)
      3. Port forwarding only , no NAT or vpn or dhcp ….

      And my hardware list is :
      cpu: e5-1650v4 , 6 cores @3.6ghz
      barebone: supermicro  5028R-WR
      Ram: 64gb ddr4 2400 ecc
      Nic : Intel x710da2

      The plan is , I will build a server running pfsense first , once we start making money on it , or at least seeing the sign of getting revenue ,  we will go get firepower 4110 , and convert this server into a database/file server .(that's why I can not get XG1541 , lack of hd slots)

      Does that sound crazy to you?

      1 Reply Last reply Reply Quote 0
      • ?
        Guest
        last edited by

        1. 10Gbps firewall throughput
        Then better a Linux based Router distro then pfSense, or? Or perhaps OpenBSD or FreeBSD might be sounding also good for me.

        2. powerful enough to drop tons of packets in a short time ( we got dns amplification attack  a while ago)
        Then you should be getting a security option at the ISP or datacentre site and don´t try it to stop with pfSense.

        3. Port forwarding only , no NAT or vpn or dhcp ….
        NAT is a process of pf (packet filter) on a later stage so if it is turned off you may be better of using other stuff such
        native BSD or Linux based routers. Its not a must be, but would be my first choice here.

        OpenBSD as a router
        FreeBSD as a Router

        Or as said anything based on Linux that comes with a better support and might be running a little bit more agile
        to push real 10 GBit/s.

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          @powerrc:

          3. Port forwarding only , no NAT

          Do you mean routing only?

          Doesn't seem that crazy. I would expect to get close to 10G, packet size depending of course.

          Blocking a DOS attack at the firewall is the wrong end of the connection though, I agree.

          Steve

          1 Reply Last reply Reply Quote 0
          • H
            heper
            last edited by

            You wont get anywhere near 10gbe with firewalling enabled

            1 Reply Last reply Reply Quote 0
            • ?
              Guest
              last edited by

              @heper:

              You wont get anywhere near 10gbe with firewalling enabled

              NAT process later in pf, and so if the NAT or entire pf is turned out he ís only able to use flat Routing, so @stephenw10
              could perhaps by right with the 10 GBit/s and routing.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.