Help re new pfSense box please

  • Hi
    I need to spec up a rackmount box for a UK customer who has 2 x VSDL WAN connections and a few VPN users. I would want to run Squid to for a LAN of about 25 users. Need to keep it sensibly priced without compromising on quality/reliability. This would be to replace their absurdly over-priced Watchguard. I may well suggest 2 in fallover/redundant mode.

    Can you point me at the sort of processing power I would need for this? I cannot seem to work out what the box will need to cope with the above demands.

    I am assuming that an Intel quad-port NIC (assume total of 5 ports) and a decent SSD (RAID 1'ed??) would be 2 of the standard parts for this.

    Many thanks

  • Netgate Administrator

    UK VDSL is likely to be up to 2x 80Mbps so most current hardware will do that with ease even with Squid running.

    Any descent SSD should not fail for long time though 2 in a gmirror is not a bad idea. Better to save on SSDs and double up on total hardware if you can.

    Two issues I see:

    1. Squid will always use the default system route so only one of the DSL connections. It's not possible to load balance between them from Squid if it's running on the same box. You can load balance other traffic though or policy route it via the non default WAN perhaps.

    2. You can't really use an HA setup with PPP connections that are terminated on the firewall. To do it will correct failover you need to use a different device in front of the pair running the PPP. But that then represents a new single point of failure.


Log in to reply