Time to upgrade…
-
Fellow forum members,
I am looking to upgrade my firewall system. I am a total "noob" to pfSense, but I do have experience with a different open source firewall package, running on some very old hardware. I have found a great deal on some starter hardware. I would like to ask the forum members to recommend some additional hardware to complete the package. note:I have spent the last few weeks reading this specific forum, and found a treasure trove of useful information; however….it seems the more I read, the more time I spend wondering what I should do.
I have the opportunity to acquire a very gently used server. It is a Supermicro SuperServer 5017C-LF
https://www.supermicro.com/products/system/1u/5017/s2GBys-5017c-lf.cfm
I will basically get what is shown on the Supermicro page...no CPU, no RAM, no Storage. To me it seems like I am getting some pretty stout starter hardware for very cheap (basically free.) I need help choosing those "missing items."
I have a 100MB/100MB network connection via FiOS and using OpenVPN. Not terribly fast, but good enough for what I need at this time. I would like to 'future proof' as much as possible, but not knowing my exact needs in the next 3-5 years, this is kind of difficult. I will be running some sort of intrusion detection; but since I am new to pfSense, I will have to read up on my options before choosing. Note: I have used Snort in the past running on that 'other' platform.
What I really lack is the knowledge to choose compatible hardware, and the best combination of components.
For the CPU, I am confused about the specs on the Supermicro page. It says I can use Xeon, i3, Pentium, and Celron series Processors. I think the Xeons are way overkill. As for the i3, it says series 2xxx/3xxx...(Only?) Are the series 2xxx/3xxx even available any more? (maybe eBay?) That leaves Pentiums and Celerons. I want the AES-NI support, so how about a Pentium G4600? It seems powerful enough, AES-NI support, and not terribly expensive. Will the G4600's on-board graphics conflict with the Matrox Graphics on the SuperMicro motherboard (X9SCL-F)? I am not really sure "how much" CPU I need..so..any help is appreciated.
For the memory, it appears ECC memory is not required by these types of applications, so how much 'regular' non-ecc RAM should I get? It appears I am 'limited' to DDR3-1333, correct? I cannot get a sense of how much ram I NEED for my application, so i need some advice; is it 2Gb, 4Gb, 8Gb, more?
Storage seems the most confusing for me, so many options. Traditional hard drive? SSD? mirrored SSD? USB Flash Drive? (or mirrored Flash Drive?) Is overwriting Flash Drives and/or SSDs that much of a concern? I do want some form of redundancy here, so should grab a few 2.5" SSDs (30~40 Gb each) and mirror them?
One last concern, I have read here over and over about Intel NICs. This unit does have two Intel NICs, but each appear to be run from a different chipset. One is an 82579LM and the other is an 82574L; should I be worried?
Thank You in advance for any responses, I do appreciate the advice.
-
For the memory, it appears ECC memory is not required by these types of applications, so how much 'regular' non-ecc RAM should I get?
Memory Type
1600*/1333/1066/800MHz ECC DDR3 SDRAM 72-bit, 240-pin gold-plated DIMMsYou need ECC DIMMs, I'd use 4GB, if you plan on using memory-intensive packages like snort/suricata/squid/… more is better. Like always. ZFS needs some ram as well.
I'm not sure about the CPU but AFAIK the little XEONs have better TDP (less heat) and generally more bang-for-the-buck. I wouldn't refuse them steadfastly if you can get them.
A spinning HDD will work. Mirrored with ZFS even better. Nothing beats an SSD except for price, though.
Will you use this device at home or in an office? What's your priority: price/operating costs (power)/noise level/reliablity/...
-
You absolutely do not need ECC RAM. If you want to use it and have compatible hardware, that's fine. But you do not need it, not even if you do a ZFS install.
Amount of RAM depends on what you want to do with it. Base install, 2GB will be fine. But you'll probably want to play around with it. 4GB will be enough for most uses. There are some things that can really hike up RAM usage fast. For example, if you end up wanting to DNSBL w/ TLD enabled and you have a decent number of lists, you'll need in excess of 8GB RAM.
So I would suggest that for now, you buy one stick of RAM, ECC or non-ECC is totally your choice. If you think you might play around with RAM heavy packages like TLD in the future, then go for 1 stick of 8GB, if not then get a stick of 4GB.
If you do buy one stick now, make sure you buy something very mainstream and popular. That way you won't have trouble getting a matching stick in the future even if they discontinue it (eBay).As far as media install goes, SSD is king.
Mirroring is nice, but probably unnecessary unless this is in a HA setup. If your drive fails for any reason, just reinstall to a new disk (you can even install to a flash drive while you wait to get a replacement) and backup form config.xml and your system is back up.
But if you do want to mirror, then use 2.4.0 BETA and zfs install. (You still won't need ECC).I would avoid HDD's unless you are just strapped for cash and need a lot of storage space. They just introduce moving parts and increase power consumption.
I would install to a thumb drive and use RAM disks before I used a HDD personally.G4600 will be overkill for your current needs (by a lot), and will allow you to play with all of the packages and increase your bandwidth in the future. So for your described use-case, excellent choice.
I would not expect the Mobo GPU chipset to interfere with the on die GPU, but can't confirm.
-
You absolutely do not need ECC RAM.
From the spec sheet it looks like that board only supports ECC and has an LGA1155 processor socket. The G4600 is an LGA1151 processor.
G4600 will be overkill for your current needs (by a lot), and will allow you to play with all of the packages and increase your bandwidth in the future. So for your described use-case, excellent choice.
I would not expect the Mobo GPU chipset to interfere with the on die GPU, but can't confirm.
There is a footnote on the same page that says, " Intel E3-12x5 series processors which have integrated graphics support are not supported."
-
I stand corrected, I thought the ECC comment was directed towards pfSense. My Bad!
-
You absolutely do not need ECC RAM. If you want to use it and have compatible hardware…
I'm a bit late to the party but anyways…
That's why I quoted the specs on the Supermicro page. There is NO mention of non-ECC Ram as is usual at other products. Hence my comment. Don't know why that was difficult to understand.Sometimes a second between reading and hitting the "reply" button does wonders, especially when used for thinking...
-
Thanks for info folks, I really appreciate your input. I will take your advice into consideration.
Not sure which way to go just yet, but you all have given me some valuable information needed to make an educated decision.
Cheers!
