Best config money can buy
-
I am looking to build and appreciate any advice for the config that will satisfy a) future pfsense versions b) my SOHO 150/150 Mbps (soon 300/300) - most business usage are video conferencing via Skype. Snort incl. I don't mind to build overkill (as I did before w/ many comps b/c my motto is mo' power bo' better:)
Searching this forum looks like mobo candidates can be X11SBA-LN4F or A1SRi-2558F.
-
"Best config money can buy"
Here you go
https://store.netgate.com/pfSense/Sg-4860-HA.aspxAlso suggest the support package.. I would go with the HA Enterprise Plus 3 years up front!
Unless you have a budget issue, which you did not mention?
-
or this: https://store.netgate.com/SG-2440.aspx
But to be honest the best config money can buy is really not the right question to ask :) Cause we could also recommend a Xeon 32 core server with 128GB ram etc :) a more appropriate question would be what is the right config to buy to run PFsense on a 300mbps network with Snort running on it. In which case a mobile i3 would do (like the qotom boxes or similar) or the supported ones from netgate if you want officially supported H/W or a i3-7350k if you are looking for the absolute max performance per thread for a reasonable price.
-
For power consumption in relation to performance, quality and possibilities, i think the Supermicro X11SBA-LN4F is one of the best mb you can buy today.
-
For power consumption in relation to performance, quality and possibilities the board has, the Supermicro X11SBA-LN4F is one of the best mb you can buy today.
That's almost certainly not true unless you're heavily weighting the subjective "quality" factor. For power consumption, the IPMI has a huge impact on the SM boards. It might be worth it for a given application, it might not, but it's going to impact power efficiency. For performance, I would not buy into airmont now that goldmont is available. If you really like supermicro, a A2SDi-2C-HLN4F or A2SDi-4C-HLN4F or even something like a A2SAP-E is more attractive in late 2017.
-
No N or J series Celerons or Pentiums will keep up with even a moderate ruleset on IDS/IPS at 300Mbps, let alone symmetrical 300Mbps.
You need a desktop part to handle that, unless you will be using a very light ruleset. IDS/IPS is very CPU intensive, much more so than OpenVPN or any other single pfSense package or application.
I would certainly recommend suricata over snort as suricata is multithreaded and otherwise very similar.
A Pentium G45xx or better will handle your needs. You can overbuild as you see fit.
Look into Traffic Shaping as well. Either learn HFSC and implement that as it is fully supported, or you can run a few quick cli & shellcmd lines to use fq_codel on Limiters.
For a business application though, you're likely better off covering your ass by buying official pfSense products + support and only using fully supported methods.
-
For power consumption in relation to performance, quality and possibilities the board has, the Supermicro X11SBA-LN4F is one of the best mb you can buy today.
That's almost certainly not true unless you're heavily weighting the subjective "quality" factor. For power consumption, the IPMI has a huge impact on the SM boards. It might be worth it for a given application, it might not, but it's going to impact power efficiency. For performance, I would not buy into airmont now that goldmont is available. If you really like supermicro, a A2SDi-2C-HLN4F or A2SDi-4C-HLN4F or even something like a A2SAP-E is more attractive in late 2017.
Just a heads up on the A2SDi, got mine today and discovered atmo there is no driver support for the C3000 NIC in FreeBSD. It's a lovely little board and works fine with pfsense 2.4, just no nic yet :'(
-
Best config money can buy
Not easy to answer likes you might be imagine. There are two groups of users that will be getting their hands on
a cool pfsense fitting their needs and wishes. The first group is willing to buy an appliance from netgate directly
and the other one love to be more independent or love more self made but serving then all their wishes to 100%.So it is not so easy to get answer that question if you ware not willing to come some closer to your way you
want to walk through!Official Builds and Hardware:
- SG-2440 would be nice to go with but otherwise to small footprint to be future proof, (in my eyes)
- SG-4860 right sorted with anything you need and wish to have (all is right now) (HA preferred)
- SG-8860 most effort for a long time run and usage to be sure that you will be able to install and run anything
To be able to get other stuff installed, working or for being more agile acting with an looking eyes toward
to the many things could come, coming and being there. Especially here it might be mend being able to
install additional hardware or packets.If money is not the problem for you and there will be no greater demands as stated above by you,
I personally would go with the SG-4860 HA or SG-8860 single pfSense box, both are really
wicked and matching more then all criteria made by you.But if some things or options are not given here it might be also nice to go with the;
Unofficial Hardware:
Tiny- APU2C4 might be running well, but not with any greater headroom to be future proof
also with a 1U dual board case HA ready to go with if needed.
Small - Supermicro X11SBA-LN4F or Supermicro SYS-E200-9B bare bone
Please only go with the newer BIOS version and/or rev. "B" of that board but then you get a nice quad port
box that is serving well all your needs w/ some headroom.
-
@BlueKobold:
- Supermicro X11SBA-LN4F or Supermicro SYS-E200-9B bare bone
Please only go with the newer BIOS version and/or rev. "B" of that board but then you get a nice quad port
box that is serving well all your needs w/ some headroom.
I agree with you from my own experience. the system works perfectly!
I also tested the power consumption. This is activated with the most needed services running, like squid, suricata, pfblocker, antivirus, all 4 nics up and connected, ipmi activated, at 10 watts. perfect for home use.
- Supermicro X11SBA-LN4F or Supermicro SYS-E200-9B bare bone
