Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Hardware for small business

    Hardware
    5
    20
    1355
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      oxhey last edited by

      I would like some advise on the hardware for a pfsense firewall for a small business (16 computers wired & wireless + mobiles phones + extra people on network occasionally)

      We have Virgin media business internet with 150Mbps download.

      Will this list bellow be okay with squid/squidguard/snort + antivirus running?

      I have looked at the pre-built units, but they are either out of stock or more expensive than my build.
      Building it seems more fun and future proof  :)

      What are some things I should know when setting up PFSense?

      Also can you confirm that I have the setup right:

      1. Virgin media superhub as modem into PFSense build.
      2. Ethernet from PFSense into switch.
      3. Computers + AP in switch.

      PCPartPicker part list / Price breakdown by merchant

      CPU: Intel - Pentium G4560 3.5GHz Dual-Core Processor  (£46.79 @ Aria PC)
      Motherboard: ASRock - H270M-ITX/ac Mini ITX LGA1151 Motherboard  (£112.99 @ Amazon UK)
      Memory: Crucial - 8GB (1 x 8GB) DDR4-2400 Memory  (£60.17 @ Amazon UK)
      Storage: Corsair - Force LS 60GB 2.5" Solid State Drive  (£37.97 @ Amazon UK)
      Case: CiT - MTX-005B Mini ITX Tower Case w/300W Power Supply  (£35.59 @ Amazon UK)
      Other: Ubiquiti Networks UAP-AC-LITE WLAN Access Point  (£69.00 @ Amazon UK)
      Other: Multi Cable SLIM FLAT 2m Cat6 RJ45 Ethernet Network Patch Lan cable - Multi Coloured "5 Pack" - 2 meter + 15 Cable ties  (£8.39)
      Total: £370.90
      Prices include shipping, taxes, and discounts when available
      Generated by PCPartPicker 2018-03-12 21:41 GMT+0000

      1 Reply Last reply Reply Quote 0
      • NogBadTheBad
        NogBadTheBad Galactic Empire last edited by

        I'd add a Ubiquity Cloud key and a managed switch that supports 802.1q.

        You'll be able to create multiple VLANS and have normal users and guest wi-fi off the same access-point, the guest wi-fi subnet could be setup to have internet access only.

        Will you actually save much bandwidth installing squid as most of the traffic will be https, you'll need to do a man in the middle.

        Just to give you an idea what you can do with 802.1q :-

        https://forum.pfsense.org/index.php?topic=142930.msg779126#msg779126

        1 Reply Last reply Reply Quote 0
        • jahonix
          jahonix last edited by

          CPU: TDP 54 W
          That thing burns 54 Watts with only two (physical) cores. Nice heating and not really the top pick in 2018.

          1 Reply Last reply Reply Quote 0
          • Derelict
            Derelict LAYER 8 Netgate last edited by

            I would get an SG-3100 or SG-4860.

            I would also reevaluate whether you want to do antivirus on the firewall. If your users are not encrypting their traffic you should be encouraging them to do so (which renders AV on the firewall next-to-useless). Squid/Squidguard/peek-splice or pfblocker/dnsbl can give you some control/logging of sites visited.

            1 Reply Last reply Reply Quote 0
            • O
              oxhey last edited by

              @NogBadTheBad:

              I'd add a Ubiquity Cloud key and a managed switch that supports 802.1q.

              You'll be able to create multiple VLANS and have normal users and guest wi-fi off the same access-point, the guest wi-fi subnet could be setup to have internet access only.

              Will you actually save much bandwidth installing squid as most of the traffic will be https, you'll need to do a man in the middle.

              Just to give you an idea what you can do with 802.1q :-

              https://forum.pfsense.org/index.php?topic=142930.msg779126#msg779126

              The reason there isnt a switch is because we already have one.

              Im not sure we need guest wifi either tbh. This is a small business so I dont think its necessary.

              1 Reply Last reply Reply Quote 0
              • NogBadTheBad
                NogBadTheBad Galactic Empire last edited by

                "extra people on network occasionally" thats what made me mention guest wi-fi.

                1 Reply Last reply Reply Quote 0
                • O
                  oxhey last edited by

                  @jahonix:

                  CPU: TDP 54 W
                  That thing burns 54 Watts with only two (physical) cores. Nice heating and not really the top pick in 2018.

                  That doesn't bother me that much as there is a tight budget for this.

                  I guess at some point we could always upgrade to a G4560T which only has a TDP of 35 W.

                  1 Reply Last reply Reply Quote 0
                  • O
                    oxhey last edited by

                    @NogBadTheBad:

                    "extra people on network occasionally" thats what made me mention guest wi-fi.

                    These would be people we trust, so I think for now its fine if they are on the same network.

                    I guess at some point we could add a guest network, but I think its an unnecessary expense at this point.

                    1 Reply Last reply Reply Quote 0
                    • Derelict
                      Derelict LAYER 8 Netgate last edited by

                      A tight budget should consider the long-term cost of the power bill (firewalls generally run 24x7) vs the up-front cost of the hardware.

                      1 Reply Last reply Reply Quote 0
                      • O
                        oxhey last edited by

                        @johnkeates:

                        If you're gonna get one for business use, get a single vendor source. Check netgate, or if you are not afraid for asian vendors, qotom and minisys.
                        Other options are business desktop PC's, small servers and perhaps used pre-existing rack mounted network gear that had some other software on it (but you'd luck out on the hardware support right away).

                        I agree that a netgate one would be good for business use and I will present that as an option to management.

                        We have 2 internet connections so may end up using both a custom solution and netgate one.

                        1 Reply Last reply Reply Quote 0
                        • Derelict
                          Derelict LAYER 8 Netgate last edited by

                          pfSense can wrangle two internet connections on one node.

                          1 Reply Last reply Reply Quote 0
                          • O
                            oxhey last edited by

                            @Derelict:

                            A tight budget should consider the long-term cost of the power bill (firewalls generally run 24x7) vs the up-front cost of the hardware.

                            I will update the list with the G4560T, but by tight budget I meant only for this project.

                            You know how it is with management that think of this as an afterthought  :)

                            1 Reply Last reply Reply Quote 0
                            • Derelict
                              Derelict LAYER 8 Netgate last edited by

                              I have generally found that management likes when suggestions are made that cost them less money over, say, three to five years.

                              1 Reply Last reply Reply Quote 0
                              • O
                                oxhey last edited by

                                @Derelict:

                                pfSense can wrangle two internet connections on one node.

                                Im aware of this  :) , but the connections are on opposite sides of the building (because of course they).

                                We have our main Virgin Media connection which I intend to use my build for and we have a backup slow sky broadband connection which we will probably end up using a netgate system with.

                                1 Reply Last reply Reply Quote 0
                                • O
                                  oxhey last edited by

                                  @Derelict:

                                  I have generally found that management likes when suggestions are made that cost them less money over, say, three to five years.

                                  Noted! :)

                                  1 Reply Last reply Reply Quote 0
                                  • Derelict
                                    Derelict LAYER 8 Netgate last edited by

                                    Nothing some ethernet can't fix.

                                    If you have two routers you have to overcome the inevitable asymmetric routing issues.

                                    But it sounds like you know exactly what you need to do. I'm out.

                                    1 Reply Last reply Reply Quote 0
                                    • jahonix
                                      jahonix last edited by

                                      @oxhey:

                                      but the connections are on opposite sides of the building

                                      And that's an excuse for what? Not running a single system with WAN failover/load-balaning or for being lazy and not pulling a cable (copper or fiber)?

                                      1 Reply Last reply Reply Quote 0
                                      • O
                                        oxhey last edited by

                                        @jahonix:

                                        @oxhey:

                                        but the connections are on opposite sides of the building

                                        And that's an excuse for what? Not running a single system with WAN failover/load-balaning or for being lazy and not pulling a cable (copper or fiber)?

                                        Its really no excuse, but Id rather not over complicate this.

                                        I dont want to be making holes in walls to pass pass cables through.

                                        I think one pfsense box per connection is fine.

                                        1 Reply Last reply Reply Quote 0
                                        • V
                                          VAMike last edited by

                                          @oxhey:

                                          @jahonix:

                                          CPU: TDP 54 W
                                          That thing burns 54 Watts with only two (physical) cores. Nice heating and not really the top pick in 2018.

                                          That doesn't bother me that much as there is a tight budget for this.

                                          I guess at some point we could always upgrade to a G4560T which only has a TDP of 35 W.

                                          The TDP is irrelevant unless you're building something that's cooling constrained. All the TDP number means is "you need to be able to dissipate this much heat". It does not mean "it uses this much power all the time" even though some people act like it does. At idle both CPUs will draw about the same (close to nothing). The main difference is that you pay more for a T series CPU that's throttled to prevent it from getting too hot. What does this mean? If you need more CPU when you're under load, the non-T can give it to you and the T can't. Don't get the T series, you don't need it.

                                          1 Reply Last reply Reply Quote 0
                                          • O
                                            oxhey last edited by

                                            @VAMike:

                                            @oxhey:

                                            @jahonix:

                                            CPU: TDP 54 W
                                            That thing burns 54 Watts with only two (physical) cores. Nice heating and not really the top pick in 2018.

                                            That doesn't bother me that much as there is a tight budget for this.

                                            I guess at some point we could always upgrade to a G4560T which only has a TDP of 35 W.

                                            The TDP is irrelevant unless you're building something that's cooling constrained. All the TDP number means is "you need to be able to dissipate this much heat". It does not mean "it uses this much power all the time" even though some people act like it does. At idle both CPUs will draw about the same (close to nothing). The main difference is that you pay more for a T series CPU that's throttled to prevent it from getting too hot. What does this mean? If you need more CPU when you're under load, the non-T can give it to you and the T can't. Don't get the T series, you don't need it.

                                            I agree  :)

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post

                                            Products

                                            • Platform Overview
                                            • TNSR
                                            • pfSense
                                            • Appliances

                                            Services

                                            • Training
                                            • Professional Services

                                            Support

                                            • Subscription Plans
                                            • Contact Support
                                            • Product Lifecycle
                                            • Documentation

                                            News

                                            • Media Coverage
                                            • Press
                                            • Events

                                            Resources

                                            • Blog
                                            • FAQ
                                            • Find a Partner
                                            • Resource Library
                                            • Security Information

                                            Company

                                            • About Us
                                            • Careers
                                            • Partners
                                            • Contact Us
                                            • Legal
                                            Our Mission

                                            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                                            Subscribe to our Newsletter

                                            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                                            © 2021 Rubicon Communications, LLC | Privacy Policy