Hardware Requirements small network

  • Hardware Requirements
    Hello everyone, I'm a newbie in the Pfsense and I want to use it as a firewall. Currently my network has a cisco 2800 router, a dell R710 server, 12 laptops, two wifi access points and 3 internet links with xDSL modems (2 with 1 MB upload and 5 MB download and the other with 1 MB upload and 5 MB download). VPNs may be required in the future. My questions are:
    -Of how many Ghz would you recommend my CPU considering 25% growth?

    • how many gb of ram? for the same growth
      -and which NIC are the best for my project?
      Thank you for your answers.

  • Netgate Administrator

    (2 with 1 MB upload and 5 MB download and the other with 1 MB upload and 5 MB download)

    So…. 3 with 1Up/5Down? Or did you typo something there?

    CPU frequency vs performance is massively dependent on age so not a good measure. Not directly at least.

    RAM requirements are very dependent on what packages you might want to run, Snort, Squid etc.

    Use Intel NICs if you can.

    What is the total throughput you require? May require in the future?

    Do you need to run any VPNs?

    Which packages might you want to run?

    Do you have a budget in mind?


  • Hello, there are 2 links of 1 MB up and 5 Mb down each. The other one is 1 MB up and 8 MB down. It is required to install Squidguard, Snort, Mailreport and Vnstat. Also a VPN client server with maximum 50 users. Budget around $ 250. Thank you very much for your answers!

  • Netgate Administrator

    Whilst it's possible to run Snort or Squid on the SG-1000 it requires some careful tuning and I have never even tried to run both at the same time!

    I could not recommend it if you need both those packages.

    Better to run this: https://store.netgate.com/MBT-2220-system.aspx Though you would have to install pfSense yourself there due to the HDMI limitation.


  • Netgate Administrator

    I couldn't find a USB slot on my toaster to test, I'll have to take your word for it.  ;D

    However I can say that without tuning Suricata, for example, will eat all the RAM and fail to start on an SG-1000 with no traffic on it at all besides the SSH login. I tested that a few days ago with ET rules only.

    I haven't tested Snort for a while but I have no reason to think it would be any different.


  • While I often roll my eyes at all the overkill builds here, the matchbox SG1000 seems on the other extreme, there seems to be no headroom on this puppy, unable to burst. Hit the gas and it goes uh-no, you are not asking me to….. :(

  • Netgate Administrator

    I mean a 12Mb total connection would be ideally suited to the SG-1000 if it weren't for Squid/Snort requirement.

    I'm not saying it cannot work. If I was in that situation and had an SG-1000 I would certainly attempt it but I would expect issues. Possibly insurmountable ones!

    I can't in all honesty recommend the SG-1000 to Malad given he wants to run those packages.


  • It's correct, I can not use the SG-1000. I think I'll use a Chinese box. Thank you for your answers

  • apu2 or apu3 would nail this requirement, depending on pricing in the purchaser's locale. biggest problem with sg-1000 for this is the RAM, apu2 has 2 or 4 gigs.

  • Netgate Administrator

    Yeah, that would work great here. You do, currently, have to install pfSense yourself but it's not hard.


Log in to reply