Hardware requirements for pfSense software for our branch offices and HQ



  • So we have to connect our 3 branch offices with approximately 10, 50 and 100 employes with HQ that has approximately 200 employes. We want to use pfSense to make S2S VPN connections from branch offices to the HQ. IT management allowed the purchase of 4 PC computers on which we would install pfSense software. PfSense would act as statefull firewall with NAT on outside interface and VPN endpoint and maybe IPS/IDS in HQ for users who are coming out to the Internet. 3 branch offices have 100 Mbps Internet connection and HQ have 1Gbps access to the Internet. My question is what harware should we buy (processor, RAM memory, NICs, etc.) to be able to have 100 Mbps and 1Gbps throughput, with IPSec encryption, NAT and IPS/IDS?

    And is it more cost-effective to buy Netgate hardware? If it is, which hardware do you recommend? Maybe SG-3100?


  • LAYER 8 Rebel Alliance

    The SG-3100 could be okay for your branches, but with 100Mbit/s VPN traffic and IPS/IDS you would have the SG-3100 on very high full load with no reserve.
    For your HQ it would definitely be the wrong device, you could never get close to 300Mbit/s VPN traffic.
    The XG-7100 should fit your requirements and make you happy. :-) Depending on your budget get two of them and run in HA. ☺
    For your branches check out the SG-5100 or if you need rackmount buy the XG-7100 for them, too.

    -Rico


Log in to reply