Two or more pfsense boxes

  • Is there ever a reason why you would want to have two or more pfsense boxes in your network?
    I was wondering if this is a common practice to separate functionality to separate devices like having one pfsense as firewall only and running another for squid or any other task. Is this a common or best practice for better cpu/memory management?

  • Many reasons for it. Redundancy in an HA or warm-spare setup is common. You could off-load some services to other pfSense instances, but it may be a better idea to build a server/appliance just for those things w/o needing pfSense specifically to do that. It's really up to your requirements.

  • Thank you for the info.

  • You DO NOT need a pfsense instance to run squid, it's actually a stand-alone program that can be installed on almost any PC operating system, be it bare metal or even virtualized. Has been that way for a long time...

    I can't think of many reasons (besides redundancy or high availability) to run multiple pfsense boxes on the SAME network. Maybe some of the other pros can chime in. If you've got enough ports on a pfsense box, or use managed switches, that's kinda all you really need to create a pretty robust network.


  • @akuma1x
    Thank you for the info.
    I have one pretty stable pfsense box running as a firewall for my network however whenever I try to add any packages, the cpu/memory/tempature starts to climb and the box starts to become unstable. It could be miss configuration on my part however I started to think maybe I need to run another pfsense box to add on any extra packages.

  • @ZeroNine said in Two or more pfsense boxes:

    I have one pretty stable pfsense box running as a firewall

    What hardware might this be? It could be out-of-spec if it's too old, underpowered, etc.


  • Intel Dual Core Celeron, 64 bit, up to 2.48GHz, AES-NI hardware support
    2x Intel i211 Gigabit Ethernet NIC ports
    4x USB 2.0, 2x USB 3.0, 1x RJ-45 COM, 2x HDMI

  • having a prod and a test/dev FW can be good.

Log in to reply