Migrating from Fortigate
-
Ah, OK well you should be fine with the XG-7100 for (30 x 9) 270Mbps IPSec as long as the route conditions allow it.
The only other thing to note there is that pfSense does not include a mail filter/proxy so it's not possible to block spam/malware in email in the firewall.
Steve
-
Should be fine for a while with what I mention I want to do (300-500mbits, ipsec, ips..) ?
-
Yes, I would not expect any issues at <500Mbps.
Steve
-
Ok for the XG-7100.. should I have store or memory ?
What will be the advantage of doing so ?
-
If you're planing to use Squid for wen caching and Snort as IDS the additional RAM and storage would eliminate any concerns. Both can use a lot. Snort in particular can use a lot of RAM.
It's certainly possible to run both in the default config though. You would just have to watch the RAM use and tune it if it gets too high.Steve
-
So to be save, 24gb ram and 256gb m2 ?
-
An XG-7100 with that specification will no problem at 500Mbps running with Snort.
Re-reading this though I see you have stated:
In a normal day, I have around 3000 sessions
What exactly do you mean by that? 3000 connections? 3000 clients?
Thousands of clients behind Squid can be an issue.
Steve
-
no. there is about 50 client behind the firewall (at the main office) and about 10-15 externally connecting by vpn/ipsec
By sessions, i mean: (from my fortigate)
I wont run squid.. but just snort (dhcp,dns etc etc)
-
Ah, that should be no problem, with or without Squid.
Steve
-
Thanks a lot!
just placed an order for:
XG-7100 1U pfSense
Security Gateway Appliance
Crucial 16GB DDR4 SODIMM Additional Memory = 24GB Total
256GB M.2 SATA SSD -
@froussy What Crucial memory did you buy and how did it work out? Did you get the SATA ssd from crucial also?
