New machine, Hardware question
-
This is my spec for a new machine
the machince will have:
2 WAN
1 Lan (5 Vlans)
2 External networks (IPVPN).
About 100 users.
I'm going to run Suricata, PfBlockerNG an Ntopng.
Is this hardware Ok/Overkill ?Hardware:
Case : 7677 1U CASE +200W PSU +1-2 RISER CARD
MotherBoard: ASROCK H270M-ITX/ac
Processor : Intel Core i7-7700 4Ghz
Memory : G.Skill DDR4 F4-2666C19S-8GNT 8GB 2666MHz (2 units)
Hard Disk : SAMSUNG MZ-76E250BW SSD 2.5" EVO 860 250GB
Network : LR-LINK LREC9714HT PCIe x4 port RJ45Thanks
-
With 100 users I doubt this system is 'overkill'. Not sure what brand of 4-port NIC you've specified, but FreeBSD (and therefore pfSense) is known to play well with Intel NICs, while sometimes not working so well with other brands. You might want to consider a quad Intel NIC, like this:
https://www.intel.com/content/www/us/en/products/network-io/ethernet/gigabit-adapters/server-i350-t4v2.html
-
I think the choice is good.
-
The hardware:
I350-based NIC seems like a clone, and I'll go further, also because I know the LR-Link brand.
why don't you think about them (AMD Epyc series network applience miniITX MOBOs):-Supermicro MBD-M11SDV-4C-LN4F-O (with original I350)
it is free of Intel vulnerabilities and is perfect for an NGFW installation.
The total deployment cost of the configurations (pfSense) I use is $ 750- $ 800, if you think I will send you a list of the complete system building blocks I have tested. -
@DaddyGo Hi.
I would love if you could send me your specifications.Thanks
-
Thanks all.
Another question.
If I choose a to use the XG-7100 1U, is strong enough or for my network spec I will need somthing else.Thanks
-
Hi,
The Netgate hardware is also perfectly suited for your purposes, but I chose the Supermicro MBD-M11SDV-4C-LN4F-O because it has an AMD CPU that is not affected by the Intel vulnerability (Meltdown and Specter).
https://meltdownattack.com/I will send my configuration based on Epyc right away.....
-
This is my last ordered configuration.
I usually order from a Polish company, here in Europe, they are the cheapest.
The list also includes double items. (you don't have to consider double items, for example, 4 pieces of fan, one piece of spare only)
On this website you can check the product code of the units (these are Supermicro product codes)
https://www.serverparts.pl/en/I'm also sending an older similar configuration:
For RAM, I used the following in both cases, the list above consists of Supermicro tested and validated items.
Hynix 8GB UDIMM DDR4 PC4-2666V RAM HMA81GU7CJR8N-VK,
for example: https://www.ebay.com/itm/124107712747
-
I installed 2x 8GB RAM in all cases (16GB), but even 8GB is enough for pfSense this is your choice.
if I can help you with anything I am still at your disposal -
I don't see anywhere that you have specified what bandwidth those two WANs will provide. That's the most important factor here.
If those are like 10Mbps each then that is definitely overkill. If they are 1Gbps it's not.
Steve
-
@bereby said in New machine, Hardware question:
If I choose a to use the XG-7100 1U
Please choose ... you'll have no regret when it comes to tech support and room for your growth. It's a pretty puppy too!
-
@bereby said in New machine, Hardware question:
XG-7100
you're right:
look at its original configuration, which has an i7 CPU and a 200W power supply .....who is already looking at the XG-7100, wants serious hardware...
(many just like to experiment or want a significant reserve in their system)only this "ugly" hardware originally outlined, should be conjured up a bit of a network appliance type
35 -50W power consuption / rack case / all-in-one face / Intel NIC / etc.
(and for sure 10 Gig SFP+ WAN or other interface...)
jahhh and don't think I'm against Netgate hardware, (since I've already said that) it's also perfect, but you only have a choice if you know what you can do and choose
(Intel vs. AMD in network appliance theme)
