Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    XG1537 - Firewall & Router & Captive Portal

    Official Netgate® Hardware
    1
    1
    157
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      thomas.hohm
      last edited by thomas.hohm

      Hello,

      we own a cluster of 2 Netgate XG-1537 with currently 8 GB RAM.
      pfSense is version 2.4.5
      Internet connection is calculated as 1200 Mbit/s (flexible/dynamic bandwidth up to 10 GBit/s)

      This appliance will be used as

      • internet gateway
      • dhcp server
      • dns server
      • ntp server
      • firewall :
        - only accepting outgoing traffic, no incoming traffic,
        - so hide nat will be in place for all vlans and clients,
        - very small number of firewall rules: all clients are allowed to connect anywhere on the internet.
        - bandwidth limiter via in/out-pipes in firewall rules
      • max. 20 VLANs
      • for max. 300 clients, connected via 10 Gbit/s lan cable infrastructure
      • for max. 8000 wifi clients, connected via 10 Gbit/s lan cable infrastructure

      It will never be used as VPN-Server or VPN-Gateway as we have a separate cluster for VPN.

      We have the following thoughts regarding enabling more services on those machines:

      1. Captive Portal for wifi clients:
        - 2 portals on 2 vlans
        - bandwidth limiting per device via captive portal
        - authentication and accounting against radius server
        - the 8000 wifi clients mentioned above will go over that captive portal

      2. Freeradius for wifi clients / Captive Portal described above

      Maybe you can give us answers to our questions and maybe even more thoughts to consider:

      1. which hardware load (CPU, RAM, etc) will captive portal produce?
      2. which hardware load will freeradius produce?
      3. will this appliance be able to run stable and fast with those two services and the given numbers?
      4. if question 3 will be answered with "no": will this appliance be able to serve the captive portals stable and fast when we keep the radius server on separate hardware?
      5. would more RAM improve this situation up to a stable and fast system?

      Any thougts are highly appreciated as we can not simulate that high numbers :-)

      Thanks!

      Thomas

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.