XG1537 - Firewall & Router & Captive Portal
we own a cluster of 2 Netgate XG-1537 with currently 8 GB RAM.
pfSense is version 2.4.5
Internet connection is calculated as 1200 Mbit/s (flexible/dynamic bandwidth up to 10 GBit/s)
This appliance will be used as
- internet gateway
- dhcp server
- dns server
- ntp server
- firewall :
- only accepting outgoing traffic, no incoming traffic,
- so hide nat will be in place for all vlans and clients,
- very small number of firewall rules: all clients are allowed to connect anywhere on the internet.
- bandwidth limiter via in/out-pipes in firewall rules
- max. 20 VLANs
- for max. 300 clients, connected via 10 Gbit/s lan cable infrastructure
- for max. 8000 wifi clients, connected via 10 Gbit/s lan cable infrastructure
It will never be used as VPN-Server or VPN-Gateway as we have a separate cluster for VPN.
We have the following thoughts regarding enabling more services on those machines:
Captive Portal for wifi clients:
- 2 portals on 2 vlans
- bandwidth limiting per device via captive portal
- authentication and accounting against radius server
- the 8000 wifi clients mentioned above will go over that captive portal
Freeradius for wifi clients / Captive Portal described above
Maybe you can give us answers to our questions and maybe even more thoughts to consider:
- which hardware load (CPU, RAM, etc) will captive portal produce?
- which hardware load will freeradius produce?
- will this appliance be able to run stable and fast with those two services and the given numbers?
- if question 3 will be answered with "no": will this appliance be able to serve the captive portals stable and fast when we keep the radius server on separate hardware?
- would more RAM improve this situation up to a stable and fast system?
Any thougts are highly appreciated as we can not simulate that high numbers :-)