Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Hardware Recommendations

    General pfSense Questions
    4
    15
    437
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      thomas-hn last edited by

      Hello,

      in the future I would like to use pfSense as Router/Firewall and, therefore, I'm looking for a powerful and energy-efficient hardware.

      My requirements are:

      • Usage of pfSense
      • the case shall be a server-case for 19 inch racks
      • my current Internet connection is 100/40 MBit/s, but I want to have the option for future GBit FTTH
      • having the option for using Snort/Suricata
      • having the option for using a DNS filter
      • using HAproxy
      • maximum of around 6-8 simultaneous VPN connections via IPsec/OpenVPN (IPsec for Windows notebooks, OpenVPN to use HTTPS to bypass some networks which try to block VPN)
      • Support for AES-NI
      • IPMI

      The hardware I'm tending to at the moment:

      • SuperMicro A2SDi-4C-HLN4F
        • CPU: Intel Atom C3558, 4 Cores
        • 4x GBit-LAN, Intel C3000 SoC
      • Case: SuperChassis 505-203B
      • 8 GB RAM ECC
      • SSD: Samsung EVO

      My questions:

      • Do you have concerns regarding compatibility of my setup with pfSense? Are there any known bugs/issues?
      • Do you recommend any other components?
      • pfSense appliances are often found with i3, i5, Celeron or Xeon CPUs.
        • Would those CPUs provide a huge benefit over my "Intel Atom C3558, 4 Cores"?
        • Do you have any experiences regarding power consumption of such more powerful CPUs? (the Intel Atom C3558 has TDP 16W)
        • Do you recommend another CPU which provides more power at a comparable power consumption?
      • My proposed board uses Intel C3000 SoC network controllers. Are they compatible to pfSense? Are they better/worse/comparable to widely-used Intel controllers like i210/i211/i350?

      Thanks a lot in advance,

      Thomas

      DaddyGo 1 Reply Last reply Reply Quote 0
      • DaddyGo
        DaddyGo @thomas-hn last edited by

        @thomas-hn said in Hardware Recommendations:

        CPU: Intel Atom C3558, 4 Cores

        Intel Atom Forget it...good, but not the best

        Hi,

        if you have money, the Supermicro is the solution
        (Netgate works tougether with them, just looking at their more serious devices..XG-7100, yells to Supermicro)

        I use this:

        https://www.supermicro.com/en/products/motherboard/M11SDV-4C-LN4F
        https://www.supermicro.com/en/products/chassis/1U/503/SC503-200B

        or

        https://www.supermicro.com/en/products/chassis/1U/E30/SCE300

        and

        I don't like AMD, but for firewall (NGFW) is the best... +++++I350 wonderfull

        T 1 Reply Last reply Reply Quote 0
        • T
          thomas-hn @DaddyGo last edited by

          @DaddyGo said in Hardware Recommendations:

          just looking at their more serious devices..XG-7100

          Hi DaddyGo, thanks for your comment. However, you are telling that an Atom is not the best solution and you recommend looking on the XG-7100 which uses an Atom C3558 (https://www.netgate.com/solutions/pfsense/xg-7100-1u.html). I don't understand???

          DaddyGo 1 Reply Last reply Reply Quote 0
          • DaddyGo
            DaddyGo @thomas-hn last edited by DaddyGo

            @thomas-hn said in Hardware Recommendations:

            which uses an Atom C3558

            I didn't tell you to look...XG-7100...๐Ÿ˜‰
            only this is a Supermicro, I think, I know

            here I referred to the quality of the Supermicro...!
            already fixed, but I don't trust that:

            f.e.:
            https://forum.netgate.com/topic/111439/curious-on-pfsense-netgate-handling-of-the-atom-issue/2

            S 1 Reply Last reply Reply Quote 0
            • S
              shinta0saint @DaddyGo last edited by

              Hey @daddygo thank you for your valuable advice. I am considering the same embedded solution from AMD/Supermicro. Iโ€™d like to use it in a desktop case for the time being. Did you ever mod it and install active cooling?, if so what cooler did you go with and whatโ€™s your temp like, it is manageable and do you have any tips for doing so?

              Thanks in advance for your time and kind consideration ๐Ÿ™

              Regards
              Shinta0Saint

              DaddyGo 1 Reply Last reply Reply Quote 0
              • DaddyGo
                DaddyGo @shinta0saint last edited by DaddyGo

                @shinta0saint said in Hardware Recommendations:

                I am considering the same embedded solution from AMD/Supermicro.

                Hi,

                Yes, I modified the fans (from recommended Supermicro to Noctua).

                I use this chassis: https://www.supermicro.com/en/products/system/Mini-ITX/SYS-E300-8D.cfm

                Noctua (it is compatible):
                https://noctua.at/en/products/fan/nf-a4x20-pwm - 3 pcs.

                PSU, it is an excellent quality (slightly oversized): 12V 6,67A
                https://www.meanwell.com/webapp/product/search.aspx?prod=GST90A
                (consumption is no more than at a heavier load cca.= 35W, yeah with built-in Silicom I350-F4 4 port SFP NIC + DDR4 ECC 2X8GB RAM + Samsung 970 EVO Plus NVMe SSD 250GB - it has excess capacity but no smaller size in the market) - AVG. = 18W

                BTW:

                It's just a SOHO config ๐Ÿ˜‰ , for which the "iron" is very strong, but it's worth seeing I've been using it for 2 years without any problems.

                Current Supermicro IPMI:

                3f2f17e7-c311-4c46-99e5-b14a25e59d5a-image.png

                T S 2 Replies Last reply Reply Quote 1
                • T
                  tman222 @DaddyGo last edited by

                  @daddygo said in Hardware Recommendations:

                  @shinta0saint said in Hardware Recommendations:

                  I am considering the same embedded solution from AMD/Supermicro.

                  Hi,

                  Yes, I modified the fans (from recommended Supermicro to Noctua).

                  I use this chassis: https://www.supermicro.com/en/products/system/Mini-ITX/SYS-E300-8D.cfm

                  Noctua (it is compatible):
                  https://noctua.at/en/products/fan/nf-a4x20-pwm - 3 pcs.

                  PSU, it is an excellent quality (slightly oversized): 12V 6,67A
                  https://www.meanwell.com/webapp/product/search.aspx?prod=GST90A
                  (consumption is no more than at a heavier load cca.= 35W, yeah with built-in Silicom I350-F4 4 port SFP NIC + DDR4 ECC 2X8GB RAM + Samsung 970 EVO Plus NVMe SSD 250GB - it has excess capacity but no smaller size in the market) - AVG. = 18W

                  BTW:

                  It's just a SOHO config ๐Ÿ˜‰ , for which the "iron" is very strong, but it's worth seeing I've been using it for 2 years without any problems.

                  Current Supermicro IPMI:

                  3f2f17e7-c311-4c46-99e5-b14a25e59d5a-image.png

                  Hi @DaddyGo - quick question for you: Do you think the Noctua fans you mentioned above will work in the Supermicro 1U (short) case as well? This is the system I'm currently using:

                  https://www.supermicro.com/products/system/1u/5018/SYS-5018D-FN8T.cfm

                  And fan being used in that system:
                  https://store.supermicro.com/40mm-fan-0065l4.html

                  Looks like the difference are 8mm of fan width but the rotational speed of the Noctua is a lot slower at just 5K RPM vs. 13K RPM, so a good bit less airflow.

                  Thanks in advance.

                  DaddyGo 1 Reply Last reply Reply Quote 0
                  • DaddyGo
                    DaddyGo @tman222 last edited by

                    @tman222 said in Hardware Recommendations:

                    https://www.supermicro.com/products/system/1u/5018/SYS-5018D-FN8T.cfm

                    We also use this MOBO (Xeon-D) in places where we do not use OpenVPN at high load. + 10Gig

                    This is important, because the max CPU clock is only 2.2GHz and OpenVPN is single-threaded, so it is more CPU clock dependent.

                    The experience is that due to the volume of 1U cassis, the Noctua fans are not enough here, ergo we use the original Supermicro units. These are noisy, especially on the PSU. (because of the 13K) ๐Ÿ˜‰

                    My suggestion is that in this case, you should to endure the noise due to the higher cooling capacity.

                    1 Reply Last reply Reply Quote 1
                    • S
                      shinta0saint @DaddyGo last edited by

                      @daddygo THANK YOU SO MUCH FOR YOUR GUIDANCE. you are the man!!! :) (apologies about the delayed reply, i could not respond with chrome and just tried Edge and finally got through)

                      Question;
                      I would like to use a power brick similar to what you recommended, but i am not sure how to connect it to the motherboard power connectors.

                      Can you provide some more guidance on how to connect it? is there an additional adapter that i should purchase to connect the power brick to the motherboard's 8Pin CPU power connector (JPV1) and also the 4pin connector (PJ1) on the motherboard?

                      I am not to experienced with the electrical side of things, would prefer not to be cutting any wires.

                      Also, how did you connect the a4x20-pwm fan to the original active cooler? Did you use tiestraps or high temp plastic bolts and nuts? i have a m3 kit of High Temp Bolts and Nutes that i used to mount the same fan to a i350 NIC and works great for my current physical pfSense build. :)

                      best regards,
                      SSM,

                      DaddyGo 1 Reply Last reply Reply Quote 0
                      • DaddyGo
                        DaddyGo @shinta0saint last edited by DaddyGo

                        @shinta0saint

                        Quick question: ๐Ÿ˜‰
                        in finaly what is your choice Xeon-D or AMD Epyc MOBO?

                        +++edit:
                        yeah and which cassis?

                        +++edit2:

                        With my recommended EPYC3151 Supermicro + external 12V PSU, this is what it looks like:

                        7a12836c-cea1-4794-9477-d13a81c72ab7-image.png

                        0a67b4f8-7412-4ff4-806b-6f7094fef795-image.png

                        S 1 Reply Last reply Reply Quote 0
                        • S
                          shinta0saint @DaddyGo last edited by

                          @daddygo said in Hardware Recommendations:

                          AMD Epyc MOBO

                          AMD Epyc MOBO, Preferably a ITX chasis, if not a regular desktop chassis with great air flow.

                          This is the PSU i would like to buy: (not referbished i'll look for a new one)
                          https://www.amazon.com/Corsair-Modular-Supply-Certified-Refurbished/dp/B07HMJM1CG/ref=sr_1_8?dchild=1&keywords=SFX%2BPSU&qid=1609871151&sr=8-8&th=1

                          This is the case i was looking at, i plan to mod it with extra noctua fans for extra case cooling:
                          https://www.amazon.com/SilverStone-Technology-Mini-ITX-Computer-SST-ML08B-H-USA/dp/B07MNC1BDY/ref=sr_1_10?dchild=1&keywords=ITX+CASE+SFX+PSU&qid=1609871242&refinements=p_72%3A1248879011&rnid=1248877011&s=electronics&sr=1-10

                          Unfortunately i don't have to space for a noisy case. maybe at the end of the year i might build a server room but for now everything's in my bed room :(

                          Still not seeing how to connect the power brick.

                          Thanks again for your prompt response :)

                          regards
                          SSM.

                          DaddyGo 1 Reply Last reply Reply Quote 0
                          • DaddyGo
                            DaddyGo @shinta0saint last edited by

                            @shinta0saint said in Hardware Recommendations:

                            AMD Epyc MOBO, Preferably a ITX chasis, if not a regular desktop chassis with great air flow.

                            I donโ€™t think itโ€™s a good idea to buy a separate (other manufacturer) ITX house.
                            The original Supermicro E300 was invented for this EPYC MOBO and works great.
                            and affordable: https://www.amazon.com/SuperMicro-SCE300-Rack-Mountable-1U-Flexatx/dp/B01MQMM9DW

                            Anyway, you have to use a RISER board and it may not be compatible with mITX products from other manufacturers.
                            (due to physical dimensions)
                            https://www.supermicro.com/en/support/resources/riser

                            The E300 is designed for an external 12V PSU
                            the 450W ATX PSU you presented is a completely unnecessary energy pump ๐Ÿ˜‰

                            S 1 Reply Last reply Reply Quote 1
                            • S
                              shinta0saint @DaddyGo last edited by

                              @daddygo Thank you so much sir, based on your recommendation i will proceed accordingly.
                              I just have some concerns connecting an additional 2.5" SSD.

                              I saw in a Tom lawrence tutorial he used ZFS and raided two ssds together for pfSense.

                              With this current set up with the power brick, i will only be able to run one 2.5" ssd, with the included sata power cable.

                              Can you please recommend any cabe that can split the sata power cable coming from the motherboard to plug in two ssd's? without having to respost to a SataDOM or LSI HBA?

                              best regards,
                              SSM.

                              DaddyGo 1 Reply Last reply Reply Quote 0
                              • DaddyGo
                                DaddyGo @shinta0saint last edited by DaddyGo

                                @shinta0saint said in Hardware Recommendations:

                                I just have some concerns connecting an additional 2.5" SSD.

                                I'll start at the beginning...๐Ÿ˜‰

                                In my reading, ZFS is mandatory(!) because you see its benefits ๐Ÿ˜‰

                                16-32 GB of storage is sufficient for most pfSense installations.
                                (so you don't need an awful lot of capacity (storage))

                                The pfSense is a NGFW, + router and such does not require large storage stuff.

                                All of our Supermicro-based installations have SataDOM for emergencies...
                                (it has very good performance and 32GB is enough, it includes a mirror copy of the current pfSense installation)

                                BTW:
                                We only use ZFS RAID setup (2 or more disk(s), SSD(s)) in production environment, due to redundancy.

                                +++edit:
                                I note: the Lawrence tutorials are very good, use these instead of a lot of stupid other Youtube videos โœ‹

                                +++edit2:
                                and these, of course:
                                https://www.youtube.com/channel/UC3Cq2kjCWM8odzoIzftS04A/videos
                                https://docs.netgate.com/manuals/pfsense/en/latest/the-pfsense-documentation.pdf

                                and for the sake of my @Raffi_ friend (he will understand ๐Ÿ˜‰ :)
                                https://docs.netgate.com/pfsense/en/latest/

                                S 1 Reply Last reply Reply Quote 1
                                • S
                                  shinta0saint @DaddyGo last edited by

                                  @daddygo said in Hardware Recommendations:

                                  @shinta0saint said in Hardware Recommendations:

                                  I just have some concerns connecting an additional 2.5" SSD.

                                  I'll start at the beginning...๐Ÿ˜‰

                                  In my reading, ZFS is mandatory(!) because you see its benefits ๐Ÿ˜‰

                                  16-32 GB of storage is sufficient for most pfSense installations.
                                  (so you don't need an awful lot of capacity (storage))

                                  The pfSense is a NGFW, + router and such does not require large storage stuff.

                                  All of our Supermicro-based installations have SataDOM for emergencies...
                                  (it has very good performance and 32GB is enough, it includes a mirror copy of the current pfSense installation)

                                  BTW:
                                  We only use ZFS RAID setup (2 or more disk(s), SSD(s)) in production environment, due to redundancy.

                                  +++edit:
                                  I note: the Lawrence tutorials are very good, use these instead of a lot of stupid other Youtube videos โœ‹

                                  +++edit2:
                                  and these, of course:
                                  https://www.youtube.com/channel/UC3Cq2kjCWM8odzoIzftS04A/videos
                                  https://docs.netgate.com/manuals/pfsense/en/latest/the-pfsense-documentation.pdf

                                  and for the sake of my @Raffi_ friend (he will understand ๐Ÿ˜‰ :)
                                  https://docs.netgate.com/pfsense/en/latest/

                                  Thanks so much for your time and knowledge, most appreciated, Take care :)

                                  1 Reply Last reply Reply Quote 0
                                  • First post
                                    Last post

                                  Products

                                  • Platform Overview
                                  • TNSR
                                  • pfSense Plus
                                  • Appliances

                                  Services

                                  • Training
                                  • Professional Services

                                  Support

                                  • Subscription Plans
                                  • Contact Support
                                  • Product Lifecycle
                                  • Documentation

                                  News

                                  • Media Coverage
                                  • Press
                                  • Events

                                  Resources

                                  • Blog
                                  • FAQ
                                  • Find a Partner
                                  • Resource Library
                                  • Security Information

                                  Company

                                  • About Us
                                  • Careers
                                  • Partners
                                  • Contact Us
                                  • Legal
                                  Our Mission

                                  We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                                  Subscribe to our Newsletter

                                  Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                                  © 2021 Rubicon Communications, LLC | Privacy Policy