Hardware Recommendations
-
Hello,
in the future I would like to use pfSense as Router/Firewall and, therefore, I'm looking for a powerful and energy-efficient hardware.
My requirements are:
- Usage of pfSense
- the case shall be a server-case for 19 inch racks
- my current Internet connection is 100/40 MBit/s, but I want to have the option for future GBit FTTH
- having the option for using Snort/Suricata
- having the option for using a DNS filter
- using HAproxy
- maximum of around 6-8 simultaneous VPN connections via IPsec/OpenVPN (IPsec for Windows notebooks, OpenVPN to use HTTPS to bypass some networks which try to block VPN)
- Support for AES-NI
- IPMI
The hardware I'm tending to at the moment:
- SuperMicro A2SDi-4C-HLN4F
- CPU: Intel Atom C3558, 4 Cores
- 4x GBit-LAN, Intel C3000 SoC
- Case: SuperChassis 505-203B
- 8 GB RAM ECC
- SSD: Samsung EVO
My questions:
- Do you have concerns regarding compatibility of my setup with pfSense? Are there any known bugs/issues?
- Do you recommend any other components?
- pfSense appliances are often found with i3, i5, Celeron or Xeon CPUs.
- Would those CPUs provide a huge benefit over my "Intel Atom C3558, 4 Cores"?
- Do you have any experiences regarding power consumption of such more powerful CPUs? (the Intel Atom C3558 has TDP 16W)
- Do you recommend another CPU which provides more power at a comparable power consumption?
- My proposed board uses Intel C3000 SoC network controllers. Are they compatible to pfSense? Are they better/worse/comparable to widely-used Intel controllers like i210/i211/i350?
Thanks a lot in advance,
Thomas
-
@thomas-hn said in Hardware Recommendations:
CPU: Intel Atom C3558, 4 Cores
Intel Atom Forget it...good, but not the best
Hi,
if you have money, the Supermicro is the solution
(Netgate works tougether with them, just looking at their more serious devices..XG-7100, yells to Supermicro)I use this:
https://www.supermicro.com/en/products/motherboard/M11SDV-4C-LN4F
https://www.supermicro.com/en/products/chassis/1U/503/SC503-200Bor
https://www.supermicro.com/en/products/chassis/1U/E30/SCE300
and
I don't like AMD, but for firewall (NGFW) is the best... +++++I350 wonderfull
-
@DaddyGo said in Hardware Recommendations:
just looking at their more serious devices..XG-7100
Hi DaddyGo, thanks for your comment. However, you are telling that an Atom is not the best solution and you recommend looking on the XG-7100 which uses an Atom C3558 (https://www.netgate.com/solutions/pfsense/xg-7100-1u.html). I don't understand???
-
@thomas-hn said in Hardware Recommendations:
which uses an Atom C3558
I didn't tell you to look...XG-7100...
only this is a Supermicro, I think, I knowhere I referred to the quality of the Supermicro...!
already fixed, but I don't trust that:f.e.:
https://forum.netgate.com/topic/111439/curious-on-pfsense-netgate-handling-of-the-atom-issue/2 -
Hey @daddygo thank you for your valuable advice. I am considering the same embedded solution from AMD/Supermicro. Iโd like to use it in a desktop case for the time being. Did you ever mod it and install active cooling?, if so what cooler did you go with and whatโs your temp like, it is manageable and do you have any tips for doing so?
Thanks in advance for your time and kind consideration
Regards
Shinta0Saint -
@shinta0saint said in Hardware Recommendations:
I am considering the same embedded solution from AMD/Supermicro.
Hi,
Yes, I modified the fans (from recommended Supermicro to Noctua).
I use this chassis: https://www.supermicro.com/en/products/system/Mini-ITX/SYS-E300-8D.cfm
Noctua (it is compatible):
https://noctua.at/en/products/fan/nf-a4x20-pwm - 3 pcs.PSU, it is an excellent quality (slightly oversized): 12V 6,67A
https://www.meanwell.com/webapp/product/search.aspx?prod=GST90A
(consumption is no more than at a heavier load cca.= 35W, yeah with built-in Silicom I350-F4 4 port SFP NIC + DDR4 ECC 2X8GB RAM + Samsung 970 EVO Plus NVMe SSD 250GB - it has excess capacity but no smaller size in the market) - AVG. = 18WBTW:
It's just a SOHO config
, for which the "iron" is very strong, but it's worth seeing I've been using it for 2 years without any problems.Current Supermicro IPMI:
-
@daddygo said in Hardware Recommendations:
@shinta0saint said in Hardware Recommendations:
I am considering the same embedded solution from AMD/Supermicro.
Hi,
Yes, I modified the fans (from recommended Supermicro to Noctua).
I use this chassis: https://www.supermicro.com/en/products/system/Mini-ITX/SYS-E300-8D.cfm
Noctua (it is compatible):
https://noctua.at/en/products/fan/nf-a4x20-pwm - 3 pcs.PSU, it is an excellent quality (slightly oversized): 12V 6,67A
https://www.meanwell.com/webapp/product/search.aspx?prod=GST90A
(consumption is no more than at a heavier load cca.= 35W, yeah with built-in Silicom I350-F4 4 port SFP NIC + DDR4 ECC 2X8GB RAM + Samsung 970 EVO Plus NVMe SSD 250GB - it has excess capacity but no smaller size in the market) - AVG. = 18WBTW:
It's just a SOHO config
, for which the "iron" is very strong, but it's worth seeing I've been using it for 2 years without any problems.Current Supermicro IPMI:
Hi @DaddyGo - quick question for you: Do you think the Noctua fans you mentioned above will work in the Supermicro 1U (short) case as well? This is the system I'm currently using:
https://www.supermicro.com/products/system/1u/5018/SYS-5018D-FN8T.cfm
And fan being used in that system:
https://store.supermicro.com/40mm-fan-0065l4.htmlLooks like the difference are 8mm of fan width but the rotational speed of the Noctua is a lot slower at just 5K RPM vs. 13K RPM, so a good bit less airflow.
Thanks in advance.
-
@tman222 said in Hardware Recommendations:
https://www.supermicro.com/products/system/1u/5018/SYS-5018D-FN8T.cfm
We also use this MOBO (Xeon-D) in places where we do not use OpenVPN at high load. + 10Gig
This is important, because the max CPU clock is only 2.2GHz and OpenVPN is single-threaded, so it is more CPU clock dependent.
The experience is that due to the volume of 1U cassis, the Noctua fans are not enough here, ergo we use the original Supermicro units. These are noisy, especially on the PSU. (because of the 13K)
My suggestion is that in this case, you should to endure the noise due to the higher cooling capacity.
-
@daddygo THANK YOU SO MUCH FOR YOUR GUIDANCE. you are the man!!! :) (apologies about the delayed reply, i could not respond with chrome and just tried Edge and finally got through)
Question;
I would like to use a power brick similar to what you recommended, but i am not sure how to connect it to the motherboard power connectors.Can you provide some more guidance on how to connect it? is there an additional adapter that i should purchase to connect the power brick to the motherboard's 8Pin CPU power connector (JPV1) and also the 4pin connector (PJ1) on the motherboard?
I am not to experienced with the electrical side of things, would prefer not to be cutting any wires.
Also, how did you connect the a4x20-pwm fan to the original active cooler? Did you use tiestraps or high temp plastic bolts and nuts? i have a m3 kit of High Temp Bolts and Nutes that i used to mount the same fan to a i350 NIC and works great for my current physical pfSense build. :)
best regards,
SSM, -
Quick question:
in finaly what is your choice Xeon-D or AMD Epyc MOBO?+++edit:
yeah and which cassis?+++edit2:
With my recommended EPYC3151 Supermicro + external 12V PSU, this is what it looks like:
-
@daddygo said in Hardware Recommendations:
AMD Epyc MOBO
AMD Epyc MOBO, Preferably a ITX chasis, if not a regular desktop chassis with great air flow.
This is the PSU i would like to buy: (not referbished i'll look for a new one)
https://www.amazon.com/Corsair-Modular-Supply-Certified-Refurbished/dp/B07HMJM1CG/ref=sr_1_8?dchild=1&keywords=SFX%2BPSU&qid=1609871151&sr=8-8&th=1This is the case i was looking at, i plan to mod it with extra noctua fans for extra case cooling:
https://www.amazon.com/SilverStone-Technology-Mini-ITX-Computer-SST-ML08B-H-USA/dp/B07MNC1BDY/ref=sr_1_10?dchild=1&keywords=ITX+CASE+SFX+PSU&qid=1609871242&refinements=p_72%3A1248879011&rnid=1248877011&s=electronics&sr=1-10Unfortunately i don't have to space for a noisy case. maybe at the end of the year i might build a server room but for now everything's in my bed room :(
Still not seeing how to connect the power brick.
Thanks again for your prompt response :)
regards
SSM. -
@shinta0saint said in Hardware Recommendations:
AMD Epyc MOBO, Preferably a ITX chasis, if not a regular desktop chassis with great air flow.
I donโt think itโs a good idea to buy a separate (other manufacturer) ITX house.
The original Supermicro E300 was invented for this EPYC MOBO and works great.
and affordable: https://www.amazon.com/SuperMicro-SCE300-Rack-Mountable-1U-Flexatx/dp/B01MQMM9DWAnyway, you have to use a RISER board and it may not be compatible with mITX products from other manufacturers.
(due to physical dimensions)
https://www.supermicro.com/en/support/resources/riserThe E300 is designed for an external 12V PSU
the 450W ATX PSU you presented is a completely unnecessary energy pump -
@daddygo Thank you so much sir, based on your recommendation i will proceed accordingly.
I just have some concerns connecting an additional 2.5" SSD.I saw in a Tom lawrence tutorial he used ZFS and raided two ssds together for pfSense.
With this current set up with the power brick, i will only be able to run one 2.5" ssd, with the included sata power cable.
Can you please recommend any cabe that can split the sata power cable coming from the motherboard to plug in two ssd's? without having to respost to a SataDOM or LSI HBA?
best regards,
SSM. -
@shinta0saint said in Hardware Recommendations:
I just have some concerns connecting an additional 2.5" SSD.
I'll start at the beginning...
In my reading, ZFS is mandatory(!) because you see its benefits
16-32 GB of storage is sufficient for most pfSense installations.
(so you don't need an awful lot of capacity (storage))The pfSense is a NGFW, + router and such does not require large storage stuff.
All of our Supermicro-based installations have SataDOM for emergencies...
(it has very good performance and 32GB is enough, it includes a mirror copy of the current pfSense installation)BTW:
We only use ZFS RAID setup (2 or more disk(s), SSD(s)) in production environment, due to redundancy.+++edit:
I note: the Lawrence tutorials are very good, use these instead of a lot of stupid other Youtube videos
+++edit2:
and these, of course:
https://www.youtube.com/channel/UC3Cq2kjCWM8odzoIzftS04A/videos
https://docs.netgate.com/manuals/pfsense/en/latest/the-pfsense-documentation.pdfand for the sake of my @Raffi_ friend (he will understand
:)
https://docs.netgate.com/pfsense/en/latest/ -
@daddygo said in Hardware Recommendations:
@shinta0saint said in Hardware Recommendations:
I just have some concerns connecting an additional 2.5" SSD.
I'll start at the beginning...
In my reading, ZFS is mandatory(!) because you see its benefits
16-32 GB of storage is sufficient for most pfSense installations.
(so you don't need an awful lot of capacity (storage))The pfSense is a NGFW, + router and such does not require large storage stuff.
All of our Supermicro-based installations have SataDOM for emergencies...
(it has very good performance and 32GB is enough, it includes a mirror copy of the current pfSense installation)BTW:
We only use ZFS RAID setup (2 or more disk(s), SSD(s)) in production environment, due to redundancy.+++edit:
I note: the Lawrence tutorials are very good, use these instead of a lot of stupid other Youtube videos+++edit2:
and these, of course:
https://www.youtube.com/channel/UC3Cq2kjCWM8odzoIzftS04A/videos
https://docs.netgate.com/manuals/pfsense/en/latest/the-pfsense-documentation.pdfand for the sake of my @Raffi_ friend (he will understand
:)
https://docs.netgate.com/pfsense/en/latest/Thanks so much for your time and knowledge, most appreciated, Take care :)
