Input needed on new set up - hardware, configuration, logging, radius, etc..
I run the network at a dorm, where we will to get a new 100 MBit fiber in a few weeks. We have been using pfSense for a few months now but the current hardware is having trouble keeping up with our current 16 Mbit, so I am look to upgrade the hardware.
My current plan is to get a Dell PowerEdge T110 with a SAS 6/iR Internal Controller and a Broadcom NetXtreme II 5709 Dual Port 1GbE. Is there any issues between that hardware and pfSense and is that hardware completely overkill (4 GB ram, 4 Core 2.5 ghz)?
Regarding the configuration: We are currently using the traffic sharper to prioritize the data (web and streaming media > p2p) and proxy server enabled to save bandwidth. Moving forward, I intent to turn off the proxy server since our new connection have more than enough bandwidth. I am considering leaving the traffic sharper turned on, but will that give any benefits to my users when our connection will probably never be maxed out.
Other than proxy and traffic sharping, we use pfSense for DNS and DHCP.
Another thing I would like to setup is radius authentication. We have intranet that can authenticate users against a radius server, and I am considering setting up some Ruckus Wireless hotspots that is also compatible with radius. I am also considering a captive portal on the pfSense firewall, it would be great to have a bit more control over who accesses the internet through our network. Advice on a setup including radius and captive portal is much appreciated.
One last thing :)
Logging, I would like to be able to log how much traffic each user uses, and if possible, log which site users are visiting (we have to do this due to anti-terror legislation). Advice on how to do this best is much appreciated.
Sorry for the long post, hope some of you experts in here have time to give me some feedback on this.
Best regards, Egil Hansen.
A few thoughts:
- Why would you disable proxy? Unless it is causing you headaches/problems with something, I would preserve all the bandwidth you can - especially in a dorm environment.
- Read up on the Sas6/iR and other raid cards. Check the HCL for the appropriate FreeBSD versions and read posts in this forum regarding compatibility etc. I ran into issues a while back, but that was likely when pfSense was built on an older version of FreeBSD.
- Intel NICs>Brodcom NICs - read numerous posts on the subject in this forum
- Depending on how you have IPs assigned, you could use BandwidthD to monitor usage by IP.
- You'll need Squid with logging enabled to track site visits, LightSquid will be a big help with this. You could also use something like OpenDNS and redirect all the DNS requests to their server, but this probably won't tie site lookups back to individual users unless you are handing out 'real' IPs. Squid logging is far more comprehensive.