Shearching return of experience



  • Hi,
    I'm configuring pfsense on a wired network who, at last, may be have 2500 users.
    And I wonder on the fact that pfsense is able to support so much users.
    That's why I shall like knowing if somebody else has already configure pfsense with so much users or if it's not possible and if I'm obliged to foresee multiple servers.
    I shall like knowing also if someone can inform me about the architecture spécification of the server for this use or for an architecture that has been implemented and with which server's specifications.



  • pfSense should not have any problems handling this amount of traffic, provided that you give it the appropriate hardware ;).



  • thanks for your response  :D :D
    Any idee of the hardware to use?? lot of memory ,of cpu I think but In what proportions?



  • whats the bandwidth you have?



  • I've 100mb/s of bandwidth …



  • Get good nics (like intel) and a board with a fast PCI-Bus. Depending on encryption needs if you plan to run IPSEC tunnels you need a more or less Powerful CPU. 1 GB Ram should be more than enough (however that depends on the packages that you want to run additional to the base install).



  • okey and you're sure that one own server can support 2500 users (Of which has little near 1000 at the same time) ??



  • I would think so unless you want to run additional packages on the firewall itself which might not be a good idea (depending on the package und usage).



  • I'm just using squid to redirect my lan trafic to another proxy



  • You can do this by a simple portforward. Squid is not neccessary for this.



  • maybe but I need squid access.log file to keep traces of my users navigation…



  • I would say that one server should be able to handle this load. Make sure to get a server with a 64bit pci, at least 1gb ram, possibly 2gb, and dual cpu's.



  • I would like to know if using multiple pfsense servers don't raise any problem??I think to this architecture like a potential solution because I need to separate the differents sites of my network with proper's dhcp range…



  • Use one system for everything and add a failoversystem if needed. You can setup individual DHCPs for each interface and seperate networks by firewallrules where needed.


Log in to reply