Determining needed hardware for new install



  • I'm in the process of trying to spec a firewall for approximately 120-130 users, about 65 staff and 65 students at a ski academy; currently, we've got 8Mbps on a cable connection and about 2 Mbps on a DSL connection.  I've read the docs at http://www.pfsense.org/index.php?option=com_content&task=view&id=52&Itemid=49, but I'm still not sure what I should be allowing for if I choose to use additional packages.  We are hoping that the DSL options in the neighborhood will improve in the next few years, possibly even to fiber, and I'd like to have room in the hardware spec to accommodate that type of improvement.

    I expect that we will be using squid and quite probably squidguard, and snort seems like a good idea.  We will definitely be doing some traffic shaping, and I wouldn't be surprised to have the captive portal feature come into play at some point in the future.

    Will that type of package load require substantially more RAM, or is a basic appliance with 1 GB of RAM sufficient hardware?  We've been using a Linksys RV042 that can sometimes get unhappy with the load level.

    Thanks,
    Kevin



  • Just about anything will cope with that bandwidth and Squid+SquidGuard, as long as you've got something with a 1 GHz+ processor and 1 GB+ of RAM you'll be fine with that. I'd a 1 GHz Via box with 512 MB of RAM and it handled Squid+SquidGuard on a 20 Mb/s link with room to spare (the main problem being the RealTek NICs).

    However, Snort will have a bigger impact, how much being determined by how you configure it and what rules you load. I've seen 3.2 GHz Xeon's brought to their knees on ~20 Mb/s links and lower spec systems having no problems on 100 Mb/s+ - all down to how Snort is set up.

    You probably want to look to 2 GB (or more) of RAM and as high a processor spec as you can justify - multi core being better than single core if you're wanting to run Snort and everything else.


Locked