Squid / Snort on same box w PFSense: Good/Bad idea

edziffel

Planning a new network using PFSense router functionality.

Trying to get a grip on the does and don'ts.  Have seen conflicting opinions as to whether it is a good idea or a bad idea to have multiple programs/servers on the same machine.

Are there issues/concerns with running Squid and Snort on a dedicated PFsense machine.  P4 dual core 2.8 ghz cpu, 2gig ram, over kill size HD.

Ed.

Cry Havok

What's your bandwidth and typical packets per second (pps)?

I'd certainly look to at least double the RAM, just for Snort alone, more if you can install it (8 GB would be good).

edziffel

Cry Havok

Thanks for the reply.

Not sure about the bandwith requirements.  Get multi gigabyte data transfers but not a lot of web surfing.

Long story short: going to get a new motherboard with more PCI slots for NICs for the main office, which probably means a new CPU and memory.

Is there some kind of rule of thumb for CPU/MEMORY/PACKETS /second  using PFSense, Squid and Snort?  Would help in specing the new hardware.

Cry Havok

Start here and add another GB or so for Squid.

Snort unfortunately is more complex since it depends on how you configure it. You can tune it to run on something low end, or it can max out a quad core 3 GHz box with 4 GB of RAM, all by itself. Snort's own lists and documentation can probably give you some hints, but you'll need to understand your traffic profile before you start.

edziffel

Thanks Cry Havok,

Actually had read the material in the link previously, but was not aware of Snort requirements.

To the good is that won't have to break out a slide rule or an abacus to figure it out.  Memory is cheap.  Have to get a new motherboard and a quad 3.x cpu isn't gong to break the bank.

Good to have to plan.  This may have saved me hours of pointless redos.

Thanks again.

Ed