Hardware recommendations for use with Dansguardian, IPSEC



  • I've experimented with a Watchguard x700 with a 4 GB CF card, but I've had a few random crashes–after researching, it seems there are some problems with support for the network cards in this device that leads to the system hanging. This is in a production environment already, so I've decided to replace it with an off the shelf system rather than risk future crashes.

    This is a branch office with about 10-20 users at any given time, perhaps as many as 30 network devices. It needs to handle IPSEC to our main site and eventually also VOIP traffic originating on the site and going to our hosted VOIP provider. The WAN is Comcast business, about 5-7 up and 25-50 Mbps down.

    I'm looking at the Hacom Mercury (http://www.hacom.net/catalog/1u-mercury-pfsense-appliance), which seems like a right-sized box in most respects. The cost seems reasonable given the 1 year of support and tested configuration. However, I'm wondering whether I could install Dansguardian on the 2 GB CF disk. Would it be better to get a box with a hard drive for this purpose? What's the main reason for a larger drive? I've only been running pfsense for a short time. Will I run into problems with log files filling up the box if I don't have a larger disk? Should I opt for the VPN accelerator card?

    Any other recommendations for a good 1u rack-mountable box for this purpose, as alternatives to the Hacom?



  • Dansguardian uses a Squid proxy which is disk intensive so you're going to have awful performance and thrash your CF card unless you run Squid on another box. I think you'd be better off (fewer machines to manage) if you bought something with a hard drive instead of CF. If you do want to run an external Squid instance, here's a tutorial for setting it up (I didn't write it):

    http://linuxforge.wordpress.com/2010/11/26/how-to-pfsense-external-squid-transparent-proxy-dansguardian/


Locked