Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Hardware recommendations for use with Dansguardian, IPSEC

    Scheduled Pinned Locked Moved Hardware
    2 Posts 2 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Q
      Quinten
      last edited by

      I've experimented with a Watchguard x700 with a 4 GB CF card, but I've had a few random crashes–after researching, it seems there are some problems with support for the network cards in this device that leads to the system hanging. This is in a production environment already, so I've decided to replace it with an off the shelf system rather than risk future crashes.

      This is a branch office with about 10-20 users at any given time, perhaps as many as 30 network devices. It needs to handle IPSEC to our main site and eventually also VOIP traffic originating on the site and going to our hosted VOIP provider. The WAN is Comcast business, about 5-7 up and 25-50 Mbps down.

      I'm looking at the Hacom Mercury (http://www.hacom.net/catalog/1u-mercury-pfsense-appliance), which seems like a right-sized box in most respects. The cost seems reasonable given the 1 year of support and tested configuration. However, I'm wondering whether I could install Dansguardian on the 2 GB CF disk. Would it be better to get a box with a hard drive for this purpose? What's the main reason for a larger drive? I've only been running pfsense for a short time. Will I run into problems with log files filling up the box if I don't have a larger disk? Should I opt for the VPN accelerator card?

      Any other recommendations for a good 1u rack-mountable box for this purpose, as alternatives to the Hacom?

      1 Reply Last reply Reply Quote 0
      • S
        segfault
        last edited by

        Dansguardian uses a Squid proxy which is disk intensive so you're going to have awful performance and thrash your CF card unless you run Squid on another box. I think you'd be better off (fewer machines to manage) if you bought something with a hard drive instead of CF. If you do want to run an external Squid instance, here's a tutorial for setting it up (I didn't write it):

        http://linuxforge.wordpress.com/2010/11/26/how-to-pfsense-external-squid-transparent-proxy-dansguardian/

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.