Please suggest recommended hardware and suggestions for Pfsense



  • Dear Gurus,

    We are planing to implement Pfsense 2.0.1 64bit version (first with Oracle VM and if performance degrades then without virtualization) with below scenario at three locations.

    Registered Pfsense Users=Min. 4000 (using Local database as Radius may not able to provide the option to users to change their passwords on their own as Local database gives this option)

    VLANS=30 Nos

    Expected concurrent users=300-500

    ISP Bandwidth= 100-150 Mbps

    Transparent Squid
    Squid Guard or SNORT
    Captive Portal
    2 or 3 WAN Link with Load Balance
    HAVP anti virus
    Sarg Reports

    Please suggest, We are planing to buy HP DL180 G6 or HP DL380 G6 servers (03 No.s for 3 different locations) with below configuration

    Processors- (Two) Intel® Xeon® X5660 (2.80GHz/6-core/12/95W) With Cache Memory-12MB
    Memory- 32Gb (8 x 4GB) PC3-10600R (DDR3-1333) Registered DIMMs,
    Storage Controller- HP Smart Array P410i/1G FBWC Controller.
    Hard Disk- 3.5 inch, 600GB, 6G, SAS, 15K, 04 No.s (2.4 TB Total Capacity)

    Network Controller- min. required 4 ports of Gigabit

    Please suggest me a network card from the link under "Gigabit Ethernet/FlexFabric adapters" option;
    http://h18004.www1.hp.com/products/servers/networking/index-nic.html

    There is one more network card which is not mentioned in the above link it is HP NC362i (i= integrated in motherboard), it is an Intel 82576 controller based card (may be it is, Intel Gigabit ET Dual Port Server Adapter (82576)). HP NC362i is only available as an integrated one in motherboard, not as an add on card. So if  we go for this card then we have to buy Servers with dual integrated cards for min 4 G ports and in future if we need an extra NIC then again we have to go for some different card.

    So please suggest me a Gigabit NIC with Dual/Quad ports which can work flawlessly and do suggest an alternative to any problem you see in the above post regarding design or implementation etc.

    Regards


  • Netgate Administrator

    If you are running virtualised then you only need the host OS to support this hardware.
    Your specified hardware is more than capable of handling your bandwidth requirements.

    Why have you specified "Squid Guard or SNORT" ?
    These provide very different functions.

    Steve



  • @amitaussie:

    Registered Pfsense Users=Min. 4000 (using Local database as Radius may not able to provide the option to users to change their passwords on their own as Local database gives this option)

    Hmm, are you going to give your 4000+ users access to the pfSense webGUI to change their passwords on their own?

    Anyway, if I understand you correctly, you want to use pfsense's CP to authenticate users, then use Squid/SquidGuard/Sarg/HAVP/Snort to mitigate network threats and log usage. Generally speaking, for a load of ~500 concurrent users I'd split the functionality: run router/firewall on pfsense VM & transparent proxy on another system (note: I understand that virtualized FreeBSD's disk i/o performance is rather problematic).


Log in to reply