Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Big build hardware suggestions

    Scheduled Pinned Locked Moved Hardware
    6 Posts 4 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      spiglia
      last edited by

      I am looking to build a firewall with pfsense for a larger network. The network will consist of approx. 650 users in a residential setting. I have 100mbps up and down. I have tried pfsense on a smaller testing scale and I am clueless to the hardware requirements. I will run snort to throttle specific traffic. I have a 3k budget and I know I can do this much cheaper but I would like any suggestions you may have! Thank you in advance for your comments!

      1 Reply Last reply Reply Quote 0
      • D
        dreamslacker
        last edited by

        In such a situation, you have to give more details.

        i.e.  Do you need to isolate users?  If this is similar to a service apartment complex then each apartment must be isolated from the others.  You will also need VLAN capable switches with enough ports as to serve all the apartment units.

        Does your budget include this switch cost or is it purely for the firewall/ router only?

        Aside from Snort, will you also be running other services like Squid?  Depending on what you need to block or throttle, Snort may not be your best best.  Limiters with source/ destination masks may actually be better for you to give equal/ fair share amongst the users.

        1 Reply Last reply Reply Quote 0
        • D
          dhatz
          last edited by

          I'm not sure it can be "much cheaper" than $3k to offer Snort-filtered Internet services at 100Mbps up/down to 650 users on 24/7 basis.

          For that many users you'll probably want to have two pfsense devices in master/slave configuration.

          1 Reply Last reply Reply Quote 0
          • S
            spiglia
            last edited by

            Thank you for your responses. Yes I will be serving Vlans from the firewall and I already have quite a few Cisco 2960's serving current Vlans per unit. I just need the firewall to filter by protocol and possibly host a splash page.

            1 Reply Last reply Reply Quote 0
            • S
              spiglia
              last edited by

              Regardless pf budget can you possibly help with with hardware configuration? How much RAM what type of processor/s?

              1 Reply Last reply Reply Quote 0
              • A
                asterix
                last edited by

                Go with an Intel i5 3rd Generation. 16GB RAM should be well ahead of a good start. Typically 8-12GB RAM should be a decent start. Since you mention 650 users and running Snort on it, I recommend 16GB. the i5 should very easily handle 100Mbps routing. It can handle 1GB routing.

                Don't think about going with Atom or Celeron processor for this kind of setup as there will be a lot of routing between WAN and 650 LAN users and the i5 can handle it smoothly. Internal LAN communications don't take much CPU and are handled by the switch.

                Add a compatible quad port Intel gigabit PCIe NIC (if there is one.. I am not sure) OR just add 2 Intel dual port Gigabit PCIe NICs and you should have a good robust UTM. Do the same for a backup and you should be all set.

                I have a 2U setup - 2.0.1-RELEASE 64-bit, Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz and 8GB RAM. Runs the below services with no issues

                Asterisk Services 1.8.8.1 pkg v 0.1
                HAVP antivirus Network Management 0.91_1 pkg v1.01
                Lightsquid Network Report 1.8.2 pkg v.2.32
                pfBlocker Firewall 1.0.2
                RRD Summary System 1.1
                snort Security 2.9.2.3 pkg v. 2.5.1
                squid Network 2.7.9 pkg v.4.3.1
                squidGuard Network Management 1.3_1 pkg v.1.9.1

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.