Will Hacom Mars III pfSense 1U enough for my office?
-
Hi.
I having looking for a pre-built pfsense appliance and found Mars III pfSense 1U from hacom. http://hacom.net/catalog/mars-iii-pfsense-1u-server
Since I have never used pfsense in production, I don't know if this hardware fits our.
the offices has around 200 people.
we use email alot
we use citrix application alot
one WAN port will be in vpn with our HQ
we want to use content filter and traffic shape
we want to block p2p programseventhough hacom says it can handle 50-200, I wish to hear your opinions. if you have experience with Hacom please comment too
thanks
-
I should think almost certainly. :) The specs on that box (2.9GHz i5, 4GB ram) should be able to handle anything you throw at it. However all my experience is with much lower end hardware so you may want a second opinion. I'm sure Hacom could advise you.
What is your WAN connection? Do you need to saturate it with VPN traffic?
Steve
-
We work a lot with Hacom and have for many years, they've always been good to work with. The support they include with their hardware is provided by us, beyond basic things they handle internally.
I think that particular platform would be a good fit for what you're looking to do.
-
thank you very much for the advice!
-
Hi.
I having looking for a pre-built pfsense appliance and found Mars III pfSense 1U from hacom. http://hacom.net/catalog/mars-iii-pfsense-1u-server
Since I have never used pfsense in production, I don't know if this hardware fits our.
the offices has around 200 people.
we use email alot
we use citrix application alot
one WAN port will be in vpn with our HQ
we want to use content filter and traffic shape
we want to block p2p programseventhough hacom says it can handle 50-200, I wish to hear your opinions. if you have experience with Hacom please comment too
thanks
It's likely more than enough hardware unless you've got a REAL fat pipe coming in, but I wouldn't buy it, not with the Realtek NICs anyway.
-
It's likely more than enough hardware unless you've got a REAL fat pipe coming in, but I wouldn't buy it, not with the Realtek NICs anyway.
why you wouldn't buy it? because Realtek NIC? I've read pfsense works better with intel NICs, and that's what I'm going to choose
-
If you're getting the Intel NICs then it's fine, though pricy at $2K.
I just posted about a similar config over here where I was looking into a new pair of 1U boxes for my main office. I was looking at less than $3K for two boxes. Those don't include support though (aside from these forums) so you're looking at another $600 (part of which goes to the project) for 5 hours of support (I haven't used mine very often, but it's been good when I've needed it).
http://forum.pfsense.org/index.php/topic,58987.msg317108.html#msg317108
It all depends on how much you value having a product you can just bolt into a rack, power on, and go.
-
It's likely more than enough hardware unless you've got a REAL fat pipe coming in, but I wouldn't buy it, not with the Realtek NICs anyway.
why you wouldn't buy it? because Realtek NIC? I've read pfsense works better with intel NICs, and that's what I'm going to choose
It is a pricey option to go with the Intels vs. Realtek.
Realtek chipsets have gotten a bad name from companies who do a poor job of implementing them on their hardware, and end up creating an unstable NIC or one where certain things don't work. Of course recently, one can say the same with Intel with the "packet of death" issue, not a problem in Intel's hardware, but a misprogrammed EEPROM by the motherboard vendor that caused a major problem with the Intel NICs.
http://www.h-online.com/security/news/item/Intel-Packet-of-Death-not-Intel-s-problem-1801537.htmlI haven't personally tested this platform, so I can't tell you how good, bad or otherwise those particular Realteks are, but I would have confidence that Hacom would stand behind the product.
-
RTL8111C has known TCP segmentation offloading (TSO, TSO4, TSO6) issues that "seem" to be fixed in newer RTL8111E designs. This feature is turned off by default, so you are safe anyway.
I have no direct knowledge (FUD warning!) but my guess is an intel i350 board with be better/cheaper than the i340 (82580 design) offered as an upgrade as the high production world has moved from PCI Express v2.0 to PCI Express v2.1.
-
@cmb:
It's likely more than enough hardware unless you've got a REAL fat pipe coming in, but I wouldn't buy it, not with the Realtek NICs anyway.
why you wouldn't buy it? because Realtek NIC? I've read pfsense works better with intel NICs, and that's what I'm going to choose
It is a pricey option to go with the Intels vs. Realtek.
Realtek chipsets have gotten a bad name from companies who do a poor job of implementing them on their hardware, and end up creating an unstable NIC or one where certain things don't work. Of course recently, one can say the same with Intel with the "packet of death" issue, not a problem in Intel's hardware, but a misprogrammed EEPROM by the motherboard vendor that caused a major problem with the Intel NICs.
http://www.h-online.com/security/news/item/Intel-Packet-of-Death-not-Intel-s-problem-1801537.htmlI haven't personally tested this platform, so I can't tell you how good, bad or otherwise those particular Realteks are, but I would have confidence that Hacom would stand behind the product.
Hacom's support is a good point, but I still wouldn't buy it with the Realtek NICs. It's the same reason why I pay for the Broadcom -> Intel upgrade on most of my Dell servers. No matter how good the competition gets, Intel NICs have always worked the first time, the second time, and every other time, without any special workarounds or tinkering.
-
for us , we use Certain supermicro motherboards cause they use intel Nics and have
a proven track record and stand behind there hardware…the packet of death on that particular intel nic was the vendors fault for a messed up
EEPROM, but could happen to any Vendor... and whos gonna make it right if somethings
wrong?that said , we still pay for the Systems we do and we have No problems with the hardware...
and its with INTEL Nic's.NO Realtek junk
