PFsense new build



  • Looking to put a new build together for our office.

    We have building A, with the internet connection, 24 port gigabit switch, 8 users, and the rest is all cnc equipment and simple stuff.

    We use wireless to go from building A to building B

    Building B, connects to building A - from that point it goes into a 16 port switch which is filling up quickly but thats a different story.

    Our internet speed is about 12mb

    What specs am I needing to be able to do network shaping, Ill also be doing caching, and monitoring as well.

    Thank you all very much.



  • You've read the hardware sizing guidance and reviewed the dozens of similar threads that already exist I assume?

    What's your budget and where in the world are you?

    TBH, pretty much anything should do what you're after. 12 Mb/s is a relatively low bandwidth and just about anything you can buy these days, except for some very low power stuff, should do you.



  • Did look at the sizing guard. I was somewhat amazed on the low power needed. Although - I guess a store bought router doesn't really use much.

    CEO gave me a budget of 3k, with that said he doesn't know what this kind of stuff costs, id like it to be as cheap as possible. Sub $300?

    Im in Iowa.

    Only thing im wondering is the caching is a hard drive really needed? or should I install on a solid drive of some sort like a CF or whatever.

    Would be nice to cache windows updates too, but not sure on the support on that as I have yet to look into it.

    The unit will also do virus protection, but also looking into that still too!

    Thanks for your help!


  • Netgate Administrator

    If you need to use Squid (caching) and HAVP (antivirus) your hardware requirements will go up but even so 12Mbps is not much.
    You cannot cache to a CF card. It will reach it's write cycle limit and die in short order. Use a real HD or an SSD.
    Squid can cache Windows Updates, or at least it could last time I looked into it, but did require some tweaking to make it do so.

    Steve



  • I'd suggest that you've got the budget for a proper, server grade, rack mount unit. If you're already using rack mounted equipment that's the most sensible approach.

    When you say "virus protection" - what do you mean (exactly)?



  • HAVP / ClamAV

    The closer I keep the setup to 500 the more funding I have to upgrade the other equipment.

    I dont have a rack setup, just a shelf with stuff sitting on that.



  • So you're planning on scanning web traffic? A bit more CPU power won't hurt then.

    As for hardware, go looking for something small, multi-core, that supports at least one add-on card so you can add another network interface. A low end desktop or mini-ITX platform could well suit your environment. I'd suggest a reasonable amount of RAM to help with all applications you want to run - Squid in particular loves lots of RAM - nothing less than 8 GB, more if you can. Do search the forum for other people's experiences since you're not building anything terribly unusual here.



  • Cool, I have no problem going with over 8gb. Should be a pretty nice box once completed.

    Sometimes I wish it could handle more than one thing at a time tho! Like being a nas!



  • If you search the forum you'll find others who've gone down that route, and how they've gone about it.

    Personally I'm strongly against it, since your border protection devices should remain just that and not multi-purpose servers.



  • Thats true!


Log in to reply