Newbie hardware question



  • I've noticed that the recommended vendors sites all use mini-itx boards, mostly VIA3/VIA7 chipsets. Is there a reason for this other than size?
    I have an AMD Athlon 64 x2 4200, Asus A8N-E motherboard (NVIDIA nforce4 ultra and 1G of RAM just lying around - is there any reason that this wouldn't work well w/pfsense. Obviously I need nic cards & wireless card. Any thoughts?



  • @Rich_C:

    I've noticed that the recommended vendors sites all use mini-itx boards, mostly VIA3/VIA7 chipsets. Is there a reason for this other than size?
    I have an AMD Athlon 64 x2 4200, Asus A8N-E motherboard (NVIDIA nforce4 ultra and 1G of RAM just lying around - is there any reason that this wouldn't work well w/pfsense. Obviously I need nic cards & wireless card. Any thoughts?

    Hmmmm - Interesting - I have basically the same thing setup to do development work (if I can just get the pfsense development system loaded from the developer's ISO to do the compiles properly that is!  Another story entirely…).

    If you are thinking of using that configuration for just a firewall it will be WAY OVERKILL, in other words, unless you are running a data-center with hi-bandwidth requirments of 100 to 500 mbit/sec or just want to play will the pfsense software I would look to either building a "smaller" system and save that machine for gaming (  ;D ) or purchase one of the all-in-one boards like the pc-engines ALIX of a mini-ITX boards for a firewall solution.

    If you are looking to do just plain ole firewall with some VPN links then the ALIX boards will do the job very nicely - if, on the other hand you want to run Snort, Squid and other packages needing additional CPU power then the mini-ITX boards are a better choice (IMHO).

    I do have a pc-engines ALIX board with 8-gigs of CF (120X) running the pfsense software and want to use it in a dev. environment for portable development (between work and home which is 25 miles apart) and the 5-watt average power requirement is also very nice too but in doing some testing with snort and squid active it does show some signs of being a little slow, at least in terms of the web interface responding under loads that make the cpu hit 100 percent.  Of course this is with the dev software loaded so there may be some things running in the background slowing things down too.

    Just some thoughts...

    gm...



  • It should work fine, particularly if you want to run snort, imspector and squid.  If in doubt, check the HCL ;)

    Many people use lesser hardware because it's all they need.  I use a 1 GHz VIA box because it's silent - I can cool it passively and use a CF for pfSense.  Admittedly there are times I'd like a little more grunt, but they're pretty rare.



  • I'm running 2 ips/wan ports to gigabit networked mac pro/pc network and wireless. I do financial trading, so I absolutely need the ip redundancy and I'm running some pretty heavy (read internet intensive) data mining and data retrieval programs 24/5. I will probably use any add on that offers additional security or ease of use since I've become paranoid about whats out there!



  • Paranoia is good  ;D

    Be aware though that the tools are only as good as their configuration.  A default install of, say, snort won't really help you - you need to take the time to tune and configure them appropriately for your environment.

    On the other side, if you need redundancy and you have multiple WAN IPs then I'd suggest you consider a second host as a fallback.  Ideally it should be identically configured to the first and then you can use CARP (see the CARP sub-forum).


Log in to reply