1U solution



  • I'm looking for suggestions for a 1U pfSense solution with no moving parts, at least 4 Ethernet ports, and enough horsepower to do 30-40 Mbps of AES-256 IPsec VPN traffic.  We'd also really like to be able to expand beyond 4 ports.  This needs to be something that can be purchased for the next few years reliably, without requiring piecing things together or buying parts off of ebay.  We expect to need 40-50 of them within the next 6 months, with the possibility of this going to many more sites.

    The new APU platform looks close to our needs except for the number of ports and expansion capabilities.  It may be possible to drop a switch in as well and have ports on that switch VLAN'ed off to provide the additional ports needed, but I'm a little concerned about the Realtek NICs.  Anyone with experience in this regard?

    Note: I've evaluated the Soekris net6501 and it looked perfect for our needs, but so far they aren't willing to extend net45 terms to the company I work for.  We are still talking to them, but thinks are not looking good.


  • Banned

    If needing 50 Pfsense box'es, then I would run them as VM's.

    Then you just need a beefy host to run them on.



  • That won't work in this instance, as they would be at 50 different locations.  :)


  • Banned

    :D

    I see what you mean :D

    @ptaylor:

    That won't work in this instance, as they would be at 50 different locations.  :)


  • Netgate Administrator

    The FW-7541 is rack mountable.
    What's your budget?

    Steve



  • This is tough without a budget, but I'd recommend one of SuperMicro's Rangeley systems.  These chips are on a long-term availability schedule from Intel, are very fast now, and will be even faster once AES-NI and QuickAssist are baked into pfSense.



  • Looking for sub $500, if possible.


  • Banned



  • @Supermule:

    Then I would look for X336 from IBM on Ebay…. :)

    http://www-01.ibm.com/common/ssi/cgi-bin/ssialias?subtype=ca&infotype=an&appname=iSource&supplier=897&letternum=ENUS105-472

    Wow…  That is some old hardware.



  • @ptaylor:

    Looking for sub $500, if possible.

    http://www.habeyusa.com/products/fw-1044-1u-4-gbe-w-bypass-segment-fanless-network-hub/

    No expansion slot, but otherwise almost exactly what you're looking for.  There's no price but Newegg sells them for $417 so I'm sure you could get a discount with a large quantity.  Note that price is excluding RAM and CF card (or SSD/HDD if you're one of those people).

    http://www.newegg.com/Product/Product.aspx?Item=N82E16816321039



  • @ptaylor:

    Looking for sub $500, if possible.

    I work with Soekris all the time, and I think that box is probably the best you will find, not sure why you want or expect 45 day terms seems like a large number to expect a small group like Soekris to carry.

    Anyway, you might also look at the Supermicro SYS-5018A server.  With a SSD it has no moving parts, and it does have five Ethernet + an IPMI port –  Be careful ordering you need their SSD tray, and the memory in this is ECC SODIMM, but you should be in the ball park with your numbers depending on options and the distributor.  I use them for Asterisk servers all the time, although I have never loaded pfSense on one.

    http://www.supermicro.com/products/system/1U/5018/SYS-5018A-TN4.cfm

    =====================================================


  • Banned

    Yes but its cheap and does a very good job with pfsense :)

    @Jason:

    @Supermule:

    Then I would look for X336 from IBM on Ebay…. :)

    http://www-01.ibm.com/common/ssi/cgi-bin/ssialias?subtype=ca&infotype=an&appname=iSource&supplier=897&letternum=ENUS105-472

    Wow…  That is some old hardware.



  • @Phonebuff:

    @ptaylor:

    Looking for sub $500, if possible.

    I work with Soekris all the time, and I think that box is probably the best you will find, not sure why you want or expect 45 day terms seems like a large number to expect a small group like Soekris to carry.

    Anyway, you might also look at the Supermicro SYS-5018A server.  With a SSD it has no moving parts, and it does have five Ethernet + an IPMI port –  Be careful ordering you need their SSD tray, and the memory in this is ECC SODIMM, but you should be in the ball park with your numbers depending on options and the distributor.  I use them for Asterisk servers all the time, although I have never loaded pfSense on one.

    http://www.supermicro.com/products/system/1U/5018/SYS-5018A-TN4.cfm

    =====================================================

    Correction:  4 Gig Ethernet + IPMI.

    The SYS-5018A sever (barebones) will set you back $535 and change on, e.g. newegg.

    And a pair of decent 4GB ECC SO-DIMMs will run you at least another $100.
    I don't know what you pay for SSDs, but I'll only ship Intel.  Call it another $120.

    You specified the 4 core version of the part.  Netgate sells an 8 core version for $995.



  • I agree with the others who like the Intel Atom C2758 (Rangeley) or similar.

    I'm also going to build a dedicated firewall and will be making use of the new Atom.
    It's one of their "7-Year product life", so I know their support will be better and ease of getting parts later down the line than most.
    I'm just waiting for the next major upgrade of pfsense.

    I generally avoid Realtek NICs, support has always been abit crap at best and performance about the same, but maybe that will be different with the next upgrade.

    I did considered the older Atoms, but I realised they were just powerful enough for my means, but were anywhere from 2-4 years old now and still costing me a similar amount as the new Intel Atom (I live in England,UK). Why spend money on a dedicated hardware for a firewall, if it's not overkill.
    You need and want it to last, you need to be able to get replacement parts and the cost is not that different, also with all that more power any packages you want to use, you have the freedom to use. You never know what the future might require these firewalls to do.