Mini-ITX pfSense Build



  • Looking to build a pfSense system to support firewall, routing, outbound load-balancing, and both site-to-site and client-to-server vpn. Also hoping for filtering websites and application access both internally and externally. The two WAN connections need to support gigabit speeds (Google Fiber/TWC).

    I'd like to maintain gigabit connectivity throughout the network. There will be multiple end-devices both connected wired and wireless through a 24 port switch and wireless access points around the house.

    At minimum I'll need 4 Gigabit ports.


  • Netgate Administrator

    That sort of budget and spec you need to make some hard definitions of what you need.

    So you have 2x1Gbps WAN connections so you need 2Gbps throughput? Or simultaneous up and down, 4Gbps throughput?
    If you want to filter http traffic, using the Squid proxy and Squidguard, that will increase the hardware requirements considerably if you still need the same throughput.
    What sort of throughput do you need for the VPN?

    You're going to be toward the top end of the hardware spectrum whatever you decide.  :)

    Steve



  • @stephenw10:

    That sort of budget and spec you need to make some hard definitions of what you need.

    So you have 2x1Gbps WAN connections so you need 2Gbps throughput? Or simultaneous up and down, 4Gbps throughput?
    If you want to filter http traffic, using the Squid proxy and Squidguard, that will increase the hardware requirements considerably if you still need the same throughput.
    What sort of throughput do you need for the VPN?

    You're going to be toward the top end of the hardware spectrum whatever you decide.  :)

    Steve

    I updated my original post. TWC doesn't offer GB speeds yet. I'm on the 50Mb plan currently. It would mostly be used as a backup in case Google Fiber was down for some reason.

    VPN would like to get at least 20Mb/s per user. No more than 5 concurrent users.


  • Netgate Administrator

    If you want to do 1Gbps with Squid/Squidguard for http filtering you are going to need something pretty powerful so that limits your options in mini-ITX terms. I would expect to need something like a high frequency i3 for example. However it's beyond anything I've speced out personally so have a look through the forum for example builds.
    Anything that can handle filtered 1Gbps will have no problem with 100Mbps VPN.

    Steve



  • i3 with 4GB RAM should easily do it.


Log in to reply