Hardware Advice
-
Hi,
We have a 50mb link coming in, we have around 15 users, concurrent I guess would be around 7-8. We are passing through VPNS to the server and it is mainly being used to handle port fowarding, nothing particular intensive. I would like to use some of the features of pfSense, like analysing data when issues occur.
We want a 1U rackmount system.
We were looking at:
http://www.applianceshop.eu/index.php/firewalls/opnsense/opnsense-ghz-rack-edition-pfsense-appliance.html
But also:
http://www.mini-itx.com/store/rack pre built by them, just requires myself to install pfSense.
Question is, do the systems from Applianceshop look good enough for the job? Anyone had any experience with them?
If I do get a pre built system from mini itx, what should I get in terms of hardware ? To ensure it's compatible in terms of hardware.
Thanks
-
Regarding the rack from appliance shop: Do you really need the rack? The hardware (board) is the same as in the smaller box:
http://www.applianceshop.eu/index.php/firewalls/opnsense-ghz-pfsense-appliance.html
I have some of these boxes. Maybe you should check your needs regarding the throughput of your VPNs before decison making for the hardware…
-
We are passing through VPNS to the server…
Please clarify this. Are you terminating the VPNs in the pfSense box or do you have some other server doing that on your network?
Steve
-
I had similar requirements and ended up picking this: http://www.mitxpc.com/proddetail.asp?prod=EKIAD2500DL
They have some rackmount versions too: http://www.mitxpc.com/products.asp?cat=118
-
Hi,
Passing PPTP to our windows server, we are not terminating the VPN into the pfSense box.
We are passing through VPNS to the server…
Please clarify this. Are you terminating the VPNs in the pfSense box or do you have some other server doing that on your network?
Steve
-
Thanks for replying.
Yes, rack is what we are looking for.
@chemlud:
Regarding the rack from appliance shop: Do you really need the rack? The hardware (board) is the same as in the smaller box:
http://www.applianceshop.eu/index.php/firewalls/opnsense-ghz-pfsense-appliance.html
I have some of these boxes. Maybe you should check your needs regarding the throughput of your VPNs before decison making for the hardware…
-
Has this hardware been fine on pfSense? I could match that hardware with the other provider.
I had similar requirements and ended up picking this: http://www.mitxpc.com/proddetail.asp?prod=EKIAD2500DL
They have some rackmount versions too: http://www.mitxpc.com/products.asp?cat=118
-
No major issues yet, I started my pfSense career with these boxes and they are normally doing fine (for about 7 months at the longest). I would buy them nowadays without the CF-card and do the setup on my own.
I really had some doubts about the VPN-throughput in the beginning, but I set up two Xeon servers with pfSense just to test the VPN throughput and it didn't get much better with this setup. So apparently the different fiber/cabel/PPPoE internet access points are causing the low throughput…
-
It's worked very well with pfsense. Very, very low cpu usage and very low ram usage.
-
As long as you're not terminating the VPN then the pfSense box doesn't have to do any encryption/decryption, it's just moving packets. You should have no problem passing 50Mbps with almost any hardware. If you decide to run any packages like Squid or Snort then things start to require more horsepower.
By the way although pfSense suppports PPTP directly (terminating) it's very definitely not recommended because:
https://doc.pfsense.org/index.php/PPTP_VPNSteve