I'm coming back to pfSense, have some questions



  • Dear pfSense community,

    I am a home user with intermediate computer skills. I used pfSense a few years ago as my main router/gateway, but then I switched to a standard WRT54GL router due to some networking/hardware problems. Recently I'm planning to renovate my home, and update the ethernet infrastructure from 100 mbit to gigabit with proper wired connections of cat5e cables and cat6 on some places. There will also be a small racked communications enclosure to house the router, switches and other stuff. I would like to go back to pfSense because I had mostly positive experience with it. As a comeback user I have some questions regarding the matter.

    Currently I have an Alix 2D13 board that I used to run pfSense on. Looking a bit at the online documentation I noticed the wide range of functionality offered by this firewall. There are also a lot of packages available. Normally I wouldn't bother with the hardware, but I would like to use some heavy-weight packages including the snort package. The thing is that according to the docs snort requires a lot of RAM and possibly CPU power. The Alix 2D13 board only has about 256MB of RAM which is a bit low (it's the minimum requirement for snort, if I recall correctly). So I was wondering… Is the current hardware sufficient for my tasks or am I recommended to upgrade/replace my router with a more powerful model? If so, which model do you recommend? I'd prefer something with 3 ethernet interfaces (LAN, WAN and DMZ). The APU1C looks interesting.

    What is the current status of The Definitive Guide for pfSense 2.x? Is the book going to be available for general purchase anytime soon? I would really like to buy a printed copy. Also could you please give me an estimated release date for pfSense 2.2? Don't misunderstand, I'm not not nagging you to work on it faster. I'm just wondering whether I should wait for its release or install the current 2.1 right now, and then upgrade to 2.2 when its out. If the release for 2.2 is this summer/autumn I'll wait anyhow.

    Thanks!


  • Netgate Administrator

    Get something newer if you want to run Snort.
    What is your WAN bandwidth? Will you be routing between internal interfaces, if so does it need to be 1Gbps capable?

    Steve



  • Hello, Steve!

    I am currently on a 4/1 mbit VDSL connection, but I hope to upgrade to a 20/20 MBIT optic-fiber some day (waiting for my slo-mo ISP to get their butts in motion and start laying fiber in my town). I will be using some dedicated file storage devices on the internal LAN, so I will want to have a gigabit connection between the storage device and my PC's. I've already bought three gigabit switches for this purpose. I doubt I'll need any extensive routing between the two internal interfaces (LAN, DMZ), so the gateway does not have to be gigabit. Doesn't hurt if it is though. There will be some HTTP servers on the DMZ though.

    Regards!


  • Netgate Administrator

    Hmm, well the APU won't hit 1Gbps. It's probably quite well matched to a 20Mbps connection with snort though. I haven't used one though so I'll leave it to others to comment on the specifics.

    Steve

    Edit: typo


  • Rebel Alliance Developer Netgate

    @repne:

    Currently I have an Alix 2D13 board that I used to run pfSense on. Looking a bit at the online documentation I noticed the wide range of functionality offered by this firewall. There are also a lot of packages available. Normally I wouldn't bother with the hardware, but I would like to use some heavy-weight packages including the snort package. The thing is that according to the docs snort requires a lot of RAM and possibly CPU power. The Alix 2D13 board only has about 256MB of RAM which is a bit low (it's the minimum requirement for snort, if I recall correctly). So I was wondering… Is the current hardware sufficient for my tasks or am I recommended to upgrade/replace my router with a more powerful model? If so, which model do you recommend? I'd prefer something with 3 ethernet interfaces (LAN, WAN and DMZ). The APU1C looks interesting.

    The APU is a good device for that sort of thing, much better than the ALIX for modern requirements.

    @repne:

    What is the current status of The Definitive Guide for pfSense 2.x? Is the book going to be available for general purchase anytime soon? I would really like to buy a printed copy. Also could you please give me an estimated release date for pfSense 2.2? Don't misunderstand, I'm not not nagging you to work on it faster. I'm just wondering whether I should wait for its release or install the current 2.1 right now, and then upgrade to 2.2 when its out. If the release for 2.2 is this summer/autumn I'll wait anyhow.

    The book is being actively edited right now. Not sure on an ETA. We are hoping to have 2.2 out in a month or so if we can shape things up and push a lot of things back to 2.3/later



  • Alright, thanks for the info. I will place an order for the APU then.


Log in to reply