1u rack mount recomendations
-
Don't the Dell PowerEdge 1950 G2's have broadcom NIC's? I've heard that there are some issues with broadcom.
-
I'm quite happy with my WatchGuard. You can find some good deals on them on eBay.
-
Interesting haven't really thought of that, nor do I know much about them. What are the advantages/disadvantages of using a firebox over a rack unit. What is involved in getting a firebox configured with pfSense?
-
What are the advantages/disadvantages of using a firebox over a rack unit.
Advantages? I'll speak for myself in this case… ;)
It was free. It's rack mountable. You can run nano on it, so storage is cheap. Power requirements vs Performance is good. Many interfaces. Can do quite some stuff even if you leave the HW in it's default config.
Disdvantages?
It requires some tweaking to get it installed (following instructions), so be prepared for a learning curve.
You may want to add memory on the stock models, and possibly swap cpu (depending on your needs). Full install is a challenge if you should want that, hd bays and appropriate connectors are not always present. It's loud (but that's less an issue if you want to put it in a rack).What is involved in getting a firebox configured with pfSense?
Euhm… keeping being nice at Steve, he invested heaps of time supporting the community on getting these watchguard boxes going with pfSense ;D
Other than that, browse through the different threads here (x550, x750, xtm, ...), there is good info to find, and look around for a box... -
The different firebox models require various ammounts of tweaking to get pfSense installed. The cheaper and more commonly available X-e boxes will not manage 1Gbps, even after upgrading the CPU. You would need to use an XTM5 to get that and they're not too common, yet.
The Watchguard boxes offer Atom like performance but with 8 NICs in a nice rack mount box for low cost.See: https://doc.pfsense.org/index.php/PfSense_on_Watchguard_Firebox
Steve
-
while that looks really promising gonzopancho, its rather expensive. Just quickly looking at eBay I can get some rather capable hardware for considerably cheaper ($100-$300), I just have to make sure the hardware is compatible and configure it myself.
Depends on what your time is worth, and what downtime costs. If it's just a home setup, and you have all kinds of time to mess with it and minimal money, then yeah maybe you're best suited by the ebay route. Lot of old servers that work well, especially Dell and HP used by a lot of folks here, though those boxes are loud, extremely power-hungry, and generate a lot of heat.
Where you want a combination of hardware that's known-solid, with a custom config out of the box optimized for the hardware including pulling custom updates specific to that hardware so you always have the most optimal settings, have the assurance of new versions being validated on the hardware before release, and get support included, the platforms we offer are really hard to beat.
-
Don't the Dell PowerEdge 1950 G2's have broadcom NIC's? I've heard that there are some issues with broadcom.
They do have Broadcom NICs, as do quite a few of the other Dell models people use. They're very good NICs, solid performance, reliable. The only issue I'm aware of there is in 8.3 base versions (2.1.x releases), they don't support jumbo frames because of a driver issue. That does work in 2.2 though, and isn't an issue in the majority of firewall use cases.
-
I'd love the known rock-solid hardware with custom updates & support, but from what I see that is a wee bit over my budget.
Right now I'm looking at the Dell 1950 G3's & G2's (2 port), likely with 16 gigs of RAM and an SSD. Then I'm planning on adding a 4 port Intel GB NIC.
-
Even running Snort you're unlikely to need 16GB of ram.
Steve
-
Hey Steve,
On one of my boxes, I am testing Snort (blocking mode) and Suricata (passive mode) and its using about 8GB of memory for two interfaces with fully loaded rulesets. Not a typical setup but I am also not using Squid.
btw - I really want to know if thats you in your Avatar! Always been wanting to ask lol…
-
Well I'm sure you could use 16GB, or at least >8GB, if you try but it shouldn't be necessary IMHO. If I were looking at second hand servers I wouldn't be looking for 16GB specifcally.
Yes that's me in my avatar. :)
Steve
-
So maybe to be on the safe side bump it up to 24 gigs of ram?
-
-
The different firebox models require various ammounts of tweaking to get pfSense installed. The cheaper and more commonly available X-e boxes will not manage 1Gbps, even after upgrading the CPU.
Hi Steve, Steve here.
For some time now, and with your help, I have been running WG X550e Fireboxes with pfSense 2.1.5 for my company offices and for my datacenter firewall. We run an MPLS VPN so all our company Internet traffic goes out the datacenter firewall.
Yesterday, we upgraded our datacenter connection to 40mbps but the speed on this side of the Firebox is 38mbps down and 35 up.
Can you elaborate a bit on your comment about the X-e boxes not reaching 1Gbps? Is there any reason to think I am losing throughput within the X550e I am using in the datacenter?
The FB in the datacenter has been upgraded to 2GB memory and the SL7EP chip. My LAN connection on the datacenter FB connects to an Allied Telesis x600 Gigabit router and my test laptop was connected to that.
Any input is greatly appreciated.
Steve -
So maybe to be on the safe side bump it up to 24 gigs of ram?
Board
19" dual rack case
8 GB RAM
SSD 120 GB
Intel Quad Port server adapter
custom holes in the front brackets
All in all for ~$350 to realize -
Hi Steve,
Those X-e boxes won't reach 1Gbps throughput due to the CPU. If you fit the 2GHz Pentium-M they will hit wire speed or at least some other limit, likely the NICs. I get 5-600Mbps through mine with the 1.7GHz CPU, or course is varies greatly by what traffic you are sending, packet size etc!
There are some test values shown here: http://www.copyerror.com/2012/10/27/watchguard-firebox-core-x550ex750ex1250e/4/Steve
-
I get 5-600Mbps through mine with the 1.7GHz CPU, or course is varies greatly by what traffic you are sending, packet size etc!
Tom's test results don't appear to claim that kind of speed with that chip as he is using the SL7SM. Are you getting that performance out of the on-board ports or the expansion ports?
Steve, what firmware are you using? I upgraded some of my boxes from 2.0.3 to 2.1.5 and I'm wondering if the 2.1.5 drivers fully support the hardware.
I am considering upgrading to 2.2.5. Do you think its worth it?
I am using WG pfSense routers for all my offices and for our datacenter gw. Should I be looking at other hardware that will run pfSense? Is what I have good enough for a commercial website(s) NAT gateway as well as a VPN portal?
