Migration from Smoothwall
-
This is my first post to this forum.
I have been running Smoothwall (SWE3) for many year but want to test pfSense since I read so much positive about the product.
Since I also have some mobo problem I want to upgrade my firewall hw.
The current version of SWE3 doesn't support newer hw.My questions are:
1. Does pfSense support following newer hw like:
CPU: INTEL PENTIUM G3440 3.3GHZ 3MB S-1150 HRF
Mobo: H87 chipset
NIC: Intel EXPI9301CT2. How do transfere my configurations from SWE3 -> pfSense ( I have a bunch of static assignment base on MAC addresses)
In SWE3 it is very simple … I just edit some system files ... can I do the same for fsSense ?3. What version is recommended to install ... i386 or amd64 ?
In SWE3 most of the extension packages are developed only for i386 ... is that the case also in pfSense ?Maybe some of my questions are very basic but I don't have any experience of pfSense ...
Thanks in advance
-
1. Probably not. pfSense 2.x uses the old FreeBSD 8.3 codebase, so new devices are not supported.
2. pfSense GUI overwrites config files, so you would end up doing it all through the GUI. There are some exceptions.
3. Go with amd64. All pfSense packages are available for both architectures.
-
Hi. I came from SW though a long time ago and via IpCop.
1. There are plenty of people using Haswell CPUs. There are people running H87 based mobos, search the forum for specific models. That's using the current 2.1.4. 2.2, still in alpha, supports a lot more. A holding point for Haswell boards used to be that most had i210 NICs but those are now supported in 2.1.4, i217 is not. The NIC you linked to is 82574L based, a widely used and supported chip.
2. pfSense uses a single file for it's configuration, config.xml. If you have a very large config to transfer, say hundreds or thousands of static IPs, then you can backup that file, edit it directly and restore it. You'd probably want to use a macro of some sort to do it and be aware that you can easily make a typo/mistake that can render the config corrupt. The webgui has all sorts of error checking to prevent this.
3. Really no reason not to use 64bit these days.
Steve
-
Thanks for the answers …
What I finally have in mind is:
Mobo: Intel Desktop Board DB85FL (chipset B85)
CPU: Intel Pentium G3460 (Haswell)
NIC: Intel I210-T1
Memory: 16 GBAs I understand from 'stephenw10' answer:
- there are people using Haswell CPUs ... so G3460 should be supported supported.
- Intel I210-T1 is supported
- couldn't find anything about DB85FLin this forum
Should I go ahead and buy the hw ...
-
Hard to really recommend anything I haven't tried myself. That board is using the B85 chipset not H87 and there seem to be less references to it. There's this:
https://forum.pfsense.org/index.php?topic=71589.msg407237#msg407237
An odd bug afflicted that particular board but it does appear to run pfSense OK.
You almost certainly don't need 16GB of RAM unless you're running everything with every signature list you can find!Steve
-
The general rule of thumb is… you need a lot less hardware than you think.
I have a pair of PF boxes running in my data center that have dual Xeon 5420's – 8 CPU's that are a few years old, 4GB of ram, and a RAID-10 for disk.
These are firewall/routers for data center traffic and have dual 10GE LAGGs (port channels) between Cisco 3750-X switches. They never break a sweat; in fact one time the primary reached 11% CPU and I was surprised enough to take a screenshot and investigate. :P
My point is, you can easily get the performance you need for a home network, or even a small to medium business network with the lowest cost option (i.e. eBay/used).
Just my $0.02 :)
-
Still confused but on a higher level …
It seems that it is difficult to choose newer hardware ...
There should be a compatibility list that guide newer users which hw to choose from