Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    50 User - Total Package

    Hardware
    6
    9
    2324
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      Hanley Ind last edited by

      I'm moving my company from IPCop to pfSense. We've grown and need a firewall solution to match. What I'd like to use is a HDD or SSD with several packages installed.

      Squid, LightSquid or sarg, HAVP, Snort, dansguardian

      Users:30 but building for 50
      Internet Speed:100mbps DOWN - 7mbps UP

      Out of our 30 users MAYBE 10 actually need/use the internet all day. Our current traffic logs in IPCop show us spiking around 4.5mbps. I realize this could be cable,hardware, or software bottlenecks but I'm not so concerned with solving the problem as I am upgrading systems first. Although we don't actually use all of our internet speed, I want to build a system to support it.

      So with this in mind I'm looking for hardware to support around 50 users (20 internet reliant) with an ISP speed of 100mbps. 1 maybe 2 VPN connections for mobile users.

      Can someone give me some recommended hardware for this network? I would like to see 4 NIC ports or the option to expand into 4. I've looked at the store and like the prebuilt options but I think I could build something for much less. I doesn't need to be a small little box or 1u rack box. We're currently using an old Acer desktop for IPCop and another desktop would be fine.

      Thank you!

      1 Reply Last reply Reply Quote 0
      • H
        Hanley Ind last edited by

        bump

        1 Reply Last reply Reply Quote 0
        • stephenw10
          stephenw10 Netgate Administrator last edited by

          If you don't need the full 100Mbps with encrypted traffic then almost anything will likely be sufficient.
          What is your current IPCop box?
          Since you want Squid, HAVP and Snort, probably the three hungriest packages you'll need plenty of RAM. You might manage it in 2GB but 4GB+ would be better to be safe.
          I would be looking for, at the very low end, a high clocked Core2Duo. You might run out of cycles using Snort if you don't tune it though. Sucuricata is reportedly much less resource intensive.

          Since I've never run a box with that particular set of requirements these are figures pulled out of my head! YMMV.  ;)
          I welcome other opinions.

          Have you looked at these?
          http://www.netgate.com/adi/#solutions

          Steve

          1 Reply Last reply Reply Quote 0
          • H
            Hanley Ind last edited by

            Thank you Steve for the help!

            Our current system

            Acer AM1610-B1304A
            Intel Dual-Core E2180 (1MB L2 cache, 2.0GHz, 800MHz FSB)
            2gb ddr2 (This is MAX)

            I got the feeling they were some needy packages when reading about them..the more I read the more I realized "the old box in the corner" wasn't going to work. I really would like to build a PFSense box, from what I'm gathering I'll be a 300-400 into hardware before it's built well enough to function properly?

            I've not see those yet but will check them out now. I've got a couple other projects that need a simple DHCP server.

            1 Reply Last reply Reply Quote 0
            • stephenw10
              stephenw10 Netgate Administrator last edited by

              $US?

              I would normally suggest just loading pfSense on your existing hardware and seeing how it goes but I guess you're still running IPCop on it.

              If you're buying new hardware it's hard to recommend anything other than something based on one of the multicore Rangeley or Avoton Atoms. The pfSense devs are using these and they offer a great performance/power consumption ratio. They aren't cheap though but you get what you pay for.

              Steve

              1 Reply Last reply Reply Quote 0
              • R
                rjcrowder last edited by

                @Hanley:

                TAcer AM1610-B1304A
                Intel Dual-Core E2180 (1MB L2 cache, 2.0GHz, 800MHz FSB)
                2gb ddr2 (This is MAX)

                Squid and Dans can be a little hungry. I think that processor would be fine, but I might go with a quality SSD and 4GB ram - especially if you want to do blacklist and content filtering (although it doesn't look like the current box is upgradeable?).

                @Hanley:

                I really would like to build a PFSense box, from what I'm gathering I'll be a 300-400 into hardware before it's built well enough to function properly?

                You're probably not far off - especially if you want multiple NIC's. There have been some forum posts showing boxes on Aliexpress, etc. running c1037u processors. There's a lot of pros/cons to going that route, but it's inexpensive and would definitely meet your need. Likewise, an older HP DC 7000 or 8000 series box with a Core 2 duo (similar to your current box) or a low-end I3 would also work and it would give you slots for NIC's, support more memory and be very quiet. You can get them off eBay pretty cheap.

                1 Reply Last reply Reply Quote 0
                • A
                  asterix last edited by

                  This is what I have and would recommend the same (except maybe better hard drive). Check on eBay. You will get all the hardware you need for much less price. I got the CPU mobo combo for just $102.75 shipped

                  Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz
                  ASUS P8B75-M LX PLUS LGA 1155
                  8GB RAM
                  100GB laptop drive
                  2 x Dual port Intel NICs PCIe

                  Package Name Category Package Version
                  Dansguardian Services 2.12.0.3_2 pkg v.0.1.12
                  pfBlocker         Firewall 1.0.2
                  RRD Summary System 1.1
                  snort                 Security 2.9.7.0 pkg v3.2.1
                  squid3         Network 3.1.20 pkg 2.1.2

                  Dansguardian has clamd (virus scanning) service activated and Snort has all the rulesets loaded.

                  This supports a 110Mbps/20Mbps WAN without breaking a sweat. At full 110Mbps WAN activity (for over 14 hours non stop) the CPU hovers between 12-19%. Have 5 VPN users on this as well.

                  1 Reply Last reply Reply Quote 0
                  • L
                    lost89577 last edited by

                    @Asterix:

                    Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz
                    ASUS P8B75-M LX PLUS LGA 1155
                    8GB RAM
                    100GB laptop drive
                    2 x Dual port Intel NICs PCIe

                    i have similar but "Intel Core i3-3220T 2.8GHz 35W" handles everything i throw at it. Plus it almost passive cooled just a 140 case fan and large cheap tower type heat sink

                    1 Reply Last reply Reply Quote 0
                    • M
                      messerchmidt last edited by

                      http://www.supermicro.com/products/system/1U/5018/SYS-5018A-MHN4.cfm

                      add ecc ram and a hd/ss/dsata-dom

                      overkill but it works

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post