50 User - Total Package



  • I'm moving my company from IPCop to pfSense. We've grown and need a firewall solution to match. What I'd like to use is a HDD or SSD with several packages installed.

    Squid, LightSquid or sarg, HAVP, Snort, dansguardian

    Users:30 but building for 50
    Internet Speed:100mbps DOWN - 7mbps UP

    Out of our 30 users MAYBE 10 actually need/use the internet all day. Our current traffic logs in IPCop show us spiking around 4.5mbps. I realize this could be cable,hardware, or software bottlenecks but I'm not so concerned with solving the problem as I am upgrading systems first. Although we don't actually use all of our internet speed, I want to build a system to support it.

    So with this in mind I'm looking for hardware to support around 50 users (20 internet reliant) with an ISP speed of 100mbps. 1 maybe 2 VPN connections for mobile users.

    Can someone give me some recommended hardware for this network? I would like to see 4 NIC ports or the option to expand into 4. I've looked at the store and like the prebuilt options but I think I could build something for much less. I doesn't need to be a small little box or 1u rack box. We're currently using an old Acer desktop for IPCop and another desktop would be fine.

    Thank you!



  • bump


  • Netgate Administrator

    If you don't need the full 100Mbps with encrypted traffic then almost anything will likely be sufficient.
    What is your current IPCop box?
    Since you want Squid, HAVP and Snort, probably the three hungriest packages you'll need plenty of RAM. You might manage it in 2GB but 4GB+ would be better to be safe.
    I would be looking for, at the very low end, a high clocked Core2Duo. You might run out of cycles using Snort if you don't tune it though. Sucuricata is reportedly much less resource intensive.

    Since I've never run a box with that particular set of requirements these are figures pulled out of my head! YMMV.  ;)
    I welcome other opinions.

    Have you looked at these?
    http://www.netgate.com/adi/#solutions

    Steve



  • Thank you Steve for the help!

    Our current system

    Acer AM1610-B1304A
    Intel Dual-Core E2180 (1MB L2 cache, 2.0GHz, 800MHz FSB)
    2gb ddr2 (This is MAX)

    I got the feeling they were some needy packages when reading about them..the more I read the more I realized "the old box in the corner" wasn't going to work. I really would like to build a PFSense box, from what I'm gathering I'll be a 300-400 into hardware before it's built well enough to function properly?

    I've not see those yet but will check them out now. I've got a couple other projects that need a simple DHCP server.


  • Netgate Administrator

    $US?

    I would normally suggest just loading pfSense on your existing hardware and seeing how it goes but I guess you're still running IPCop on it.

    If you're buying new hardware it's hard to recommend anything other than something based on one of the multicore Rangeley or Avoton Atoms. The pfSense devs are using these and they offer a great performance/power consumption ratio. They aren't cheap though but you get what you pay for.

    Steve



  • @Hanley:

    TAcer AM1610-B1304A
    Intel Dual-Core E2180 (1MB L2 cache, 2.0GHz, 800MHz FSB)
    2gb ddr2 (This is MAX)

    Squid and Dans can be a little hungry. I think that processor would be fine, but I might go with a quality SSD and 4GB ram - especially if you want to do blacklist and content filtering (although it doesn't look like the current box is upgradeable?).

    @Hanley:

    I really would like to build a PFSense box, from what I'm gathering I'll be a 300-400 into hardware before it's built well enough to function properly?

    You're probably not far off - especially if you want multiple NIC's. There have been some forum posts showing boxes on Aliexpress, etc. running c1037u processors. There's a lot of pros/cons to going that route, but it's inexpensive and would definitely meet your need. Likewise, an older HP DC 7000 or 8000 series box with a Core 2 duo (similar to your current box) or a low-end I3 would also work and it would give you slots for NIC's, support more memory and be very quiet. You can get them off eBay pretty cheap.



  • This is what I have and would recommend the same (except maybe better hard drive). Check on eBay. You will get all the hardware you need for much less price. I got the CPU mobo combo for just $102.75 shipped

    Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz
    ASUS P8B75-M LX PLUS LGA 1155
    8GB RAM
    100GB laptop drive
    2 x Dual port Intel NICs PCIe

    Package Name Category Package Version
    Dansguardian Services 2.12.0.3_2 pkg v.0.1.12
    pfBlocker         Firewall 1.0.2
    RRD Summary System 1.1
    snort                 Security 2.9.7.0 pkg v3.2.1
    squid3         Network 3.1.20 pkg 2.1.2

    Dansguardian has clamd (virus scanning) service activated and Snort has all the rulesets loaded.

    This supports a 110Mbps/20Mbps WAN without breaking a sweat. At full 110Mbps WAN activity (for over 14 hours non stop) the CPU hovers between 12-19%. Have 5 VPN users on this as well.



  • @Asterix:

    Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz
    ASUS P8B75-M LX PLUS LGA 1155
    8GB RAM
    100GB laptop drive
    2 x Dual port Intel NICs PCIe

    i have similar but "Intel Core i3-3220T 2.8GHz 35W" handles everything i throw at it. Plus it almost passive cooled just a 140 case fan and large cheap tower type heat sink



  • http://www.supermicro.com/products/system/1U/5018/SYS-5018A-MHN4.cfm

    add ecc ram and a hd/ss/dsata-dom

    overkill but it works


Log in to reply