Small business with 40 clients, so far IPCop
-
Hello all,
we have a advertising company with 40 clients.
So far I use IPCop for routing. Now the hardware needs to be changed soon.
I am thinking of switching to pfsense because one customer needs a some kind of a vpn connection which can be ralisesd with pfsense.At the moment I use an old computer with IPCop.
My questions are:
1. Do I need to use an old computer or is there some kind of a mini device I can use or build by myselfe (if it is not too difficult).
For us speed is important. The system has to connect three LANS in our office (no www) and it needs to be fast.
Can you please help me on this.2. I need to put on one Port two IPs and configure my own routes.
As far as I know this can be done with pfsense. Is that so?Thank you very much
Markus :D -
Hello all,
we have a advertising company with 40 clients.Is that 40 customers you sell services to as an advertising company, or 40 internal LAN clients? I ask because your next quote confused me:
I am thinking of switching to pfsense because one customer needs a some kind of a vpn connection
My questions are:
1. Do I need to use an old computer or is there some kind of a mini device I can use or build by myselfe (if it is not too difficult).
For us speed is important. The system has to connect three LANS in our office (no www) and it needs to be fast.
Can you please help me on this.pfSense is reported running marvelously on 256MB in 2.2RC. So, as always, a question for hardware recommendations will lead to a return question: what are you going to want to do with it?
There is a separate hardware subsection in this fine forum, you might want to read around there to get many fine ideas (notice Stephenw10, who comments there a lot - and knows a lot ;) ).
2. I need to put on one Port two IPs and configure my own routes.
As far as I know this can be done with pfsense. Is that so?I didn't understand the bold part, so I will leave this for the Seniors in this fine community ;D
-
For us speed is important. The system has to connect three LANS in our office (no www) and it needs to be fast.
Are these three separate subnets or just three areas?
Do you have a diagram of your current network complete with IP addresses of your subnets and firewall interfaces?
-
Sorry for my English.
Let me try it again :-)I need two new systems.
First:
We have to install a ftp server, so one customer can connect to it.
The customer uses a checkpoint firewall. I need now a device to establish the VPN connection.
So far I tried it with the German FritzBox but Checkpoint cannot connect to it since it doesn't use username/password authentification.
As far as I read pfsense is able to do the job.Here I thought a Board from PC Engines will do the job.
Second:
Here I really need some advice.
In our building we have three LANs. In each LAN I have a Qnap Server with two Gigabit connections to a LAN.
So far I have an IPCop installation on an old but performant Desctop PC running which needs to be replaced.
I do not want to use a Desctop PC anymore but I don't know which Hardware is doping the job.Is the APU1D4 from PC Engines performant enough?
It uses the Realtek chipset, so far I always use Intel.
Is it better to go with another board?
We have 40 persons working in our office, and the files can get pretty large (200 MB).I need to be able to configure my own routes and on one LAN Port I have to configure a second IP.
Thank you for your help
Markus -
This is one instance where size doesn't matter. What matters is how fast the transfers need to go.
I'm sorry to harp on a diagram but I don't like to work without one. See my sig for the type of information necessary. It doesn't have to be pretty, just informative. Pen and paper is fine.
-
Hello,
I did now a lot of research and found those two vendors:http://www.landitec.com/Network-Appliance-Hardware/Rackmount-Appliance:::58_9.html
and
https://www.applianceshop.eu/security-appliances/19-rack-appliances/pfsense-based-5.html
Does somebody have any experience with them?
Markus
-
Why not buy directly from pfsense and get support included for the prize?
https://www.pfsense.org/hardware/pfsense-store.html#c2758 -
Do you need full 1Gbps routing between each LAN?
Why do you need to use two boxes for this? You could easily use one box to be both a firewall and a VPN server.Steve
-
@mir:
if I have this right the hardware ships from the US.
I will have to pay customs and tax on it here in Germany.
If I have a problem it will take too lonh to replace the unit.ä@Steve:
I need two systems.One needs to manage gigabit routing between the LANs.
Also it has to do some logging and URL filtering for 40 clients.The other one needs to manage vpn connection with 12 Mbits/s upload and 100 Mbit/s download for about 15 clients.
Markus
-
I see. You can get exactly the same hardware in Germany here: http://www.axiomtek.de/products/ViewProduct.asp?view=1118
Axiomtek Deutschland GmbH, Hans-Böckler-Str 10. 40764 Langenfeld -
Hello,
I did now a lot of research and found those two vendors:https://www.applianceshop.eu/security-appliances/19-rack-appliances/pfsense-based-5.html
Does somebody have any experience with them?
Markus
I had. In presales when I started my journey in pfSense. Expect to be bullied and be told to f* off when you want to bring their extremely meager warranty on the table (conflicting with EU laws when it comes to consumers - which I am. They copy cat 'apple', it seems: ignore the mandatory law, 'so sue me').
'Nother member in this fine forum posted that a battery in his hardware had gone, he applied for warranty, but they never responded after multiple reminders so he bought a battery himself and fixed that in his machine.
The shop also runs a spin off of pfSense, called opnsense. There's a thread about it.
Personally I would not, for the life of it, come near them. But that's me ;D
-
-
I need two systems.
One needs to manage gigabit routing between the LANs.
Also it has to do some logging and URL filtering for 40 clients.The other one needs to manage vpn connection with 12 Mbits/s upload and 100 Mbit/s download for about 15 clients.
Right, but is there some reason that both those services can't be on the same pfSense box? They are in different physical locations perhaps?
Steve
-
I have no experience with Axiomtek. It was also just an example. Try google and see if there is not a reseller near you.
-
buy a premade unit or build one
i suggest
8 core atom supermicro board with quad lan: http://www.supermicro.com/products/motherboard/Atom/X10/A1SAM-2750F.cfm
16gb corsair ecc ra (8gbx2)
pick a ssd, sata-dom, or small hd
300w seasonic psu
pick a case a case
overkill, but futureproof. you can run some vms on same for the future if you choose.
4x onboard gigbit nic via intel 3540 t4
extra pcie slots for future use
can be remotely managed with ipmi, which is a nice feature.
-
Hello,
if not realized until now there where other options for you!
At Q4-2015 Soekris brings out the net6801 and there fore a 19"
rack case will be available and also soekris LAN1841 Quad GB LAN Port cards
so you are able to have an appliance with 12 GB LAN Ports in total, if needed.If it is urgent for you I would be looking for the following,
- SG2440
- RCC-VE-4860
- Cisco SG300-52
So you are able to set up VLANs for all companies.
-
I built a router from parts I listed here that would also do all of what you are wanting in one box. I suppose you could build two of them if you really need two physical boxes. Although the VPN box could probably use the C2558 version of the board to save some money.
-
for the price difference, I would go for the 8 core vs 4 core atom. better to have too much than not enough.
the new xeon d is a monster that should be out soon if you need more power. a couple hundred dollars more. not much for a business.
