Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Small business with 40 clients, so far IPCop

    Hardware
    8
    18
    3427
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mark99 last edited by

      Hello all,
      we have a advertising company with 40 clients.
      So far I use IPCop for routing. Now the hardware needs to be changed soon.
      I am thinking of switching to pfsense because one customer needs a some kind of a vpn connection which can be ralisesd with pfsense.

      At the moment I use an old computer with IPCop.

      My questions are:

      1. Do I need to use an old computer or is there some kind of a mini device I can use or build by myselfe (if it is not too difficult).
      For us speed is important. The system has to connect three LANS in our office (no www) and it needs to be fast.
      Can you please help me on this.

      2. I need to put on one Port two IPs and configure my own routes.
      As far as I know this can be done with pfsense. Is that so?

      Thank you very much
      Markus  :D

      1 Reply Last reply Reply Quote 0
      • M
        Mr. Jingles last edited by

        @mark99:

        Hello all,
        we have a advertising company with 40 clients.

        Is that 40 customers you sell services to as an advertising company, or 40 internal LAN clients? I ask because your next quote confused me:

        @mark99:

        I am thinking of switching to pfsense because one customer needs a some kind of a vpn connection

        @mark99:

        My questions are:

        1. Do I need to use an old computer or is there some kind of a mini device I can use or build by myselfe (if it is not too difficult).
        For us speed is important. The system has to connect three LANS in our office (no www) and it needs to be fast.
        Can you please help me on this.

        pfSense is reported running marvelously on 256MB in 2.2RC. So, as always, a question for hardware recommendations will lead to a return question: what are you going to want to do with it?

        There is a separate hardware subsection in this fine forum, you might want to read around there to get many fine ideas (notice Stephenw10, who comments there a lot - and knows a lot  ;) ).

        @mark99:

        2. I need to put on one Port two IPs and configure my own routes.
        As far as I know this can be done with pfsense. Is that so?

        I didn't understand the bold part, so I will leave this for the Seniors in this fine community  ;D

        1 Reply Last reply Reply Quote 0
        • Derelict
          Derelict LAYER 8 Netgate last edited by

          @mark99:

          For us speed is important. The system has to connect three LANS in our office (no www) and it needs to be fast.

          Are these three separate subnets or just three areas?

          Do you have a diagram of your current network complete with IP addresses of your subnets and firewall interfaces?

          1 Reply Last reply Reply Quote 0
          • M
            mark99 last edited by

            Sorry for my English.
            Let me try it again :-)

            I need two new systems.

            First:
            We have to install a ftp server, so one customer can connect to it.
            The customer uses a checkpoint firewall. I need now a device to establish the VPN connection.
            So far I tried it with the German FritzBox but Checkpoint cannot connect to it since it doesn't use username/password authentification.
            As far as I read pfsense is able to do the job.

            Here I thought a Board from PC Engines will do the job.

            Second:
            Here I really need some advice.
            In our building we have three LANs. In each LAN I have a Qnap Server with two Gigabit connections to a LAN.
            So far I have an IPCop installation on an old but performant Desctop PC running which needs to be replaced.
            I do not want to use a Desctop PC anymore but I don't know which Hardware is doping the job.

            Is the APU1D4 from PC Engines performant enough?
            It uses the Realtek chipset, so far I always use Intel.
            Is it better to go with another board?
            We have 40 persons working in our office, and the files can get pretty large (200 MB).

            I need to be able to configure my own routes and on one LAN Port I have to configure a second IP.

            Thank you for your help
            Markus

            1 Reply Last reply Reply Quote 0
            • Derelict
              Derelict LAYER 8 Netgate last edited by

              This is one instance where size doesn't matter.  What matters is how fast the transfers need to go.

              I'm sorry to harp on a diagram but I don't like to work without one.  See my sig for the type of information necessary.  It doesn't have to be pretty, just informative.  Pen and paper is fine.

              1 Reply Last reply Reply Quote 0
              • M
                mark99 last edited by

                Hello,
                I did now a lot of research and found those two vendors:

                http://www.landitec.com/Network-Appliance-Hardware/Rackmount-Appliance:::58_9.html

                and

                https://www.applianceshop.eu/security-appliances/19-rack-appliances/pfsense-based-5.html

                Does somebody have any experience with them?

                Markus

                1 Reply Last reply Reply Quote 0
                • M
                  mir last edited by

                  Why not buy directly from pfsense and get support included for the prize?
                  https://www.pfsense.org/hardware/pfsense-store.html#c2758

                  1 Reply Last reply Reply Quote 0
                  • stephenw10
                    stephenw10 Netgate Administrator last edited by

                    Do you need full 1Gbps routing between each LAN?
                    Why do you need to use two boxes for this? You could easily use one box to be both a firewall and a VPN server.

                    Steve

                    1 Reply Last reply Reply Quote 0
                    • M
                      mark99 last edited by

                      @mir:
                      if I have this right the hardware ships from the US.
                      I will have to pay customs and tax on it here in Germany.
                      If I have a problem it will take too lonh to replace the unit.ä

                      @Steve:
                      I need two systems.

                      One needs to manage gigabit routing between the LANs.
                      Also it has to do some logging and URL filtering for 40 clients.

                      The other one needs to manage vpn connection with 12 Mbits/s upload and 100 Mbit/s download for about 15 clients.

                      Markus

                      1 Reply Last reply Reply Quote 0
                      • M
                        mir last edited by

                        I see. You can get exactly the same hardware in Germany here: http://www.axiomtek.de/products/ViewProduct.asp?view=1118
                        Axiomtek Deutschland GmbH, Hans-Böckler-Str 10. 40764 Langenfeld

                        1 Reply Last reply Reply Quote 0
                        • M
                          Mr. Jingles last edited by

                          @mark99:

                          Hello,
                          I did now a lot of research and found those two vendors:

                          https://www.applianceshop.eu/security-appliances/19-rack-appliances/pfsense-based-5.html

                          Does somebody have any experience with them?

                          Markus

                          I had. In presales when I started my journey in pfSense. Expect to be bullied and be told to f* off when you want to bring their extremely meager warranty on the table (conflicting with EU laws when it comes to consumers - which I am. They copy cat 'apple', it seems: ignore the mandatory law, 'so sue me').

                          'Nother member in this fine forum posted that a battery in his hardware had gone, he applied for warranty, but they never responded after multiple reminders so he bought a battery himself and fixed that in his machine.

                          The shop also runs a spin off of pfSense, called opnsense. There's a thread about it.

                          Personally I would not, for the life of it, come near them. But that's me  ;D

                          1 Reply Last reply Reply Quote 0
                          • M
                            mark99 last edited by

                            @mir:
                            Thank you. Do you know them?

                            @Mr. Jingles
                            Thank you for sharing your experiences

                            Markus

                            1 Reply Last reply Reply Quote 0
                            • stephenw10
                              stephenw10 Netgate Administrator last edited by

                              @mark99:

                              I need two systems.

                              One needs to manage gigabit routing between the LANs.
                              Also it has to do some logging and URL filtering for 40 clients.

                              The other one needs to manage vpn connection with 12 Mbits/s upload and 100 Mbit/s download for about 15 clients.

                              Right, but is there some reason that both those services can't be on the same pfSense box? They are in different physical locations perhaps?

                              Steve

                              1 Reply Last reply Reply Quote 0
                              • M
                                mir last edited by

                                I have no experience with Axiomtek. It was also just an example. Try google and see if there is not a reseller near you.

                                1 Reply Last reply Reply Quote 0
                                • M
                                  messerchmidt last edited by

                                  buy a premade unit or build one

                                  i suggest

                                  8 core atom supermicro board with quad lan: http://www.supermicro.com/products/motherboard/Atom/X10/A1SAM-2750F.cfm

                                  16gb corsair ecc ra (8gbx2)

                                  pick a ssd, sata-dom, or small hd

                                  300w seasonic psu

                                  pick a case a case

                                  overkill, but futureproof. you can run some vms on same for the future if you choose.

                                  4x onboard gigbit nic via intel 3540 t4

                                  extra pcie slots for future use

                                  can be remotely managed with ipmi, which is a nice feature.

                                  1 Reply Last reply Reply Quote 0
                                  • ?
                                    Guest last edited by

                                    Hello,

                                    if not realized until now there where other options for you!
                                    At Q4-2015 Soekris brings out the net6801 and there fore a 19"
                                    rack case will be available and also soekris LAN1841 Quad GB LAN Port cards
                                    so you are able to have an appliance with 12 GB LAN Ports in total, if needed.

                                    If it is urgent for you I would be looking for the following,

                                    • SG2440
                                    • RCC-VE-4860
                                    • Cisco SG300-52

                                    So you are able to set up VLANs for all companies.

                                    1 Reply Last reply Reply Quote 0
                                    • A
                                      antillie last edited by

                                      I built a router from parts I listed here that would also do all of what you are wanting in one box. I suppose you could build two of them if you really need two physical boxes. Although the VPN box could probably use the C2558 version of the board to save some money.

                                      1 Reply Last reply Reply Quote 0
                                      • M
                                        messerchmidt last edited by

                                        for the price difference, I would go for the 8 core vs 4 core atom. better to have too much than not enough.

                                        the new xeon d is a monster that should be out soon if you need more power. a couple hundred dollars more. not much for a business.

                                        1 Reply Last reply Reply Quote 0
                                        • First post
                                          Last post

                                        Products

                                        • Platform Overview
                                        • TNSR
                                        • pfSense
                                        • Appliances

                                        Services

                                        • Training
                                        • Professional Services

                                        Support

                                        • Subscription Plans
                                        • Contact Support
                                        • Product Lifecycle
                                        • Documentation

                                        News

                                        • Media Coverage
                                        • Press
                                        • Events

                                        Resources

                                        • Blog
                                        • FAQ
                                        • Find a Partner
                                        • Resource Library
                                        • Security Information

                                        Company

                                        • About Us
                                        • Careers
                                        • Partners
                                        • Contact Us
                                        • Legal
                                        Our Mission

                                        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                                        Subscribe to our Newsletter

                                        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                                        © 2021 Rubicon Communications, LLC | Privacy Policy