Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Another hardware recommendation question

    Scheduled Pinned Locked Moved Hardware
    33 Posts 12 Posters 5.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      reilos
      last edited by

      Hi there,

      I'm fairly new here and i did search this forum, but please forward me to already existing info that i missed.

      I would like to build a pfsense box for my home network.. My setup would be like this:

      internet (fiber, 500Mb/s) modem –-  pfsense box --- managed gigabit switch  --- everything else

      everything else includes:

      • wired:
      • NAS (FreeNAS, dual-nic, LACP)
      • playstation 3, wii
      • raspberries and other media players
      • smart tv's & pvr's
      • laptops
      • wireless, via 2 wireles access points (1 cisco/linksys, 1 apple airpoirt)
      • laptops
      • tablets
      • phones

      What hardware would you recommend, leaving enough room for future use, maximum performance (don't think i wil evenr upgrade beyond the 500 Mb/s internet connection), while keeping the costs as low as possible? Probably the game consoles do not need to managed or monitored at all.

      What pfsense applications/functions require the most af the hardware resources? (So i can choose what i want to use vs cost of hardware)

      I think intel nics and an encryption supporting CPU are the way to go?

      Thanks in advance!

      1 Reply Last reply Reply Quote 0
      • K
        kejianshi
        last edited by

        I would go ahead and buy the most current and expensive piece of hardware that you can find in the ESF store, since no matter what I recommend, that what others will recommend and ultimately thats what you will go with.  The 8 core atoms are quite nice.

        http://store.pfsense.org/c2758/

        By all means, do not buy cheap, used readily available hardware with 2-4 cores, i3 - to - i7.

        I'm using a old athlon x2 dual core and it never goes over 14% and can handle your bandwidth just fine.

        But I've built lots of very expensive boxes for people who like to never see more than 1% load (-:  haha

        1 Reply Last reply Reply Quote 0
        • jahonixJ
          jahonix
          last edited by

          @reilos:

          What pfsense applications/functions require the most af the hardware resources?

          snort / Dansguardian / ClamAV / NMAP / Encryption (VPN) / squid probably.

          1 Reply Last reply Reply Quote 0
          • R
            reilos
            last edited by

            @kejianshi:

            I would go ahead and buy the most current and expensive piece of hardware that you can find in the ESF store, since no matter what I recommend, that what others will recommend and ultimately thats what you will go with.

            Why you think i would do that? Why would i come here for advice if i do not have the intention to follow the reccomendations?

            @kejianshi:

            By all means, do not buy cheap, used readily available hardware with 2-4 cores, i3 - to - i7.
            I'm using a old athlon x2 dual core and it never goes over 14% and can handle your bandwidth just fine.

            So why would you reccommend to buy the most expensive hardware first?

            I came here for some serious advice and even hope to get some explanation to why specific hardware is suitable for my specific use case. Your response does not seem very helpful.

            @jahonix:

            snort / Dansguardian / ClamAV / NMAP / Encryption (VPN) / squid probably.

            Thanks

            1 Reply Last reply Reply Quote 0
            • K
              kejianshi
              last edited by

              I've been recommending to use cheaper, used readily available hardware when possible…  Few people listen and most disagree.

              I thought I'd try child psychology this time and see how it goes (-:

              If you have a used laptop with dual core celeron processor or better and 2GB ram or better and a expresscard slot you can put a gibit nic into, that would also work wonderfully...

              So, don't do that either.  (-:

              (I like using old laptops for pfsense if you have an old one you don't need) - Even better if it has a new battery.

              1 Reply Last reply Reply Quote 0
              • R
                reilos
                last edited by

                I do not have old hardware to re-use, so i have to buy everything new…or used.

                And now comes the REAL advice......?

                1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  Yes, there are a lot of variables here. Really the only thing we have that's fixed is the 500Mbps WAN bandwidth. At the low end if you don't run any packages, so just firewall and NAT, and you only have a single internal interface then almost any old hardware you have to hand will probably be sufficient. 2 NICs in anything faster than a Pentium 4 will pass 500Mbps easily (some P4s also  ;)) and that's not a bad way to go initially. Spend no money, gain experience installing/running pfSense and come away with a much better idea of what you might need longer term.
                  At the other end of the scale you might want to run Snort, Squid/Squidguard and HAVP. Perhaps you want to route all your traffic over a VPN (the full 500Mbps). You could have several internal subnets, segregated wifi and guest wifi. You're going to need something considerable more powerful to do that obviously. It gets much harder to estimate exactly but I would suggest a fast i3 or the previously mentioned Rangely Atoms.

                  Steve

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S
                    stephenw10 Netgate Administrator
                    last edited by

                    You posted while I was typing.  ::)
                    You really have no spare hardware? You could pick something up for next to nothing then as a test.

                    Steve

                    1 Reply Last reply Reply Quote 0
                    • A
                      asterix
                      last edited by

                      I posted the below information in another thread as well. It may be worth your time to explore it. You can throw in more resource intensive packages on it and it will handle with no issues.

                      Rangley Atom configs are great but I still don't see the cost to benefit ratio. The power saved and $$ to recoup this expensive piece of hardware is not likely to happen in a year's time. If they come down in price (yes they will some time in future.. all hardware prices do.. lol) then I see the point in buying them. For now I am sticking with i3.

                      –-------------------------------------------------------------------------------------------
                      This is what I have and would recommend the same (except maybe better hard drive). Check on eBay. You will get all the hardware you need for much less price. I got the CPU mobo combo for just $102.75 shipped

                      Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz
                      ASUS P8B75-M LX PLUS LGA 1155
                      8GB RAM
                      100GB laptop drive
                      2 x Dual port Intel NICs PCIe

                      Package Name  Category  Package Version
                      Dansguardian  Services  2.12.0.3_2 pkg v.0.1.12
                      pfBlocker          Firewall  1.0.2
                      RRD Summary  System  1.1
                      snort                  Security  2.9.7.0 pkg v3.2.1
                      squid3          Network  3.1.20 pkg 2.1.2

                      Dansguardian has clamd (virus scanning) service activated and Snort has all the rulesets loaded.

                      This supports a 110Mbps/20Mbps WAN without breaking a sweat. At full 110Mbps WAN activity (for over 14 hours non stop) the CPU hovers between 12-19%. Have 5 VPN users on this as well.

                      And part of this in another thread...

                      The hardware will easily support your 850/850 bandwidth along with resource intensive packages fully loaded. I have tested the same config in a test environment and it used up the entire 1 gigabit WAN network (my test network is 1 gigabit only) and the CPU was around 39-42% with the resource intensive packages. On base install the CPU never crossed 20%. I thought of doing a 2 gigabit test but it wasn't worth my time.


                      1 Reply Last reply Reply Quote 0
                      • R
                        reilos
                        last edited by

                        @stephenw10:

                        Yes, there are a lot of variables here. Really the only thing we have that's fixed is the 500Mbps WAN bandwidth. At the low end if you don't run any packages, so just firewall and NAT, and you only have a single internal interface then almost any old hardware you have to hand will probably be sufficient. 2 NICs in anything faster than a Pentium 4 will pass 500Mbps easily (some P4s also  ;)) and that's not a bad way to go initially. Spend no money, gain experience installing/running pfSense and come away with a much better idea of what you might need longer term.
                        At the other end of the scale you might want to run Snort, Squid/Squidguard and HAVP. Perhaps you want to route all your traffic over a VPN (the full 500Mbps). You could have several internal subnets, segregated wifi and guest wifi. You're going to need something considerable more powerful to do that obviously. It gets much harder to estimate exactly but I would suggest a fast i3 or the previously mentioned Rangely Atoms.

                        Steve

                        Thanks! this is some advice i can work with. Or at least start with  :D
                        I want to use firewall, nat and i only have a single internal interface, mabe one extra for the PS3, so it won't interfere with the internal network. I won't route the full 500Mb over an encrypted vpn connection, but i do plan on using vpn to connect to my network remote. And now that you start mentioning things like segregated wifi and guest wifi, i might want that too! :P
                        Anyway, your advice is noted. Start small and cheap, learn, and later decide.

                        @stephenw10:

                        You posted while I was typing.  ::)
                        You really have no spare hardware? You could pick something up for next to nothing then as a test.

                        Steve

                        Yeah, maybe some friend or relative has some spare parts :)

                        1 Reply Last reply Reply Quote 0
                        • R
                          reilos
                          last edited by

                          @Asterix:

                          I posted the below information in another thread as well. It may be worth your time to explore it. You can throw in more resource intensive packages on it and it will handle with no issues.

                          Thanks! I'll check it out!

                          1 Reply Last reply Reply Quote 0
                          • K
                            kejianshi
                            last edited by

                            Your requirements should be extremely easy…

                            2 cores or more, 2ghz or more

                            2 gb memory or more

                            1 built in intel/realteck/broadcom  nic

                            plus 1 PCI or pcie interface to add another intel gb nic

                            low power is better - aim 65w cpu or less, but if its more its fine.  Just abit of extra electricity bill.

                            1 HD or SSD, 64GB or more for a full install.

                            I like to have the option to plug in a keyboard/mouse/vga monitor, but many dont.

                            Shop ebay

                            Or, buy new - that also works.

                            used can cost you less than $100 and new can be upwards of $600 or more depending on your taste for overkill.

                            1 Reply Last reply Reply Quote 0
                            • M
                              mir
                              last edited by

                              If you rack mount IPMI over KVM is very handy. Most boards from SuperMicro has this feature.

                              1 Reply Last reply Reply Quote 0
                              • stan-qazS
                                stan-qaz
                                last edited by

                                I went to NewEgg.com and bought a refrubished HP 7900, small form factor box, added a couple NICs from my parts box and swapped in a cheap small SSD for the hard drive. Only one thing to watch and that is to insure that the power supply is a "Revision B" or newer if you plan to use the box on a UPS, the PFC circuitry in the Revision A boxes does not do well with that. If you do get a Rev a one  a rev B power supply is cheap on ebay if you do need to upgrade.

                                Under $200 for everything if I had to buy new NICs and a SSD. Got a free OEM Windows 7 pro disk tossed in for use elsewhere too. If this link works it will pull up four likely systems:

                                http://www.newegg.com/Product/Productcompare.aspx?Submit=ENE&N=-1&IsNodeId=1&Description=hp%20refurbished%20desktop&bop=And&CompareItemList=-1%7C83-250-180%5E83-250-180-03%23%2C83-281-287%5E83-281-287-TS%2C83-280-184%5E83-280-184-TS%2C83-256-341%5E83-256-341-04%23&percm=83-250-180%3A%24%24%24%24%24%24%24%3B83-281-287%3A%24%24%24%24%24%24%24%3B83-280-184%3A%24%24%24%24%24%24%24%3B83-256-341%3A%24%24%24%24%24%24%24

                                1 Reply Last reply Reply Quote 0
                                • K
                                  kejianshi
                                  last edited by

                                  You would probably be ok with any power supply if you happen to have a pure sine wave ups laying around.

                                  1 Reply Last reply Reply Quote 0
                                  • jahonixJ
                                    jahonix
                                    last edited by

                                    @stan-qaz:

                                    I went to NewEgg.com and bought a refrubished HP 7900, small form factor box,…

                                    Am I correct in assuming that all but one of those devices only run 32-bit software?
                                    This could be a drawback with future upgrades, can't it.

                                    1 Reply Last reply Reply Quote 0
                                    • K
                                      kejianshi
                                      last edited by

                                      I admittedly could give a crap less about form-factor for my personal box.  All I ask is good performance, reliability, reasonable low power consumption and ability to set bios to power on after blackout and to wake on lan.  64 bit capable boxes with 2/4/8 GB ram already installed with way reliable overkill psu are a dime a dozen on ebay.  Mine in Maryland is a mid-tower atx.

                                      Its abandoned in my basement there amongst other clutter and no one will complain.

                                      1 Reply Last reply Reply Quote 0
                                      • K
                                        kejianshi
                                        last edited by

                                        You can get hardware to fit the bill dirt cheap

                                        http://www.ebay.com/itm/HP-dc7900-intel-c2d-e8400-3-0ghz-4gb-250gb-dvdrw-wifi-win-7-pro-64-sff-computer-/381117759178?pt=Desktop_PCs&hash=item58bc637eca

                                        1 Reply Last reply Reply Quote 0
                                        • stan-qazS
                                          stan-qaz
                                          last edited by

                                          I'm using APC BackUps Pro 1500s here and they don't provide good enough power, not sure if it is the waveform or the switching delay. Every 7900 with an A rev supply glitches on power transfers and every B rev is fine. All are now B rev after a quick visit to ebay.

                                          Newegg is offering a couple 8000s for $139 and $149 today:

                                          http://flash.newegg.com/Campaign/4053?utm_source=NFEmail011615&utm_medium=index&utm_campaign=SaleBanner_B3G_4053&cm_mmc=EMC-NFEmail011615--SaleBanner_B3G_4053--4053-_-NA

                                          They aren't on the power supply warning list from HP.

                                          http://h20566.www2.hp.com/hpsc/doc/public/display?sp4ts.oid=3785403&docId=emr_na-c01718939&lang=en&cc=us

                                          1 Reply Last reply Reply Quote 0
                                          • H
                                            Harvy66
                                            last edited by

                                            @kejianshi:

                                            You would probably be ok with any power supply if you happen to have a pure sine wave ups laying around.

                                            I've seen cheap PSUs, spark, flare, and smoke. Even if contained in a metal box, I'm not a fan of electrical fires in my computer. I only purchase namebrand PSUs myself.

                                            I've seen all kinds of stupid stuff from no-name PSUs, assuming that's what you meant by "any".

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.