Need help sizing for 250 user buisness firewall
-
Looking to upgrade our old pfsense box running on a 1U Proliant DL160 G1 server.
I had a look at the c2759 appliance box at https://store.pfsense.org/c2758/ but as it would run as our primary fw, I would like to add some PS redundancy and some SSD redundancy in RAID1 (is ssd even safe enough relative to the read / write life of the ssd, or should I go HDD). I would have got it straight away if it had 2 SSD and 2 PS.
I'am completely noob in the pfsense "world", but my plan is to export the current running config, and import it on the new box running pfsense 2.2 and modify if I need to.
Any suggestion on hardware for this is much appreciate.
Price range: $2000 including shipment to EUDetails:
200 users (more to come in the next years.)
Internet: 100 Mbit up/down
4 websites running as we speak.
Min. 4 RJ45 ports
Would prefer a appliance box or pre-build server
Needs warrantyThanks
/aze -
If you have money enough for that box and you want it 100% bullet proof, have them put a couple of industrial SLC SSDs in it. It will outlast your business.
However, technically speaking. Good MLC SSDs with trim should last years longer than you want to use the router. Talk to them and see what they will do for you.
As for the bandwidth, this thing can handle it - no problems. Its future proof unless you get faster than 1 gigabit drop.
-
Are you running any packages? VPNs?
-
#1 I requested a SLC SSD, but they wont change the standard setup.
#2 Yep, I use OpenVPN.
Any good suggestions on hardware? -
You require the full 100/100Mbps of VPN traffic?
Are you running hungry packages like Squid or Snort?Steve
Edit: typo
-
@Aze:
Looking to upgrade our old pfsense box running on a 1U Proliant DL160 G1 server.
Thanks
/azeWatch carefully what Steve says; he's always right in these matters ;D
-
I'm pretty often wrong I just try not to say it out loud. ;)
Steve
-
I'm usually wrong - so you probably can't trust this device or industrial SSD drives…
-
#4 - No, people are just using VPN to work on documents and mails from laptops, no heavy trafik or heavy packages installed.
Someone in another thread mentioned this bastard, but I'am not able to find any supplier: http://www.lannerinc.com/products/x86-network-appliances/x86-rackmount-appliances/fw-8894 -
You don't need anything anywhere near that powerful. The fw-7551 would easily handle your requirements. That is sufficiently powerful that it will push the full 100Mbps of vpn or run packages if you want to.
Steve
-
You don't need anything anywhere near that powerful. The fw-7551 would easily handle your requirements. That is sufficiently powerful that it will push the full 100Mbps of vpn or run packages if you want to.
Steve
Thanks Steve… I'am going to get myself two of these http://store.pfsense.org/c2758/ and let one of them stand "cold" as backup/redundans. Go big or go home.
/
-
Why buy one when you can two for only twice the price right?
You may be able to configure these to fail over automatically unless you don't like running 2 simultaneously?
-
Well you'll certainly be future proofed with that. :)
Steve
-
http://www.supermicro.com/products/motherboard/Atom/X10/A1SRM-LN7F-2758.cfm
i would go with this and build around it.
-
If you have money enough for that box and you want it 100% bullet proof, have them put a couple of industrial SLC SSDs in it. It will outlast your business.
However, technically speaking. Good MLC SSDs with trim should last years longer than you want to use the router. Talk to them and see what they will do for you.
And what is in the box is a good->great Intel 120GB SSD, http://www.intel.com/content/dam/www/public/us/en/documents/product-specifications/ssd-530-sata-specification.pdf which is one of the best at avoiding write amplification, and the 120GB is vastly over-provisioned for a pfSense workload. (and yes, we enable TRIM.)
Sigh… people on the internet who think that the solution is always "SLC" in non-industrial temp conditions ...
As for the bandwidth, this thing can handle it - no problems. Its future proof unless you get faster than 1 gigabit drop.
You'd be surprised how fast they'll actually go. We use several of these in the lab for testing.
-
You know why I like SLC? Because I've never had even 1 single failure with those. Not 1.
Doesn't mean the MLC in this unit isn't also great.
