Any known server hardware that works with pfSense?



  • Hello Forum, I´m rebuilding our firewalls for a big production environment

    Is there any known server hardware that works with pfSense? I´m looking for;

    1 to 2 units
    Redundant PSU´s
    Xeon CPU, 1 or 2 sockets
    4 or more HotPlug disk´s

    I prefer HP Servers

    I have been looking for DL360 Gen8, but don´t know if they work 100% with pfSense 2.2, and don´t know about drivers for various NIC cards or raid controllers. There are so many models and variations.

    Is there like a list of guaranteed models that members of the pfSense forum has been trying out and know they work?

    Best regards
    Spix



  • Why would you need 4 hard drives for a firewall?

    Anyway, I'm currently using two of these at my main office, equipped with (12) Intel i350 Gbe ports and (2) Intel X520 10Gbe ports.

    http://www.lannerinc.com/products/x86-network-appliances/rackmount/fw-8865

    Later this year I'll probably move to this lovely box and go all 10Gbe.

    http://www.lannerinc.com/products/x86-network-appliances/x86-rackmount-appliances/fw-8894



  • I bet you won't.  :-)



  • 4 hard drives in RAID 10 for Squid Proxy. 4500 users, 2 x 2Gbit internet Connections.



  • @Jason:

    Why would you need 4 hard drives for a firewall?

    Anyway, I'm currently using two of these at my main office, equipped with (12) Intel i350 Gbe ports and (2) Intel X520 10Gbe ports.

    http://www.lannerinc.com/products/x86-network-appliances/rackmount/fw-8865

    Later this year I'll probably move to this lovely box and go all 10Gbe.

    http://www.lannerinc.com/products/x86-network-appliances/x86-rackmount-appliances/fw-8894

    Jason - if you wouldn't mind sharing, could you please reveal where you source your Lanner gear?  I've looked at their website, but they don't even publish pricing, and a quick check of my usual vendors turned up zero results.

    Perhaps I'm missing something obvious … wouldn't be the first time! :)

    Thanks!



  • @gonzopancho:

    I bet you won't.  :-)

    Why?  Got something better coming with 10Gbe ports?  I've started to use pfSense internally for filtering as well as at network edge and if I can't push traffic at 10Gbe+ internally I'll have users complaining.

    @Phobia:

    @Jason:

    Why would you need 4 hard drives for a firewall?

    Anyway, I'm currently using two of these at my main office, equipped with (12) Intel i350 Gbe ports and (2) Intel X520 10Gbe ports.

    http://www.lannerinc.com/products/x86-network-appliances/rackmount/fw-8865

    Later this year I'll probably move to this lovely box and go all 10Gbe.

    http://www.lannerinc.com/products/x86-network-appliances/x86-rackmount-appliances/fw-8894

    Jason - if you wouldn't mind sharing, could you please reveal where you source your Lanner gear?  I've looked at their website, but they don't even publish pricing, and a quick check of my usual vendors turned up zero results.

    Perhaps I'm missing something obvious … wouldn't be the first time! :)

    Thanks!

    I call or email Lanner, they send me a quote, I order, I get it 1-3 weeks later.



  • @Jason:

    Why would you need 4 hard drives for a firewall?

    Anyway, I'm currently using two of these at my main office, equipped with (12) Intel i350 Gbe ports and (2) Intel X520 10Gbe ports.

    http://www.lannerinc.com/products/x86-network-appliances/rackmount/fw-8865

    Later this year I'll probably move to this lovely box and go all 10Gbe.

    http://www.lannerinc.com/products/x86-network-appliances/x86-rackmount-appliances/fw-8894

    Where can I get this?`
    http://www.lannerinc.com/products/x86-network-appliances/x86-rackmount-appliances/fw-8894



  • @Jason:

    equipped with (12) Intel i350 Gbe ports and (2) Intel X520 10Gbe ports.

    12 x 4 NICs  :o

    I have 4 NICs  :P

    ( ;D )

    Do you have > 40 subnets, Jason, or is for something else?



  • It's (12) 1Gbe i350 ports, not (48) 1Gbe.

    I was using them for (4) WAN connections and a bunch of internal vLANs.  Most of the 1Gbe ports are now empty because I've shifted the bulk of the traffic over to trunked 10Gbe ports.



  • @Spix:

    4 hard drives in RAID 10 for Squid Proxy. 4500 users, 2 x 2Gbit internet Connections.

    If you are planning to build something to accomodate 4500 users, you could contact he pfsense devs or netgate ….
    perhaps one of their appliances, that are fully tested, and have commercial support, are a good option



  • @Jason:

    It's (12) 1Gbe i350 ports, not (48) 1Gbe.

    I was using them for (4) WAN connections and a bunch of internal vLANs.  Most of the 1Gbe ports are now empty because I've shifted the bulk of the traffic over to trunked 10Gbe ports.

    Zorry, I misunderstood  ;D



  • @heper:

    @Spix:

    4 hard drives in RAID 10 for Squid Proxy. 4500 users, 2 x 2Gbit internet Connections.

    If you are planning to build something to accomodate 4500 users, you could contact he pfsense devs or netgate ….
    perhaps one of their appliances, that are fully tested, and have commercial support, are a good option

    I tend to agree, actually, as the stupid economist; if it's something for 4500 ( :o ) users, I'd want full support for it, preferably 24/7.

    The current head quarters of a huge (huge) multinational over here, one of my clients, staffs 800 people. I'm sure many people in here would drewl when seeing their IT-department's stuff  ;D



  • @Jason:

    It's (12) 1Gbe i350 ports, not (48) 1Gbe.

    I was using them for (4) WAN connections and a bunch of internal vLANs.  Most of the 1Gbe ports are now empty because I've shifted the bulk of the traffic over to trunked 10Gbe ports.

    Thats a useful looking box. Can you fit multiple 10gbe cards, i.e 24 1gbe and 24 x 10gbe?
    What sort of throughput are you seeing with std and jumbo frames Jason? This could be just what I'm looking for…



  • You're talking about 10Gb ports and stuff. SSDs for that RAID? Make sure you have TRIM enabled, it will be very useful for data that churns. I would just purchase 4 Samsung 850 EVO 500GB. They're fast, cheap, and quite reliable. Just keep an eye on how many writes are done over time. They're warranties for 150TB written, but stress testers have gotten them to 800TB before SMART showed blocks getting shuffled.

    Personally, I would swap out two drives once they have reached 1/2 of their writes, to keep uneven wear. You don't need both mirrors dying at the same time because they have the same amount of data written.



  • @irj972:

    @Jason:

    It's (12) 1Gbe i350 ports, not (48) 1Gbe.

    I was using them for (4) WAN connections and a bunch of internal vLANs.  Most of the 1Gbe ports are now empty because I've shifted the bulk of the traffic over to trunked 10Gbe ports.

    Thats a useful looking box. Can you fit multiple 10gbe cards, i.e 24 1gbe and 24 x 10gbe?
    What sort of throughput are you seeing with std and jumbo frames Jason? This could be just what I'm looking for…

    There are (4) 1Gbe built-in and room for two expansion cards.  I know you can do (4) 10Gbe with two dual-port cards.  Not sure if the 8865 supports the quad-port expansion cards.

    The best I've seen is ~2.3Gbit/s single stream and about twice that with multiple, but I'm still on 2.1.5 because of the stupid CARP+Limiters bug in 2.2.  I'm expecting better with newer drivers and multi-threaded pf.



  • I'm working in a similar project, and I was considering that:

    http://www.lannerinc.com/products/x86-network-appliances/rackmount/fw-8896

    Talking with Lanner engineering about FreeBSD 10 compatibility they said me that it hangs on boot with this network appliance….

    It's a very brand new model and I suspect that is in fact compatible, but with some workaround to boot...

    Is someone there using a similar equipment? (Same CPU and chipset)

    I'm considering similar hardware too, tips are welcome!  ;)



  • @Blooregard:

    I'm working in a similar project, and I was considering that:

    http://www.lannerinc.com/products/x86-network-appliances/rackmount/fw-8896

    Talking with Lanner engineering about FreeBSD 10 compatibility they said me that it hangs on boot with this network appliance….

    It's a very brand new model and I suspect that is in fact compatible, but with some workaround to boot...

    Is someone there using a similar equipment? (Same CPU and chipset)

    I'm considering similar hardware too, tips are welcome!  ;)

    • 1 from for that!

    Thanks for sharing your experiences, we where also looking forward to a bigger and faster instance
    to run pfSense native installed on and we where playing arround with the brand new Lanner-FW8895
    shown under the links in the next lines.

    Lanner has also distributors in various countries, here in Germany where I am, we have two of them
    and like jason was telling before, we also call them, order and whait three till five weeks and the
    hardware is there!

    The Lanner FW-8895 is capable of many ports in many assets and comes also with 4 hot swap able
    HDD slots. And on top we where looking with one eyes on this module for the FW-8895 for
    faster DPI packet processing and VPN speed but we are not nowing anything over the support
    in pfSense.

    Lanner FW-8895
    Lanner NCS-MTX401


Log in to reply