Looking for hardware.
-
I want to run VPN, Snort, Filtering on this install. I was looking at http://www.ebay.com/itm/Intel-Core-2-Duo-Mini-PC-Firewall-Network-Car-pfSense-monowall-m0n0wall-Untangle/321119555084?_trksid=p2047675.c100005.m1851&_trkparms=aid%3D222007%26algo%3DSIC.MBE%26ao%3D1%26asc%3D29385%26meid%3Da1191c2622cc4289993c4c898f28c99d%26pid%3D100005%26rk%3D4%26rkt%3D6%26sd%3D261828339822&rt=nc , But I was wondering if I could build a cheaper machine then this or a machine that would run all of this. I currently have a 50/8Mbps connection with three users and 10+ devices. Thank you.
-
You can probably build a better system (for pfSense) than that one, for probably about the same price.
Get a Supermicro Mini ITX Atom C2558 board ($260 on Amazon)
Get a mini-box M350 mini ITX case, DC-DC PSU, and power adapter ($70 from mini-box.com)
Get 4GB of Kingston ECC 1600 memory for the motherboard ($50 on Amazon)$380 (not including shipping and/or tax) will get you NEW equipment:
- A better processor - quad-core Rangeley Atom with AES-NI and QuickAssist and more power-efficient (15W vs 34W for the CPU)
- 4 ON-BOARD Intel gigabit NICs (vs 2 + 2 in the eBay system) PLUS a fifth for IPMI remote system management
- more RAM (4GB vs 1GB)
- fanless
- more compact
- etc…
BTW, that doesn't include a storage device... but that eBay system is just giving you a CF card for storage, so there's nothing great there. If you have a spare SATA laptop HDD or SSD, you'll be set.
You can definitely do better than that eBay system.
-
Thank you very much. Would a 120GB Samsung 840EVO work good? But will it die quickly since I will have web filtering installed?
-
Thank you very much. Would a 120GB Samsung 840EVO work good? But will it die quickly since I will have web filtering installed?
The Samsung840 series would not be affected by the actual firmware problems the
Samsung850 EVO & Pro series will be having, so if it is a Smasung840 I would try it
out, but please activate also the TRIM support then also for that device, owed to the
entire lifetime of the mSATA. -
Well I ordered this kit. Thank you for your help.
-
A quick note about that board… before you hook up any interface to the internet, connect the IPMI interface (the one with USB ports under it) to an existing network and log into it from a browser (ADMIN/ADMIN - yes, both all caps) and change the network setting so it's Dedicated, not Failover. Otherwise it will use one of the other interfaces for IPMI access, which you DON'T want!
After installing pfSense, make sure to enable AES-NI support in the Advanced settings... that should help your VPN performance!
-
Thank you very much for the tips!, so I after I install pfsense, connect the ethernet cable to the very first ethernet connector and up it to my current network?
-
Yes, only so you can set up IPMI to NOT use any of the other network adapters (set it to "Dedicated" so it always uses its own port). It wouldn't be good if IPMI "failed over" to use your WAN connection, would it? :)
-
Okay, so this port is going to be different from my wan and my lan ports?
-
Yes. The 5th connection won't show up for pfSense. pfSense will only see the four Gigabit ports that are clustered together (igb0-3). The 5th port (above the USB ports) will be strictly for management (IPMI). It doesn't NEED to be connected, but can be helpful for looking at the console from another computer on your network (Java required) or doing other things remotely like power-cycling, rebooting a hung system, etc.
But like I said, the critical thing is that you set it to be DEDICATED before you hook up the other ports, because you don't want it listening on any of your pfSense ports. It defaults to FAILOVER, which means it will piggyback off of one of the other interfaces if there's nothing connected to the IPMI port.
Screenshot attached… once you log in, go to Configuration > Network, scroll down and find this setting...
-
@virgiliomi:
You can probably build a better system (for pfSense) than that one, for probably about the same price.
Get a Supermicro Mini ITX Atom C2558 board ($260 on Amazon)
Get a mini-box M350 mini ITX case, DC-DC PSU, and power adapter ($70 from mini-box.com)
Get 4GB of Kingston ECC 1600 memory for the motherboard ($50 on Amazon)$380 (not including shipping and/or tax) will get you NEW equipment:
- A better processor - quad-core Rangeley Atom with AES-NI and QuickAssist and more power-efficient (15W vs 34W for the CPU)
- 4 ON-BOARD Intel gigabit NICs (vs 2 + 2 in the eBay system) PLUS a fifth for IPMI remote system management
- more RAM (4GB vs 1GB)
- fanless
- more compact
- etc…
BTW, that doesn't include a storage device... but that eBay system is just giving you a CF card for storage, so there's nothing great there. If you have a spare SATA laptop HDD or SSD, you'll be set.
You can definitely do better than that eBay system.
I don't know why people are so married to CF for storage. It's a seriously substandard architecture.
This: http://store.netgate.com/ADI/RCC-VE-4860-board.aspx has the same C2558 CPU, 8GB ram (which you're not going to get for $50 for the Supermicro) and a 4GB eMMC (way faster, way more reliable), and two more Ethernets for $406.00 q1.
