Help Setting up an enterprise network



  • Hey,

    I am setting up a network for around 800 users and planning to use pfsense based on my previous experience.

    I am planning to use a blade server to run pfsense. Can you suggest the best possible hardware and configuration for this?

    Thank you.



  • The brand new XG1540 from the pfSense shop would do the job and if you need it redundant then
    it would also be running with two of them also smooth.

    If money is rarely you could also set up two Hyper-V server (cluster) and then run the pfSense
    in a so called VM.



  • Thank you.

    Getting the device shipped to the place I live in and getting it cleared through the customs department would be very painful as time consuming.
    It would be easier to get a blade and setup the stack myself. Can you suggest me a model where pfsense will work without issues? I read in the forums that a few HP models have issues with the boot loader.



  • It would be easier to get a blade and setup the stack myself. Can you suggest me a model where pfsense will work without issues? I read in the forums that a few HP models have issues with the boot loader.

    I really think you could try out a Supermicro board where the Intel Xeon D-1540 SoC is soldered on, but there fore
    I would rather then waiting until some peoples where trying it out first, to be sure that you not running in a trap.

    Lanner has also some really wicked hardware, likes the FW-889x appliances, that could be matching, try
    out asking them first, because some of them getting BIOS problems running pfSense on them.

    At the moment the only well known appliance is from Supermicro with an Intel Xeon E3-12xxv3
    that would be really fast and stable running.

    1 x Supermicro Barbone

    • Intel Xeon E3-1230v3 4 Cores @3,3GHz
    • Comtech AHA363PCI or Intel I210-T1
    • 16 GB ECC RAM
    • 1 SSD

    For how many users this should be?
    What services you will be offering?
    DHCP,QoS, Snort, Squid, DPI, HAVP,…



  • Will definitely check them out.

    Are there any PFsense distributors in India from whom I can purchase pfsense devices? Does anyone happen to know



  • @BlueKobold:

    1 x Supermicro Barbone

    • Intel Xeon E3-1230v3 4 Cores @3,3GHz
    • Comtech AHA363PCI or Intel I210-T1
    • 16 GB ECC RAM
    • 1 SSD

    For how many users this should be?
    What services you will be offering?
    DHCP,QoS, Snort, Squid, DPI, HAVP,…

    The setup would be running anywhere between 600-800 users.
    About the services, it would be running a site-site VPN, DHCP, Squid, captive portal, qos, snort, havp



  • pfSense partners
    Have a look under India, it is a store located in Germany, but they are shipping world wide!

    Otherwise you could buy spare psart from supermicro and then fiddle out your self a box
    you like, either based on the Xeon D-1540 or Xeon E31230v3.



  • The setup would be running anywhere between 600-800 users.

    Then please better to run it in a VM, not only based on this numbers, but plus the
    told by you offered services it would be better in my eyes. If on the both VPN endpoints
    pfSense is used I would be really recommend a Comtech AHA363PCIe compression adapter.

    About the services, it would be running a site-site VPN, DHCP, Squid, captive portal, qos, snort, havp

    As telled above, then better to go with a Xeon E5-server and set it up in a VM. Also a Chelsio adapter could be good
    to offload the entire NAT work.



  • @BlueKobold:

    The setup would be running anywhere between 600-800 users.

    Then please better to run it in a VM, not only based on this numbers, but plus the
    told by you offered services it would be better in my eyes. If on the both VPN endpoints
    pfSense is used I would be really recommend a Comtech AHA363PCIe compression adapter.

    About the services, it would be running a site-site VPN, DHCP, Squid, captive portal, qos, snort, havp

    As telled above, then better to go with a Xeon E5-server and set it up in a VM. Also a Chelsio adapter could be good
    to offload the entire NAT work.

    What is the difference between running it on a VM vs bare metal? How does it affect the performance?



  • What is the difference between running it on a VM vs bare metal? How does it affect the performance?

    I personally love more running pfSense on bare metal, but if then you are maxing out the numbers and services
    you are in a trap!!! You must then take another hardware, but at a VM you can max up the entire things could
    really need to be updated. Let us imagine the following:

    E3-1230v3 with 8 ECC GB RAM
    Then you are able to upgrade to the maximum as;
    E3-1286v3 with 32 ECC RAM this is then the maximum nothing
    will be able to insert what gos higher, faster and more!

    But if you have a Server such as dual Xeon E5-26xxv3 with a huge amount of RAM
    and pfSense installed in a VM you will be able to give the VM more cores if needed
    and more RAM if needed! Or plain all Cores and RAM, this would be allow you more
    to install.

    For sure it would be better to have a Xeon E3-12xxv3 and a miniPCIe or PCIe card
    with an on board soldered ASIC/FPGA chip to utilize all the Firewall rules, IDS/IPS rules
    and queues for sure. Or let them do anything else it will be code for in the pfSense distro.


Log in to reply