PfSense Appliance with 4GB Storage - Squid + SquidGuard?
-
Need help determining if a pfSense appliance will work for me.
Existing Untangle whitebox is failing. Desperately trying to move to pfSense. The Appliances are the best way for me to go.
I need IPS/IDS, Webfilter, OpenVPN server, two VLANs, and reporting.
I can afford the new SG-2220 (2port) with 30GB storage, or the SG-2440 (4port) with only 4GB storage.
Two questions:
1. Will the Snort + Squid + Squidguard run OK on the SG-2440 with only 4GB storage? I can't find storage usage guidelines by Squid.2. Will the SG-2220 (2port) allow my main network to be untagged, and my VLAN (guest network) as tagged, from the single LAN port on the SG-2220?
-
I need IPS/IDS, Webfilter, OpenVPN server, two VLANs, and reporting.
I can afford the new SG-2220 (2port) with 30GB storage, or the SG-2440 (4port) with only 4GB storage.
I would go with the SG-2440 with a viewing eye forward to the entire throughput of the pfSense box.
Two questions:
1. Will the Snort + Squid + Squidguard run OK on the SG-2440 with only 4GB storage?pfSense on the 4 GB storage and a mSATA or SSD as a Squid cache would be fine.
I can't find storage usage guidelines by Squid.
Really rude Squid basics
Optimizing Squid .conf2. Will the SG-2220 (2port) allow my main network to be untagged, and my VLAN (guest network) as tagged, from the single LAN port on the SG-2220?
I really don´t know that, but for running all packets you´d like to do I´ll prefer to go by the SG-2440
pending on the port count also. -
I should mention this is only for 40-50 users.
When I take a step back, there is a $200 difference between the SG2220 and SG2440, for two extra network ports and 2GB extra RAM that I don't think I'd use. For 40 users it just seems excessive.
I don't want Squid for it's cache; I only want Squid so I can have SquidGuard for the Webfilter requirement.
So it's either the SG2440 with tiny 4GB storage and small Squid cache; or the SG2220 with 30GB storage.
I just don't know if Squid is ok with a small cache. If Squid must have a cache >4GB then my choice is clear. But still nothing tells me Squid's cache requirements…. ???
EDIT
Does Squid not use a cache directory by default? RAM-cache only, unless cache_dir is specified? If so, that might explain my problem ::) -
Forget about running Squid as cache on nanobsd installs. So yeah, the 4GB variant is not usable.
-
I should mention this is only for 40-50 users.
We both have a total different sight on that, sorry for that!
SG-2440 & USB cable & 30 GB mSATA
~$582 and running for 5 years minimum means for me:
$582 : 5 years = ~$116 for a year and then 116 : 12 month = ~$10 for each month and
then $10 : 40 employees = 0,25 for each nose and month but with some headroom upstairs
and enough ports + 1 years support on top! And if we go one step ahead with the SG-4860
or SG-8860 we talk about a real UTM device with no ocst for extra license fees!This is how I count on those devices. And please don´t forget if it is running 8 years we are
talking then about 1/3 cents for each nose but a powerful devices!When I take a step back, there is a $200 difference between the SG2220 and SG2440, for two extra network ports and 2GB extra RAM that I don't think I'd use. For 40 users it just seems excessive.
We are only xxxxx employees is not the point to start or jump in! We need this or this;
- functions
- options
- features
will be a good place to start first and then on top, we need this xxx; - throughput
- performance
for xxx years for our business!
I don't want Squid for it's cache; I only want Squid so I can have SquidGuard for the Webfilter requirement.
Please have a look under the first link I posted you, there are three different modes Squid can be run in.
So it's either the SG2440 with tiny 4GB storage and small Squid cache; or the SG2220 with 30GB storage.
I personally will be more tend to the SG-2440 and the 30 GB mSATA. Would be more a clean round up
and running for years for you.I just don't know if Squid is ok with a small cache. If Squid must have a cache >4GB then my choice is clear. But still nothing tells me Squid's cache requirements…. ???
I would prefer a full install on the mSATA and that´s it.
Does Squid not use a cache directory by default?
If and only if you want, you are able to combine the NanoBSD on the nand storage together with the
mSATA as the squid cache or install all on the mSATA and not using the Squid cache.RAM-cache only, unless cache_dir is specified? If so, that might explain my problem ::)
There are three modes Squid can be running in:
always
The mode always is used to keep all the most recently fetched objects that can fit in the
available space. This is the default mode used by Squid.disk
When the disk mode is set, only the objects which are already cached on a hard disk and have received
a HIT (meaning they were requested subsequently after being cached), will be stored in the memory cache.network
Only the objects which have been fetched from the network (including neighbors) are kept in the
memory cache, if the network mode is set. -
Hmm interesting. I will see if my management will go for the SG2440 + 30GB option.
Although most of my traffic will be https (which I understand cannot be proxied?), I'm unsure how much Squid would end up storing in its RAM- or HDD-cache.
Thanks for the assistance and approach, BlueKobold!