Looking for hardware recommendations



  • Looking at pfSense as an option to become the main firewall/Gateway into the office and as link to our other offices through a IPSEC VPN tunnel.

    What kind of hardware would I need to fit the following packages/other items?:

    -1Gb internet connection
    -IPSEC VPN tunnel to 3 other sites(2 of the other sites have 1Gb internet as well)
    -Captive portal for external wireless network authenticating to radius server on Domain Controller
    -Snort or Suricata
    -SquidGuard
    -Squid3
    -Sarg
    -OpenVPN Client Export Utility
    -OpenVPN Clients connected (allowing for expansion 75 devices if everyone was connected, probably normal connection of 5-10)
    -Working as router with 15 separate networks(multiple will only have a laptop in them for Port NATing based on location)
    -Allow for 8 or more network ports(will probably vlan the less used ones if needed)
    -Carp for failover
    -dual wan(much slower than primary only used if main goes down)

    Was thinking of comparing a Dell Server and a custom build but not sure how much power I need put put behind it to run all of it.

    How big do I need to go?  Could I just virtualize it on Hyper-V and be fine?

    Thanks for taking the time to read this.

    jammcla



  • You can virtualise anything provided you take into account the overhead.

    I would simply try virtualised first if you already have the hardware. 2 cores and about 6 gig of ram should get you going depending on the host and how much memory you want to give squid.

    You can always back up the config file and reinstall on metal if you need to



  • Looking around the offices I was unable to find enough resources to virtualize the box in all offices.  I decided to start looking though hardware and start pricing some gear out.

    Case:                Rosewill RSV-L4000
    Motherboard:    GIGABYTE GA-Z170X-Gaming 5
    CPU:                  Intel Core i7-6700
    RAM:                  G.SKILL Ripjaws 4 Series 32GB F4-2400C15Q-32GRK
    HDD:                  SAMSUNG 850 PRO 2.5" 256GB
    HDD Mount:        Rosewill RDRD-11004
    PSU:                    ENERMAX REVOLUTION X't ERX730AWT 730W
    Network Cards:  Intel E1G44HT Server Adapter

    Looking at 2 of the network cards and all prices on Newegg(Some prices were cheaper on Amazon but I did all price quotes on Newegg to keep same vendor) the price came out to $1580.

    Would this work(little worried due to the newness of some the gear and support of it driverwise)?  If we decided we needed more throughput than 1gb and got a 10gb connection and I added a 10gb network card should we be able to push more than 1gb out as long as it is coming from more than 1 1gb interface?



  • @jammcla:

    How big do I need to go?  Could I just virtualize it on Hyper-V and be fine?

    I'm really looking for someone able to explain to me why and how virtualization solves hardware sizing questions.
    I do understand why it help to define smaller virtual machine (and therefore the potential benefit of having multiple small VM hosted on same hardware) but when it comes to discuss something potentially large requiring significant amount f resources, virtualization as technical answer means that your host server has potentially "no limit" or, at the end, that it will host only one VM.

    I'm not saying here it has no added value, although VM for FW is very strange to me.



  • I would be looking at server grade hardware:

    3.8ghz broadwell xeon : http://ark.intel.com/products/88046/Intel-Xeon-Processor-E3-1285-v4-6M-Cache-3_50-GHz
    16 Gig of ram (1866Mhz - speed matters only when you're pushing multi gigabit)
    2x Samsung 850 pro drives (128 gig would be more than sufficient)
    Supermicro X10SAT ATX mainboard
    Chelsio 10 GB nic (2 port - eg t420 or t520)  - if you want to go 10GB

    As for why to virtualise:
    1. Live migration - Less downtime
    2. Snapshots - to test new settings with the ability to revert
    3. Backups of virtual machines are easier than full machines in general.
    4. Capitalise on hardware investment (more running on the same machine)
    5. Capitalise on bandwidth/networking hardware - multiple vms on the same machine means they can all share the same virtual switch, which typically is very fast, and they can all share a single connection to a switch.
    6. Upgrades/migrations are easier
    7. Ability to work out how much power/memory to devote, and then use the rest elsewhere..



  • I'm not saying here it has no added value, although VM for FW is very strange to me.

    Me too, but in some rarely cases, companies or their networks are growing up rapidly so that you
    are able then to let the Firewall grow up also fast as you might must be doing it. As an example:
    The Lanner FW-8896 Series is capable to handle many VMs and also sort them with many different
    LAN Port configurations.

    -Working as router with 15 separate networks(multiple will only have a laptop in them for Port NATing based on location)
    -Allow for 8 or more network ports(will probably vlan the less used ones if needed)

    ??? I really don´t know why not setting up a switch stack with some Layer3 Switches?
    Or some little, small or bigger MikroTik routers, for doing this job right.


Log in to reply