Pfsense harware advice/config?



  • Hey guys new to the forums and to pfsense/linux/networking in general.

    Been lurking in the forums for sometime and I am in need of advice on a few hardware options/configs. First off I've been running pfsense for close to a month already and have had only few minor issues which are now resolved. I only have snort and pfblockerNG installed and it's amazing to how much international "bad traffic" pfsense is blocking.

    Here is the current hardware I am running pfsense 2.2.4 on. I picked up an AIMB-270G2 really cheap for $60
    (specs)
    Intel Core i3-330M 2.13GHz 3M Cache Processor
    8GB PC3-8500 Ram
    Case: ThermaTake Core V1 $40
    PSU - Re-used Old Emachines OEM 250W

    In total I got everything for about $100.

    As stated ealier I am new to pfsense/linux in general and networking in general. I intend to use pfsense at home, right now I only have my pc hooked up to pfsense router but within the next few days I want to add a few more pc's, few PS3's an xbox1 and an ASUS RT-AC68U setup as an AP for multiple tablets/phones and maybe an additonal router also setup as an AP for guest when they come to visit. My original intent is/was to build a router to block ads across multiple wireless devices/pc's and during my research came across pfsense and it just made sense to me to that pfsense could do so much more.

    Honestly I don't know where to start, I don't want to make a huge first post but at the same time I want to be thorough to get the best advice for my needs/situation so I'll just number my questions.

    1. I know that the i3-330M doesn't support AES-NI, does this hinder or make pfsense less secure in anyway? I don't use a VPN at the moment but have been reading about the benefits on them and it's something I am interested in. My question here is would getting a used i5-520M that does support AES-NI be a better option?

    2. Since the mobo has dual gig intel NIC's already, would it be better for me to get a managed switch to add the additional PC's/devices to the network? Or would buying an intel quad port Nic and if so which would you guys recommend? The reason I ask is because I don't want the neither of the additional PC's/devices to "see" or have access to other pc's on the network. I already have Netgear GS108 dumb switch but from my understanding is these don't support vlan's. As I mentioned earlier I want to block ads on the mobile devices (Ipad/Android phones/tablets) and from my reading is that pfsense has limited abilities to do this specifically via packages can I get some advice on how to go about doing this?

    3. This kinda relates to #2 but I wanted to seperate it, I just wanted to be sure I understand this clearly or at least that I've understood what I've read so far on the forums. In essence everything that is hooked up to my pfsense box would benefit from all the packages I have installed on pfsense, meaning even though I would have the tablets/phones via an ASUS RT-AC68U setup as an AP and this AP is hooked to the pfsense box via a smart switch/quad NIC that these devices will get the same "treatment" as the PC's? Please correct me if I am wrong.

    4th. My last question is regarding the PSU/power consumption, I'm currently using a 250w PS that I pulled from an old working emachines pc that had a Celeron E1400 (65w TDP) which was not being used and the i3-330M has a TDP of 35w. Currently I only have the mobo and hardrive and one case fan connected to psu. Since pfsense will be running 24/7 a 250w PS is just to much to leave running 24/7. If I do upgrade to the i5-520M it which also has TDP of 35w what would be the minimum power supply wattage that I'd be able to get by? I've seen those pico power supplies like this one http://www.amazon.com/gp/product/B0081S1YEE linked in another thread here in the hardware section. What would you guys recommend?

    If you've made it this far into the post I really appreciate you guys taking the time to read it all and my thanks in advance for the help/advice given. If I've left any details out please don't hesitate to ask.

    ![05 - liCgmgs.jpg](/public/imported_attachments/1/05 - liCgmgs.jpg)
    ![05 - liCgmgs.jpg_thumb](/public/imported_attachments/1/05 - liCgmgs.jpg_thumb)
    ![03 - PdywQHm.jpg](/public/imported_attachments/1/03 - PdywQHm.jpg)
    ![03 - PdywQHm.jpg_thumb](/public/imported_attachments/1/03 - PdywQHm.jpg_thumb)



  • You will not face any problem with your PSU, except perhaps failure if it is very old but this is for sure powerful enough.
    i3 should handle one or two VPN quite easily ;-) your CPU is already more than enough for what you describe. Then it also depends on additional services you may run.
    for pfSense used as firewall, CPU will potentially limit network throughput (but you are very far from this  ;D) however if you add services like HTTP proxy, blacklists via Squidguard and anti-virus, Snort and/or stuff like this, this is another story.

    Then what you describe in term of computer "isolation" might not be directly related to pfSense but more to general network design where pfSense may play its own role. VLAN could be one direction.


Log in to reply