The pfSense Store

Author Topic: Please suggest recommended hardware and suggestions for Pfsense  (Read 1680 times)

0 Members and 1 Guest are viewing this topic.

Offline amitaussie

  • Newbie
  • *
  • Posts: 5
    • View Profile
Dear Gurus,

We are planing to implement Pfsense 2.0.1 64bit version (first with Oracle VM and if performance degrades then without virtualization) with below scenario at three locations.

Registered Pfsense Users=Min. 4000 (using Local database as Radius may not able to provide the option to users to change their passwords on their own as Local database gives this option)

VLANS=30 Nos

Expected concurrent users=300-500

ISP Bandwidth= 100-150 Mbps

Transparent Squid
Squid Guard or SNORT
Captive Portal
2 or 3 WAN Link with Load Balance
HAVP anti virus
Sarg Reports

Please suggest, We are planing to buy HP DL180 G6 or HP DL380 G6 servers (03 No.s for 3 different locations) with below configuration

Processors- (Two) Intel® Xeon® X5660 (2.80GHz/6-core/12/95W) With Cache Memory-12MB
Memory- 32Gb (8 x 4GB) PC3-10600R (DDR3-1333) Registered DIMMs,
Storage Controller- HP Smart Array P410i/1G FBWC Controller.
Hard Disk- 3.5 inch, 600GB, 6G, SAS, 15K, 04 No.s (2.4 TB Total Capacity)

Network Controller- min. required 4 ports of Gigabit

Please suggest me a network card from the link under "Gigabit Ethernet/FlexFabric adapters" option;
http://h18004.www1.hp.com/products/servers/networking/index-nic.html

There is one more network card which is not mentioned in the above link it is HP NC362i (i= integrated in motherboard), it is an Intel 82576 controller based card (may be it is, Intel Gigabit ET Dual Port Server Adapter (82576)). HP NC362i is only available as an integrated one in motherboard, not as an add on card. So if  we go for this card then we have to buy Servers with dual integrated cards for min 4 G ports and in future if we need an extra NIC then again we have to go for some different card.

So please suggest me a Gigabit NIC with Dual/Quad ports which can work flawlessly and do suggest an alternative to any problem you see in the above post regarding design or implementation etc.

Regards

Offline stephenw10

  • Hero Member
  • *****
  • Posts: 8070
    • View Profile
Re: Please suggest recommended hardware and suggestions for Pfsense
« Reply #1 on: July 29, 2012, 02:51:40 pm »
If you are running virtualised then you only need the host OS to support this hardware.
Your specified hardware is more than capable of handling your bandwidth requirements.

Why have you specified "Squid Guard or SNORT" ?
These provide very different functions.

Steve

Offline dhatz

  • Hero Member
  • *****
  • Posts: 1002
    • View Profile
Re: Please suggest recommended hardware and suggestions for Pfsense
« Reply #2 on: July 29, 2012, 06:55:07 pm »
Registered Pfsense Users=Min. 4000 (using Local database as Radius may not able to provide the option to users to change their passwords on their own as Local database gives this option)

Hmm, are you going to give your 4000+ users access to the pfSense webGUI to change their passwords on their own?

Anyway, if I understand you correctly, you want to use pfsense's CP to authenticate users, then use Squid/SquidGuard/Sarg/HAVP/Snort to mitigate network threats and log usage. Generally speaking, for a load of ~500 concurrent users I'd split the functionality: run router/firewall on pfsense VM & transparent proxy on another system (note: I understand that virtualized FreeBSD's disk i/o performance is rather problematic).