Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - johnkeates

Pages: [1] 2 3 4 5 ... 62
Hardware / Re: Hardware Requirements small network
« on: Today at 08:54:08 am »
SG-1000 will do. Maybe add a switch and a USB stick for storage.

I see you like the minisys-4, what do you use the last 2 ports in the minisys to?

I have read ppl having trouble using a USB-NIC dongle but if that works for you, great.

Extra ports on my minisys port is currently unused, I didn't buy the 4 for the extra ports but the 2 ports version CPU didn't cut it for me, or doesn't have hardware AES. One use for those ports is if you want to create discrete separate subnets, but I see ppl here are big into VLANs which can mimic the same thing.

Sorry, but I don't understand. You bought a 2 port and it doesn't support AES or?

No, be bought the 4-port version, even while he only needed 2 ports. This is because the 2-port version has no AES-NI, but the 4-port version does. Having 2 unused ports is fine, having no AES-NI is stupid. So that's why :D

Hardware / Re: Network Card suggestions
« on: Today at 08:52:28 am »
I'd say, go with a setup that gives you 1 spare port, just in case you need it (i.e. expansion or breakage).

Hardware / Re: Network Card suggestions
« on: Yesterday at 07:54:35 pm »
The I350-T4 would be the card of choice. Get one refurbished for better pricing.

Keep in mind that adding a billion ports to a router doesn't always make a lot of sense, it is mostly useful for more bandwidth if you need it, or more ports if you need to have subnets for devices that have no VLAN support while also not having a switch with VLANs.

Do not use multiple network cards as a 'switch' by trying to bridge them together in software, the performance is horrible and it is not how a real switch actually works.

Hardware / Re: pfsense on 1 network/ethernet port PC using VLANS
« on: Yesterday at 06:02:14 pm »
Same here, often use the Qotom models with multiple ports but only really need 3 in most cases. WAN, LAN and Sync (for HA). Sometimes you want a dedicated management port if you want to be sure nobody gets access via the other networks. Sometimes you want multiple WAN links, that is when they are useful too. Sometimes you split subnets/VLANs over multiple interfaces to get more bandwidth in total.

Hardware / Re: Hardware Requirements small network
« on: Yesterday at 05:58:33 pm »
SG-1000 will do.

Hardware / Re: IBM x3650 M3
« on: Yesterday at 05:56:34 pm »
You can do that on a low-end i3 or Celeron as well.

Hardware / Re: Off the shelf recommendations
« on: March 18, 2018, 11:51:08 am »
Atom E3845.

The J1900 has no AES-NI and is way too old anyway. The Celeron would work if you don't do VPN, Snort or Squid.

Hardware / Re: Off the shelf recommendations
« on: March 18, 2018, 11:25:31 am »
Final question (at least I think it is)

Will the e3845 let me get my gigabit throughput from Verizon FIOS (if not using VPN).

Thanks again for all the help and input

Yep, plain gigabit routing + NAT will work on any CPU with AES-NI support as those are practically always new and fast enough to handle that.

Hardware / Re: Off the shelf recommendations
« on: March 18, 2018, 11:11:10 am »
That will be able to handle my VPN client setup also?

Yes, but depending on the used technology you will probably get about 650Mbit via VPN.

Hardware / Re: Off the shelf recommendations
« on: March 18, 2018, 10:36:19 am »
Appreciate the input...

Will an E3845 with 4 gig ram serve my purposes in a prebuilt box specific for pfsense

Thanks again

I think that might work, depending on how many Snort rules you use. For plain gigabit stuff it's fine. Not sure what you are running Squid for (modern web browsing doesn't benefit from Squid and actually makes things slower), unless you are on a capped connection for some reason.

Snort will basically work fine, but if you are going to do deep evaluation with a lot of rules, it would need a better CPU. This is true for any CPU, so as long as you don't expect to do full line rate Snort with 100 rules you'll be fine.

Hardware / Re: Off the shelf recommendations
« on: March 18, 2018, 09:35:04 am »
Thanks for the input.

So if I build my own machine to handle the info in my first post, I should go with at least and i5 quad core with minimum of 3.2gHz.  Do i need to use ECC memory or is NON-ECC ok?  4 gig ok?  I can go with an inexpensive hard drive, doesn't need to be SSD. And of course the all important 4 port Intel NIC. 

Thanks again for all the help

You could build your own but it is often not worth the time and research. Lenovo and Dell have SFF PC's that are often suitable. Office PC's have the advantage of often having more complete firmware than the consumer PC's, and often are assumed to work in a more static environment/workload.

Most self-builds are not going to get the same form-factor/performance/price/consumption numbers you get with Qotom or MiniSys hardware, and most premium builds don't get the guarantees and support you get with Netgate hardware. In between there is a range of systems like Office PC's and small server systems. i.e. the desktop-form-factor servers intended for small offices that have very few users.

Hardware / Re: Off the shelf recommendations
« on: March 18, 2018, 08:53:22 am »
Will this work for the configuration I mentioned above...

I know this is a full blown PC, but it has a good price right now.  I would totally format the drive and have it run pfsense only.  Would also install a four port intel NIC.

Thanks for the help.

Not sure about AMD. Try getting a system with an Intel CPU. While AMD probably works and probably has the AMD version of AES-NI, I have no experience there. Also, most of the newest AMD stuff isn't supported yet, just like the C3xxx series Intel SoCs.

Hardware / Re: pfsense on 1 network/ethernet port PC using VLANS
« on: March 18, 2018, 06:45:40 am »
Aha, I think I understand what you are trying to say.

If my network is 10/100 Mbit, then it would not be a problem, but if all or some devices are 1000 Mbit then it will, right?

Well, the issue is that a single port will limit routing speeds to the speed of that port. So a full-duplex 1Gbit port connected over PCIe will probably be fine in your situation (360/360 leaves 280/280 for everything else because 360 in from WAN, out to LAN twice = 4*360). If you aren't going to do any routing between subnets you will probably be fine. If you at some point want to get a faster network, 500/500 will already completely saturate that single interface.

Pages: [1] 2 3 4 5 ... 62