Netgate Store

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Patrick_

Pages: [1] 2 3 4 5 ... 12
1
General Questions / Re: Ping spikes on new install
« on: January 25, 2018, 08:11:03 pm »
The particular board in question unless your running has a pair of RTL8111GR based nics on it which "should" work. That being said the standard answer to rule it out is try switching over to using Intel nics...FreeBSD drivers for those nics are just that much better, there's also better quality control during fab.

On the lan side when start seeing latency issues start removing hops until it's stable. What kind of switch & AP are you using? Are you running on the 2.4GHz or 5GHz band? Check for other devices broadcasting on the same channel. Period 100ms latency spikes given the original could be anything from a buggy switch firmware, buggy drivers, crap nics, failing AP, DC motor interference, microwave ovens, neighborhood AP's on the same channel, or flaky MBP wireless cards (PITA) depending on the year.


2
Messages from the pfSense Team / Re: An update on Meltdown and Spectre
« on: January 25, 2018, 07:51:35 pm »
The FreeBSD developers will likely wait a bit before starting the backport of these patches to both FreeBSD 11 and 10. Once these backports are available, snapshots including the fixes will only be available for pfSense® 2.4.x and amd64 architecture.
Again, why is that?

First revision of patches from Intel were buggy and causing all sorts of fun. Once they have a stable fix that they are more or less happy with then the back-porting will start likely.

3
General Questions / Re: Admin password changed itself. Twice. Yes it did.
« on: January 25, 2018, 07:47:43 pm »
Imo if your stuck with the hardware, wipe the drive (make sure all partitions are wiped) and do a fresh install. In theory the config backup "should" be ok, but since someone is already to be know to jack with the os install....i'd just take some screenshots of your config and build it up from scratch. If your suspicious of any bios-level modifications after a fresh install leave it in a corner powered on with the auto-updating disabled and start sniffing it's wan port for a week. As others have mentioned, Netgate hardware is there and works well (beyond being clean).

FWIW, Netgate does sell some offerings on Amazon (a suggestion for Netgate, you may want to add the higher end models there...even if at an adjusted price level to cover the Amazon "tax" so the sales page can provide some detail around the licensing and how some 3rd party sellers are doing shady things).

As someone who has been using x86 builds of pfSense for almost 13 years (now I feel old) the ARM solutions were originally design for cost and power considerations. They scale much better than before but in larger deployments the x86 (now x64) builds scale better (Netgate does offer both of these as well as support offerings if you need it).

..But when will the community learn that hardware sales are what pays for the engineering time and talent, the testing, the documentation, and the infrastructure (on-line and offline) that goes into making pfSense software available to them?

Historically this wasn't case, as time has evolved this has become the case. For a product that was originally designed as a fork of mono with a much better interface and a more modern underlying kernel (FreeBSD 4.x driver support was horrible) it was never originally a commercial offering. This came later initially with stickers, hats, shirts, ect and expanded from there to where  it is today. Netgate has always provided a decent value add for businesses who needed active support contracts and an off the self solution (IMO).

4
Installation and Upgrades / Re: Project TMG to pfSense?
« on: November 02, 2015, 10:03:01 pm »
Can it do everything, yes. As stated before the backend reporting is a bit light IMO (it gets better with every rev). Paid support in state-side, there is no 6-levels of supports....if it's more involved, you talk with the developers 1/2 the time.


5
Hardware / Re: Any guidance with TippingPoint S10?
« on: March 16, 2015, 08:40:19 am »
TP's OS is based upon redhat/fedora Linux (unless they've changed it)...it use to run the stock images and has since been re-skinned for a bit of background. The controllers you have on that box are PC82573L's (http://www.intel.com/content/dam/doc/datasheet/82573-gbe-controllers-datasheet.pdf), as usual they like older controllers. The 82573L controller was first released almost 10-yrs ago. Take a look at (https://downloadcenter.intel.com/download/17509/Network-Adapter-Gigabit-Base-Driver-for-FreeBSD-) for the current version of the drivers, though they were designed for the FreeBSD 9.x kernel.

6
Overkill for smaller installs, even the 4-core variant. But yes, if you actually can utilize those 10GB interface, it hopefully will be able to keep up. The 8-core variant I'm here is somewhere around the $800-$1,000 price point, no specific dollar amount has been said about the 4-core board complete....though CPU list price is just under $400 less which would put the starting price around $400 (Avoton replacement?? just not atom) without 10GB...add probably an extra $80-100 for the 10GB.

I'm waiting for a few vendors to get on-board in Q2/Q3 and offer 1U barebone shallow-depth setups....pretty snazzy.

7
Hardware / Re: pfSense with Gigabyte GA-J1900N-D3V
« on: September 05, 2014, 01:17:27 pm »
The only drawback is that it's PCI and not PCIe if you want to add a dual or quad network card. A regular pci slot can handle one gigabit without trouble. But perhaps it's academic anyway since there are usually data bottlenecks elsewhere in the chipset and the cpu.

In theory one could use the mini-pcie slot available. There are adapters out to pin-covert it to a pci-e 1x slot (http://amzn.com/B00JIV9AZS) which then you can use any multi-port pci-e nic that is in a 1x form factor.

8
Hardware / Re: pfSense with Gigabyte GA-J1900N-D3V
« on: September 05, 2014, 01:05:32 pm »
Due to the problems with the nic on bare-metal pfSense I've decided to use esxi and run pfSense on top of that. As it turns out this is something I should've done right from the beginning, it works perfect.

Have you run into any issues after you've had some time with this config? What kind of link do you have it connected to? What kind of CPU usage? How's the power consumption?


I've used this method in the past to get around some driver issues and didn't have any issues before...then again I was on 0.7.1 with ESX 3.5 (it's been a few years).

9
Hardware / Re: Pfsense installation on Watchguard 700
« on: June 21, 2013, 06:33:03 am »
The 700 is still x86-based, K6-2 233mhz if memory serves. It has been attempted in the passed (http://forum.pfsense.org/index.php?topic=27253.0;prev_next=next) but was noted to be too slow.

11
Hardware / Re: Building a PFSense router to host over 100 people
« on: June 20, 2013, 09:03:48 pm »
Not sure why you'd be worried about getting DDOS'd, unless your sitting on a routable class-B or larger it's very unlikely unless you are messing with the wrong people.

As far as hardware unless your doing Snort or Squid you really don't need that powerful of a box. If excluding those to options I've held up 100MB business links running pfSense on boxes you would be throwing away these days. *cough cough* P3 933mhz + 512MB ram, granted more modern releases of FreeBSD are slightly more resource intensive, I've had no problems running it currently with 1vCPU and 768MB ram under VMware....Yes a VM in production and it works just fine.

CPU:
If your really worried I'd probably go with an i3-3220 which is likely overkill (G2020 should be good enough, really looking at the 55w TDP)...if your doing Snort at line speed it really depends on your WAN link. On gig+ links with 2000+ clients banging away at it your looking at westmere xeons unless you want to do some port-mirroring.

Ram:
4GB would be plenty for most things and cover you down the road. If you are planning on Squid then 8GB, but make sure the motherboard can take 16GB down the road in case load increases.

NIC:
As tirsojrp said, pickup a used dual port Intel Pro1000/PT PCI-E adapter off Ebay....should be $30 or less shipped. A lot cheaper than new, and a lot higher quality.

Storage:
CF works but I would go with a regular USB thumb drive, USB2 drives seem to boot quicker.

PSU:
Always get a high quality PSU, being cheap can cause all sorts of issues from higher failure rates to odd voltage outputs and fluctuations.


Worth mentioning as no one else has asked. "Huge LAN parties...will go on the fritz", what kind of switching is he running? I wouldn't recommend running 100 seat lan parties off netgear switches, no offense they have their place but when you care about latency and have a large network...I would go with something of a bit higher grade.


12
General Questions / Re: Intel Nic (em) High Cpu Usage
« on: June 17, 2013, 10:00:28 pm »
What Intel NIC's are you using? What is is plugging into?

Duplex mismatch or bad patch cord?

13
Depending on the brand of cable modem provided.. ie if it's Motorola I wouldn't be using 192.168.100.x/24 on your internal network as it's also used by the modem and can cause issues.

14
Depends on switching, bandwidth throughput, ect...

Low bandwidth + managed switches = Assuming the networks are on separate vlans, a pair of interfaces and using vlan separation.
Low(100MB)/Medium(1GB) bandwidth + unmanaged switches = 7 interfaces one for each network + one to the Cisco.
1GB+ then a LAAG configuration or 10GB nics.

Why not just use pfSense as the firewall and default gateway?  ...wouldn't be the first time a 5xx/2xxx/3xxx series router was replaced by a pfSense box;)



15
Routing and Multi WAN / Re: PROBLEM ON WATCHGUARD FIREBOX XTM 330
« on: June 17, 2013, 09:45:52 pm »
What version are you running? Are you currently running any custom static routes?

Pages: [1] 2 3 4 5 ... 12