Netgate SG-1000 microFirewall

Author Topic: Squid / Snort on same box w PFSense: Good/Bad idea  (Read 4298 times)

0 Members and 1 Guest are viewing this topic.

Offline edziffel

  • Newbie
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Squid / Snort on same box w PFSense: Good/Bad idea
« on: May 12, 2012, 01:18:25 am »
Planning a new network using PFSense router functionality. 

Trying to get a grip on the does and don'ts.  Have seen conflicting opinions as to whether it is a good idea or a bad idea to have multiple programs/servers on the same machine.

Are there issues/concerns with running Squid and Snort on a dedicated PFsense machine.  P4 dual core 2.8 ghz cpu, 2gig ram, over kill size HD. 

Ed.

Offline Cry Havok

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2818
  • Karma: +5/-0
  • Backup: n. What you should have done yesterday.
    • View Profile
Re: Squid / Snort on same box w PFSense: Good/Bad idea
« Reply #1 on: May 12, 2012, 04:39:12 am »
What's your bandwidth and typical packets per second (pps)?

I'd certainly look to at least double the RAM, just for Snort alone, more if you can install it (8 GB would be good).
If you're planning on PMing me to ask me to look at a thread, or for individual support, don't.

Offline edziffel

  • Newbie
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: Squid / Snort on same box w PFSense: Good/Bad idea
« Reply #2 on: May 13, 2012, 11:29:29 pm »
Cry Havok

Thanks for the reply.

Not sure about the bandwith requirements.   Get multi gigabyte data transfers but not a lot of web surfing.

Long story short: going to get a new motherboard with more PCI slots for NICs for the main office, which probably means a new CPU and memory.     

Is there some kind of rule of thumb for CPU/MEMORY/PACKETS /second  using PFSense, Squid and Snort?  Would help in specing the new hardware. 


Offline Cry Havok

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2818
  • Karma: +5/-0
  • Backup: n. What you should have done yesterday.
    • View Profile
Re: Squid / Snort on same box w PFSense: Good/Bad idea
« Reply #3 on: May 14, 2012, 01:27:23 am »
Start here and add another GB or so for Squid.

Snort unfortunately is more complex since it depends on how you configure it. You can tune it to run on something low end, or it can max out a quad core 3 GHz box with 4 GB of RAM, all by itself. Snort's own lists and documentation can probably give you some hints, but you'll need to understand your traffic profile before you start.
If you're planning on PMing me to ask me to look at a thread, or for individual support, don't.

Offline edziffel

  • Newbie
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: Squid / Snort on same box w PFSense: Good/Bad idea
« Reply #4 on: May 14, 2012, 05:37:01 pm »
Thanks Cry Havok,

Actually had read the material in the link previously, but was not aware of Snort requirements. 

To the good is that won't have to break out a slide rule or an abacus to figure it out.  Memory is cheap.  Have to get a new motherboard and a quad 3.x cpu isn't gong to break the bank. 
 
Good to have to plan.  This may have saved me hours of pointless redos.

Thanks again.

Ed