WTB: pfSense Appliance
- Thread starter coolrunnings82
- Start date
Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
OP, What is your use case?
What is your user base?
Is this for home or business?
Do you require VPN or UTM (IPS Rulesets) features or just basic routing?
These are factors to consider in sizing the hardware.
Here is a suitable box for pfsense:
Supermicro Intel Atom D525 Front 1U Rackmount Server | eBay
But that may not give enough oomph for you (depending on your needs).
What is your user base?
Is this for home or business?
Do you require VPN or UTM (IPS Rulesets) features or just basic routing?
These are factors to consider in sizing the hardware.
Here is a suitable box for pfsense:
Supermicro Intel Atom D525 Front 1U Rackmount Server | eBay
But that may not give enough oomph for you (depending on your needs).
I tried out Untangle on several occasions but no matter what hardware I threw at it, the performance impact and stability problems it introduced never made it viable for me. I LOVE the concept though - especially the integrated Adblock. pfSense, being more of a firewall than a UTM, has been super stable for use as a router though.
That is the exact model I've used at my home office for the last 2 years.
This is for a tiny financial services office with 3 full time users, and 15-20 occasional guests. The connection coming in will just be a 30 down / 5 up business cable connection. Just need firewalling, a couple VLANS, and routing for this customer. I'm thinking UTM functionality would likely interfere with the proprietary software their vendor uses. No current VPN need. If there were, is there a better solution you would recommend for a max of 1 remote user at a time?
Thanks for the link!
Something like this? http://www.servethehome.com/intel-atom-c2550-power-consumption-comparison/@Patrick if you're going to be taking down the server, any chance you could get some power consumption numbers on 2750, 2750 on 4c, and 2750, maybe on just a general integer load (ie avoiding any ASIC/instruction type acceleration) if your 2750 and 2550 boards are effectively the same but for processor (e.g. A1SAi-2750 and 2550); just move over the same RAM and SSD, maybe disable all the common stuff, LAN, etc? 2 core tests on both would be nice, but not pushing
But knowing if C2750 @4c is statistically power consumption equal to C2550 would make C2350 (using apples to apples) less interesting, especially since C2550 motherboards don't really leave a viable price point for C2350 server/whitebox boards. I think it's more a problem with Jx900 and S12xx series boards still around in inventory, creating a bottom limit+surcharge to what could be charged by SoC/MB OEMs. Many of those server-ish quality boards are sitting at $150, if not higher, which is where C2350 "would" be.
If they were to market a C2350 board and push it up to $190/200 (I think at $170 it still kills the inventory value of those boards) you come very close to charging $40 less than C2550, effectively giving people who aren't building in huge quantity the choice of 20% off the price of C2550 motherboard at the cost of 50% of the cycles.
That doesn't make sense (I'm guessing) to those SMB builders/integrators/soft appliance support people when they still have to price chassis and PSU and drives and wires - or from an electrical point of view, for deployment, say 12W of overhead per system with 8W (2550->2350) in savings at 50% core density. I suspect that's why 23xx is where it is - that is, not on end user sourceable motherboards (and on the flip side, why 27xx is so expensive, especially with 33% increase in TDP from 25xx giving 100% more cores).
If I were deploying 500 Rangeley boards, a $70-100 price difference would be huge, but for 1-6 boards, I care about power use only(ish), and turning on more cores down the line also is an investment in future proofing and delays upgrade costs. Heatsink would also probably be overspec'ed, so again more use/service life for the dollar, so totally justifiable.
Assuming that using BIOS to disable the cores is the same TDP as the C23/25xx equivalent of course
I do not have a C2350 though.
I ran pfsense for a while on a celeron 1037u based board with 4gb ddr3 and a dual port Intel Gbit nic. The threads I dug through at the pfsense forums seemed to indicated that I might have trouble doing SSL VPN at link speed (50/5 at the time) on an atom based board (no avoton at that time). The 1037u didn't seem to have any problem with it. I recently got tired of having to fiddle to make things work and tried untangle and sophos and settled on sophos. I like that things like web filtering and IDS/IPS that took quite a bit of configuration on pfsense just work in sophos. The 50 IP limit does worry me though. I upgraded to a 100/10 connection and then got a free bump to 150/20 (170/22 actual bandwidth) and the appliance couldn't keep up. I virtualized it since I already had a PE2950 w/dual l5420s and resources to spare. Figured its already on all the time, might as well visualize the UTM. Threw enough resources at it to negotiate SSL VPN at close to link speed and saved some power in the process.
Picked up a Supermicro 5017A-EF. On paper, this thing looks awesome and with the Alpha release of pfSense 2.2 it works but I can't get 2.1.4 to install for the life of me. Turns out that XHCI is disabled or not included in the versions built off of FreeBSD 8.3 and the USB 3.0 ports on this board don't allow usage as USB 2.0. So I basically have a server for which I have no use at this point. Anyone care to swap for a 1U Supermicro machine of comparable specs (or a tiny bit under) that runs PfSense in its current form? I'm sure I could muck around with getting this working with a USB 2.0 add on card and such but I just don't have time...
What about using the rear I/O USB 2.0 port(s)? Doesn't that one use http://www.servethehome.com/Server-detail/supermicro-a1sai-2750f-review/ ??? There are two ports under the IPMI LAN that are USB 2.0 native.
Hey - pfsense sells basically the same platform in its store Hardware Appliances Available in the pfSense Store
Gotta be something else going on here.
That's what I thought when I bought it but apparently it's not the case. It just has 2x USB 3.0 ports, no USB 2.0 ports at all. There's a thread here documenting the problems:
Supermicro X9SBAA-F
It explains how to get it working in some of the later threads but I haven't had time to try all that out.