Hardware for PfSense

[Burner27]

I am looking at the below hardware for a PfSense router, but am wondering if it is under powered? I have Spectrum's top tier service (300 down/ 20 up); will be using Squid and other website filtering techniques available on PfSense. Will possibly be doing VPN down the road.

http://ipc.msi.com/product/pages/ipc/MS-9A65.html

If you think it is under powered, what specs do you recommend? Not opposed to building something either.

Thank you in advance.

 

[mxnerd]

pfSense's WiFi support is horrible, basically non existent. You need an AP or router turned AP to go with pfSense.

Don't know if J1900 is powerful enough, but get any model that does not come with built-in WiFi.

https://www.amazon.com/s/ref=nb_sb_ss_c_1_11?url=search-alias=computers&field-keywords=pfsense+mini+pc&sprefix=pfsense+min,computers,230&crid=2MNTW4HOGLZ1V&rh=n:541966,kfsense+mini+pc

https://www.amazon.com/s/ref=nb_sb_noss_1?url=search-alias=computers&field-keywords=pfsense+box&rh=n:541966,kfsense+box

 

[Burner27]

The one I was looking at doesn't come with a wifi module, and I was going to take your suggestion about a separate wap too. Is an atom based CPU better than a celeron?

 

[mxnerd]

Atom in my opinion just sucks. Nothing good about it.

Pay a visit to pfSense hardware subforum.

https://forum.pfsense.org/index.php?board=5.0

Also make sure on board LAN ports are supported.

 

[Burner27]

Does VioP impact cpu performance?

 

[Red Squirrel]

I was running Pfsense on a Pentium 3 server for a while. I got a 1U P3 box for free so figured I'd use it for that. It ran fine but the 2.x update made it struggle a bit. Basically I was just not getting the throughput I should. But that was a pentium 3. You should be fine with that hardware I'd imagine. I'm currently running mine on a core2duo based server box and it does fine. Though I want to look at a smaller form factor system at some point since it's overkill to be using a full blown PC machine for it and sucking up all that power.

I would keep it barebones, as in, firewall/router only. Use a separate AP system like Unifi for wifi.

 

[mxnerd]

Don't think VOIP will affect CPU performance at all for home user, unless you are running hundreds of connections for business use.

 

[Burner27]

I have a separate WAP for Wifi duties. just asking for hardware suggestions for router.

 

[Burner27]

http://www.firewallhardware.it/en/pfsense_selection_and_sizing.html


According to this website, i would be underpowered.

 

[master_shake_]

http://m.ebay.com/itm/142194241440?_mwBanner=1

Virtualize it.

 

[Burner27]

I have a 5820k with 32GB ram as my server. I would need an additional dual port NIC to run it virtualized. What do you recommend using as the host OS? ESX or hyperV?

 

[sdifox]

I have a 5820k with 32GB ram as my server. I would need an additional dual port NIC to run it virtualized. What do you recommend using as the host OS? ESX or hyperV?

Depends on your server os no?

 

[mxnerd]

ESX or hyperV?

It all depends on what you need or what you like, there is no definite answer.

You can experiment both and see. I'll go with ESXi since you will find tons of info on the internet.

 

[Burner27]

I would probably use HyperV since host OS is Server 2016. Is AES-NI a consideration? i saw that the J1900 celeron doesnt support those instructions. this is why i was considering virtualizing pfsense.

 

[sdifox]

I would probably use HyperV since host OS is Server 2016. Is AES-NI a consideration? i saw that the J1900 celeron doesnt support those instructions. this is why i was considering virtualizing pfsense.

If you are on server 2016 then definitely hyperv it. I am on 2012R2 and no issues with pfsense on hyperv. I am not running aes so cant help you on aes ni

 

[mxnerd]

You have Server 2016, just enable Hyper-V and install pfSense in a VM and you will know if pfSense VM can utilize the AES-NI feature.

If you can't handle just enabling Hyper-V and try to install a VM, you can't handle pfSense, it's way more complex than Hyper-V itself.

 

[sdifox]

You have Server 2016, just enable Hyper-V and install pfSense in a VM and you will know if pfSense VM can utilize the AES-NI feature.

If you can't handle just enabling Hyper-V and try to install a VM, you can't handle pfSense, it's way more complex than Hyper-V itself.

AES-NI works in hyperv, I just meant I don't use it so cannot comment on impact.

 

[mxnerd]

AES-NI works in hyperv, I just meqnt I don't use it so cannot comment on impact.

OK great. But I was talking to OP. I'm sorry if I made the impression that I was talking to you.

 

[sdifox]

OK great. But I was talking to OP. I'm sorry if I made the impression that I was talking to you.

Lulz quoted the wrong person sorry.

 

[Burner27]

You have Server 2016, just enable Hyper-V and install pfSense in a VM and you will know if pfSense VM can utilize the AES-NI feature.

If you can't handle just enabling Hyper-V and try to install a VM, you can't handle pfSense, it's way more complex than Hyper-V itself.

I already have other VMs on the machine so installing another one isnt a big deal. Just never thought of virtualizing it, Any pitfalls to be aware of?

 

[sdifox]

I already have other VMs on the machine so installing another one isnt a big deal. Just never thought of virtualizing it, Any pitfalls to be aware of?

Get intel nics if you dont have it already. You need at least two nics, one to wan, one to lan. Make the wan nic exclusive to pfsense vm. You could share the server's main nic as the pfsense lan port, but that would impact your main server's connectivity. Nics are cheap.

 

[Burner27]

Only other option I have is virtualize a Linux machine i use for Plex onto the 5820K machine and use the linux hardware for pfsense.

It's specs are as follows:

Intel 6700K
16GB DDR4
Samsung 960 Pro 512GB
Gigabyte Z170i Mobo
Seasonic 600w 80+ Platinum PSU


Overkill perhaps? LOL

 

[sdifox]

Only other option I have is virtualize a Linux machine i use for Plex onto the 5820K machine and use the linux hardware for pfsense.

It's specs are as follows:

Intel 6700K
16GB DDR4
Samsung 960 Pro 512GB
Gigabyte Z170i Mobo
Seasonic 600w 80+ Platinum PSU


Overkill perhaps? LOL

Or bare metal that box and host both plex and pfsense there. Also look at Sophos. Main reason I vmed plex is because I hate the hundred of thousands of small files it generates. Fucking stick it in a dbms already.

 

[Burner27]

So ESX that box and run Linux and pfsense? Hrmm that sounds interesting.

I thought Sophos has a 50 IP limitation?

 

[sdifox]

So ESX that box and run Linux and pfsense? Hrmm that sounds interesting.

I thought Sophos has a 50 IP limitation?

You need more than 50 ip at home then pfsense it is. Know that you need to manage esxi from a different box while in server 2016 you can manage hyperv from the same box.

Don't know what workload you have on the 5820K but it is more suited for vm host cuz more cores.