Jump to content

Processor for pfSense Build

fritzgoesrawr
Go to solution Solved by braneopbru,

Running Snort and Webfilters on traffic for 40 workstations and 5 servers is going to use a fair bit of horsepower. Running OpenVPN will also tax your CPU a fair bit, but that also depends if all five users are going to be connected at once and how much traffic they are actually pulling through the VPN. You also NEED to get a CPU that supports AES-NI so you can do hardware accelerated encryption of OpenVPN traffic.

 

I would recommend something along the lines of a Xeon e3 CPU. I'm running a Supermicro 1u server with a Xeon E31220 quad core that I scored on ebay for about $180 US. If you are not in a huge rush to get it running, I would suggest keeping an eye out on ebay.

 

For example:

 

http://www.ebay.ca/itm/Dell-Poweredge-R210-II-Core-E3-E31220-3-10GHz-4GB-1U-Ultra-Compact-Server-/272027947233?hash=item3f562110e1:g:-FsAAOSw9mFWKvFr

Hi, I am planning to build a pfSense box for a small business environment. I would like to know if the AMD Athlon 5350 2.05GHz Quad-Core is a good choice for our environment, if not kindly suggest me a better processor or possibly a better build.

 

The budget allocated for this project is just $270 only. Also, please consider the following details for your reference:

  • Workstations = 40
  • Internal Servers = 5
  • Servers in DMZ = 2
  • OpenVPN = Max of 5 sessions.
  • Webfilter = Yes
  • Snort = Yes
  • ClamAV = Maybe?
  • Internal Routing = No, our layer 3 switch handles the routing in our internal network except going to the DMZ.
  • NAT = YES

 

Thank You! :D

"Cough, Cough, Cough"

Link to comment
Share on other sites

Link to post
Share on other sites

Hey,

First of all you investing so much into that. Im using now sophos, but pfsense can run on any low end proccessor. i5-2500k, or q6600 will dot he job, 4gb of ram is plenty too. Maybe get an 120gb ssd, but i don't think that's needed. Second this cpu is very bad for it, read some articles it's bad, i mean super slow for that. Better get dual core intel, it will do the job better.

 

Im using now sophos UTM on:

CPU: Core 2 Duo e8400

RAM: 6gb DDR2

HDD: some old 120gb sata 1

Motherboard: DP35DP Intel

NIC: 1gb/s intergrated, 2x 1gb/s external.

And router as wifi access point

 

Overall power consumption: ~50watts, idle. ~80 watts full load.

 

I have 4 PC on 1gb/s. and other 3 on router 300mb/s ports, around 10 wi-fi devices, cpu never goes more than 6%, ram around 20-25%.

This is sophos example ehich uses alot more power, pfsense can run into even older hardware without any problems :)

post-271418-0-83578000-1448293958_thumb.

post-271418-0-80544300-1448294141_thumb.

Link to comment
Share on other sites

Link to post
Share on other sites

Shouldn't require a lot of cpu power. Only things that would put any meaningful load would be ClamAV and Snort. Rather nice that the CPU supports ecc also.

Link to comment
Share on other sites

Link to post
Share on other sites

Hey,

First of all you investing so much into that. Im using now sophos, but pfsense can run on any low end proccessor. i5-2500k, or q6600 will dot he job, 4gb of ram is plenty too. Maybe get an 120gb ssd, but i don't think that's needed. Second this cpu is very bad for it, read some articles it's bad, i mean super slow for that. Better get dual core intel, it will do the job better.

 

Im using now sophos UTM on:

CPU: Core 2 Duo e8400

RAM: 6gb DDR2

HDD: some old 120gb sata 1

Motherboard: DP35DP Intel

NIC: 1gb/s intergrated, 2x 1gb/s external.

And router as wifi access point

 

Overall power consumption: ~50watts, idle. ~80 watts full load.

 

I have 4 PC on 1gb/s. and other 3 on router 300mb/s ports, around 10 wi-fi devices, cpu never goes more than 6%, ram around 20-25%.

This is sophos example ehich uses alot more power, pfsense can run into even older hardware without any problems :)

DO NOT Get an SSD, since it has limited writes it won't last long, HDDs are better for pfSense UNLESS you are running embedded pfSense which you shouldn't do unless you HAVE to use an SSD.

00110000 00110001 00110000 00110000 00110000 00110000 00110001 00110000 00100000 00110000 00110001 00110001 00110000 00110001 00110001 00110001 00110001 00100000 00110000 00110001 00110001 00110001 00110000 00110000 00110001 00110000 00100000 00110000 00110001 00110001 00110000 00110000 00110001 00110000 00110000 00100000 00110000 00110001 00110001 00110000 00110000 00110001 00110000 00110001 00100000 00110000 00110001 00110001 00110000 00110001 00110001 00110000 00110001 

Link to comment
Share on other sites

Link to post
Share on other sites

DO NOT Get an SSD, since it has limited writes it won't last long, HDDs are better for pfSense UNLESS you are running embedded pfSense which you shouldn't do unless you HAVE to use an SSD.

Yup my bad ;D

Link to comment
Share on other sites

Link to post
Share on other sites

Yup my bad ;D

We all make mistakes, I was going to put one in mine until I dug up a thread on the pfSense forums.

00110000 00110001 00110000 00110000 00110000 00110000 00110001 00110000 00100000 00110000 00110001 00110001 00110000 00110001 00110001 00110001 00110001 00100000 00110000 00110001 00110001 00110001 00110000 00110000 00110001 00110000 00100000 00110000 00110001 00110001 00110000 00110000 00110001 00110000 00110000 00100000 00110000 00110001 00110001 00110000 00110000 00110001 00110000 00110001 00100000 00110000 00110001 00110001 00110000 00110001 00110001 00110000 00110001 

Link to comment
Share on other sites

Link to post
Share on other sites

Not answering your question, but is there a reason why you want to go with a PFSense box instead of a more traditional router? You could save $170 and get a Ubiquiti EdgeRouter Lite, which will not only perform better, but also provide better stability for your network (no hardware compatibility issues, real support if something goes wrong, warranty, etc).

15" MBP TB

AMD 5800X | Gigabyte Aorus Master | EVGA 2060 KO Ultra | Define 7 || Blade Server: Intel 3570k | GD65 | Corsair C70 | 13TB

Link to comment
Share on other sites

Link to post
Share on other sites

Not answering your question, but is there a reason why you want to go with a PFSense box instead of a more traditional router? You could save $170 and get a Ubiquiti EdgeRouter Lite, which will not only perform better, but also provide better stability for your network (no hardware compatibility issues, real support if something goes wrong, warranty, etc).

 

Main reason is I need to regulate our bandwidth usage by implementing web filter rules and to set up dedicated bandwidth per network using QoS. Second is VPN for our partners' remote access because I don't like using third party VPN software, and so I could troubleshoot at home. :D. Other reason is IDS/IPS and Gateway Antivirus. I forgot to include captive portal above, the management wants to give WiFi access to our clients.

 

In my previous office I'm using Fortinet and Cyberoam UTM appliances but my current employer can't afford any commercial UTM right now and I don't know any cheaper alternative. I only know of pfSense and Untangle. I'm also aware that it won't be able to compete with the commercial UTM's feature and performance, but it's better to have it than nothing. It's an upgrade to our current production setup (DD-WRT, Yes I know). :( 

 

I'm currently looking for reviews on Mikrotik devices, and also considering your suggestion as another option if it fit my requirements. :lol:

 

Thank You!

"Cough, Cough, Cough"

Link to comment
Share on other sites

Link to post
Share on other sites

18 core xeon

256 GB EEC DDR4 RAM

a gold plated case

We've now got three different subjects going on, an Asian fox and motorbike fetish, two guys talking about Norway invasions and then some other people talking about body building... This thread is turning into a free for all fetish infested Norwegian circle jerk.

Link to comment
Share on other sites

Link to post
Share on other sites

18 core xeon

256 GB EEC DDR4 RAM

a gold plated case

That router would be used in US government :D

Link to comment
Share on other sites

Link to post
Share on other sites

Running Snort and Webfilters on traffic for 40 workstations and 5 servers is going to use a fair bit of horsepower. Running OpenVPN will also tax your CPU a fair bit, but that also depends if all five users are going to be connected at once and how much traffic they are actually pulling through the VPN. You also NEED to get a CPU that supports AES-NI so you can do hardware accelerated encryption of OpenVPN traffic.

 

I would recommend something along the lines of a Xeon e3 CPU. I'm running a Supermicro 1u server with a Xeon E31220 quad core that I scored on ebay for about $180 US. If you are not in a huge rush to get it running, I would suggest keeping an eye out on ebay.

 

For example:

 

http://www.ebay.ca/itm/Dell-Poweredge-R210-II-Core-E3-E31220-3-10GHz-4GB-1U-Ultra-Compact-Server-/272027947233?hash=item3f562110e1:g:-FsAAOSw9mFWKvFr

Link to comment
Share on other sites

Link to post
Share on other sites

Running Snort and Webfilters on traffic for 40 workstations and 5 servers is going to use a fair bit of horsepower. Running OpenVPN will also tax your CPU a fair bit, but that also depends if all five users are going to be connected at once and how much traffic they are actually pulling through the VPN. You also NEED to get a CPU that supports AES-NI so you can do hardware accelerated encryption of OpenVPN traffic.

 

I would recommend something along the lines of a Xeon e3 CPU. I'm running a Supermicro 1u server with a Xeon E31220 quad core that I scored on ebay for about $180 US. If you are not in a huge rush to get it running, I would suggest keeping an eye out on ebay.

 

For example:

 

http://www.ebay.ca/itm/Dell-Poweredge-R210-II-Core-E3-E31220-3-10GHz-4GB-1U-Ultra-Compact-Server-/272027947233?hash=item3f562110e1:g:-FsAAOSw9mFWKvFr

A pfsense box will not need that much juice. I am currently running a pfsense box for a client that has 24/7 ipsec site-to-site and over 30 ws almost constantly downloading and uploading. It only has an old quad core lga 775 cpu in it and almost never peaks at 10%. Im not sure how an ssd would be bad because pfsense runs mainly off of ram. In general, ssds are way more reliable than hdds because even though they only have a certain number of read/writes, an hdd will die before an ssd reaches its limits.

My native language is C++

Link to comment
Share on other sites

Link to post
Share on other sites

Closing this topic now. Thanks for all your help. We found a used Dell Poweredge R310 server with Xeon E3-E5507 and 4GB RAM and already bought it. I hope we made the right decision and hope it will serve us well and not to die soon enough. :D

"Cough, Cough, Cough"

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×