RE: [pfSense-discussion] hardware
I agree with Chris... We've deployed 50 ALIX boxes for a client and they are rock solid - decently fast for normal activities. If you're going to be doing squid or anything that requires some horsepower you might look toward something with more ram. For our central firewalls we find boxes like this and drop Flash IDE drives in them http://cgi.ebay.com/Rackable-1U-Server-Accelertech-HDAMA-Motherboard-2x- AMD_W0QQitemZ370071828988QQcmdZViewItem?hash=item370071828988_trkparms= 72%3A392|39%3A1|66%3A2|65%3A12_trksid=p3286.c0.m14.l1318 Sam Newnam Lead Solutions Engineer Apparent Source, LLC www.apparentsource.com 336-790-8780 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Buechler Sent: Thursday, July 31, 2008 1:55 AM To: discussion@pfsense.com Subject: Re: [pfSense-discussion] hardware On Thu, Jul 31, 2008 at 1:44 AM, Mark Dueck [EMAIL PROTECTED] wrote: Throughput will be minimal. From 512Kbps to 2Mbps max. I guess my biggest concern is stability. I have lab tested the Soekris 4801 with openVPN to have throughput of up to 3MB/s, so it should be fine for these locations, but I'm just a little unsure of a 'business critical' decision and wanted some input. I would probably go with ALIX hardware for such a deployment. I get the ALIX hardware I use from netgate.com and would recommend them. That'll push about 75 Mb of throughput, and about 10-12 Mb of VPN traffic based on numbers I have heard from others. I haven't had a chance to test max throughput on any of mine yet, they're definitely more than adequate for what you're looking to do and give you a good deal of scalability for the future.
Re: [pfSense-discussion] hardware
On Jul 30, 2008, at 7:54 PM, Chris Buechler wrote: On Thu, Jul 31, 2008 at 1:44 AM, Mark Dueck [EMAIL PROTECTED] wrote: Throughput will be minimal. From 512Kbps to 2Mbps max. I guess my biggest concern is stability. I have lab tested the Soekris 4801 with openVPN to have throughput of up to 3MB/s, so it should be fine for these locations, but I'm just a little unsure of a 'business critical' decision and wanted some input. I would probably go with ALIX hardware for such a deployment. I get the ALIX hardware I use from netgate.com and would recommend them. That'll push about 75 Mb of throughput, and about 10-12 Mb of VPN traffic based on numbers I have heard from others. I haven't had a chance to test max throughput on any of mine yet, they're definitely more than adequate for what you're looking to do and give you a good deal of scalability for the future. there exists some chance of patching freebsd to use the AES (aes128- only, natch) core on the LX700/800 for use by your VPN software. With that, your VPN throughput would be about what your non-VPN throughput would be, as long as you're happy that your only choice is aes128, of course. Here is some linux-fu: http://www.docunext.com/wiki/My_Notes_on_Patching_2.6.22_with_OCF The Geode LX also has a hw rng on-board, if you trust that kind of thing. jim
Re: [pfSense-discussion] hardware
On Thu, Jul 31, 2008 at 1:44 AM, Mark Dueck [EMAIL PROTECTED] wrote: Throughput will be minimal. From 512Kbps to 2Mbps max. I guess my biggest concern is stability. I have lab tested the Soekris 4801 with openVPN to have throughput of up to 3MB/s, so it should be fine for these locations, but I'm just a little unsure of a 'business critical' decision and wanted some input. I would probably go with ALIX hardware for such a deployment. I get the ALIX hardware I use from netgate.com and would recommend them. That'll push about 75 Mb of throughput, and about 10-12 Mb of VPN traffic based on numbers I have heard from others. I haven't had a chance to test max throughput on any of mine yet, they're definitely more than adequate for what you're looking to do and give you a good deal of scalability for the future.
RE: [pfSense-discussion] Hardware VPN Endpoints pfSense
FYI - I ended up using Netgear ProSafe FWG114Pv2 units and they work great connecting to a pfSense box via IPSec. Coming in at around $125, I can't complain... Ted Crow MCP/W2K Information Technology Manager Tuttle Services, Inc. (419) 228-6262 x 247 -Original Message- From: Ted Crow [mailto:[EMAIL PROTECTED] Sent: Monday, October 31, 2005 1:07 PM To: discussion@pfsense.com Subject: [pfSense-discussion] Hardware VPN Endpoints pfSense I am looking to replace the current hardware firewall/VPN endpoint (SonicWALL/Linksys) at my jobsites with something that actually works. I am currently eyeballing the Netgear FVS114. (I've had good luck with Netgear ProSafe line in the past) http://www.netgear.com/products/details/FVS114.php Does anyone have any favorites they can recommend that are known to work properly with pfSense 3DES/AES IPSec VPNs? I prefer to use cheap units (~$200) on jobsites due to the high theft and high damage potential. Ted Crow MCP/W2K Information Technology Manager Tuttle Services, Inc. (419) 228-6262 x 247