So we just took over a new property and they have a pretty big Unifi Network. But they had a USG4 and I absolutely hate USGs. They have about 12 switches and 200 aps. Averaging around 500 clients at a time. Not to big not to small. I wanted to put a solid Pfsense box and I bought this from Amazon . A AWOW.
Mini PC Intel Celeron J3455 6GB DDR4, 128 GB SATA SSD, Mini Desktop Computer with Windows 10 Pro, Quad Core, Dual Gigabit Ethernet NIC, Dual HDMI, 5X USB3.0, 4K UHD, Bluetooth, AWOW AK34 Micro PC.
Flashed it and installed the latest pfsense community edition: and initially it ran great. Gave out DHCP to all the clients and worked so well. I was happy!!
BUT… lol just from running normal Speedtest. (They have a Gig up and down circuit from ATT. The router would crash every time. I mean every time for about 2 minutes and sometimes just wouldn’t come back at all… if I bought to weak a box I understand (hurts but I understand. It was $200US) anyone care to help me understand what might of went wrong or how to find out. And if anyone could share from past experience maybe using a box like this and what the limits are
With those specs it should be able to route at a gig without crashing on me…
Are these Realtek NICs by any chance? If so try disableing all HW offloading features under System → Advanced → Networking.
I had a similar box from Zotac with Realtek NICs and they don’t play too well with pfSense / FreeBSD. However with HW offloading turned off, I was able to max out my gigabit line with standard routing. But don’t expect it to handle many VLANs though. When I tried this at the time, my box became completely unresponsive under high network load.
You have 500 clients and are using the firewall to hand out DHCP? I think you should have a domain controller to do a lot more things. Not suggesting that this is the problem, but better practice. If you don’t want Windows Server, try Zentyal development edition.
You could use a little more CPU for that kind of load, the newer J5xxx might be an idea but I would probably start looking for a small form factor PC with an Intel card installed. Something with an i5 or maybe the latest Atom processor, but you have a lot of clients and I would lean towards more power. Also give it a decent amount of RAM, like 8GB or maybe 16GB, yes people will say overkill, but do you want overkill or crashing?
SFF recommendations HP Elite Desk 800 G1, HP Elite Desk 800 G3, we had a lot of fan and power supply issues with the G2. Not long term yet, but I’m deploying HP Prodesk 600 G6 right now, they seem pretty nice except for the BIOS password… Do not mess up your BIOS password! It appears that there in no way to clear it if you don’t know it. “Bricked” a machine yesterday and I’m still trying to figure out how I typed the password wrong twice. Tried ever combo of shift, caps lock, etc. and still can’t get in. BIOS update did funny things so I think it just has a bad BIOS chip in it.
I also have used the HP T620 Plus, but I think it is really too “small” for your needs, this sits at my house and I could probably work with it at work if needed. Maybe a T730 with Intel card would do the job, but it also might be to low powered.
Could be. I had exactly the same issue on my Zotac CI323 after I added multiple VLANs, even with HW offloading disabled. After that I switched to a used SFF PC from HP, put an Intel four port PCI card in it and never had any issues ever since.
But make sure the one you buy has at least one PCIx4 slot in order to add another NIC. Most if not all of the 1L Mini PCs from HP, Dell, Lenovo do not have a PCI slot. Exceptions are the T730 and the T620 plus, but they are meant to be used as Thin Clients and therfore they have relatively weak CPUs. I would rather not recommend them for your usecase.
If you can go newer, it might be a better choice. Also look at similar specification Dell small form factor (SFF) as you might find good prices there too.
Used 1 rack unit servers with Xeon E5 in v2, v3, v4 would also be good. If Supermicro, go for X9 or newer, X8 and X7 are too old to be used for much longer.