Hello everyone,
I am posting this to get your suggestion on what should I buy for my pfsense router upgrade. As our company will be expanding soon. I also have to keep myself ready. So right now I run pfsense on a intel dual core CPU with 4GB of ram and one tp link pci ethernet installed in it. So we are expanding and we will be having 2 buildings now and from start our server room is constructed differently in a small building just for IT infrastructure.
So I am planning to just put some more ram and buy a 2 port Ethernet pci and swapping the old one. But I am not sure how much load will be there. What you all guys suggest should I upgrade that pci to sfp ports or Ethernet ports will be fine ? Our internet is just 100mbps so nothing to go more on internet. Most stuff is shared locally, no big video sharing something. Only files and documents. Or I should just order a new device from netgate once we expand?
Not every company has money for just buying a Netgate device, it will take me two years to get hardware like this built into my budget at work, something I need to do.
I would suggest an Intel i350 card, but one of the older Pro1000 cards would also work with your internet connection speed. I’ve found that with a 4 port Pro1000, things would slow down when all four ports were working, datasheet says maximum 2.5gbps for the card. Hence the i350 suggestion. The two port i350 are usually fair priced and it might be worth buying a new card, but used will probably be fine too.
If it was a home user totally agreed. A business however, needs to adequately plan for Capital expenditure, for two routers to break the budget then that is not a viable business. The flip side is how much are they willing to spend to get back online ? Fire one person from HR to pay for 100 routers ! (Obviously I’m assuming this is an organisation and not a one man band !)
I agree that buying $3500 worth of equipment shouldn’t break the bank, but then I’m also arguing over $200 between buying something from a local business who will come install it and train us vs. a mail order who will drop ship from the manufacturer.
Yes I’ve really had this happen over $1 per license on software, taking away from the place that offered first level support and normally fixed the issue with that first level contact, to a place that had no local support. 80 licenses changed over $1 per. As I said, $1500 for a single device is going to take me 2 years to work into a budget to go from left over server to “network firewall appliance”. Took me three years to get the three servers I needed to run my domain, these replaced servers from 2012 (replaced in 2022). We only “found” the money for new switch gear campus wide because the old switches went end of support, end of software and finally had ports failing after again 10 years of service.
All that said, we keep “finding” money for the most trivial things and those of us that need to keep the place running watch it get flushed down the drain because it was a poorly formed plan. Life in other areas can be hard, and frustrating, especially some of the smaller non-profit businesses that are barely paying their management (not the big non-profit where execs get over a quarter million a year).
Bro I agree with your point. Frankly speaking I live in Canada, If I have to spend it for here I would have definitely go for it. But my company is in back home and over there to spend that much money I can’t do that. But I was just trying to save money if I can. I am running pfsense on this CPU from last 5 years no issue at all. Even I did not have installed SSD in it, running it on USB drives.
Also, right now I am having around 30 Devices on LAN and around 50 devices on Guest WiFi pretty small deployment.
I also agree with your point to go with netgate devices. Personally, sometimes this usb get failed and I have to re-image it again and staying here and guiding someone to do so is little bit hard.
Thanks for your suggestion. I will take a look for all of them and take a try. Also my fault that I did not shared the expected users that will be on network after the expansion. I am assuming that we will be having around 3 Servers and around 40-50 devices on LAN. Guest wifi I guess not more than 100 devices. So I am not sure what to do.
Totally agree bro. same situation as yours. It took me almost 7 years to bring this setup to have 2 managed POE switches 5 ubiquiti AP’s and 1 Pfsense running on a CPU.
A roll your own would be if you can find a good price on an HP T740 and good price on an Intel NIC to put inside, but prices on the T740 vary wildly since it is still a current product. If you can grab a new one in box for $200usd it’s a good deal and glad I grabbed a couple when I saw them at this price. Alternate might still be the HP T620 Plus with an Intel card installed, though this is getting a little old and slow (I have one that I used for several years).
Some people are using old used Sophos XG series as their starting point with either PFsense or OPNsense, I don’t know enough about them to make a suggestion.
Used Supermicro servers with an X9 main board are a maybe, as are their Atom C3xxx series processor main boards. You might find them used under the Brand name Hyve (x9 series). X10 main board is newer/better but more costly.
Or in the end, keep using what you have and install a good i350 card and maybe expand to 8gb of ram. That would let you see how much load you are really placing on the old hardware. The NIC card could be used in newer hardware, just make sure to buy one that has both low profile and full height brackets, you never know what you need until you buy a hardware upgrade so nice to have both brackets in hand. The dual core processor will eventually be a limiting factor, but should probably still be OK for 100mbps internet and light duty routing between the connections. If possible buy a 4 port NIC, gives you a little flexibility later if you need another port for something.