I need help for the HW for a Small office router/firewall

I need to upgrade the network of my company (12 workstations on a gigabit network) at the moment we’re connected to the building network/WiFi (we have a switch in our office that is connected to the main network of the building) but due to regulation and certification, we need to install a router/firewall and have our internal WiFi with a guest network.
My plan is to use a Pfsense and googling around I’ve stumbled upon the Dell PowerEdge R210 II and my plan is to put one of this server between the main building network and the switch I still have some doubt’s about this mainly:

  • I’m pretty sure the Dell PowerEdge R210 II is overpowered for this use case but considering that my company is growing I would like to start making some experience now that I have some room for errors, but I’m worried that the R210 is it TOO overpowered.
  • what would be the best option for the two WiFi network I’ll need? I’m not sure if buy a wifi card or a card with 4 nic and attach a couple of access point to that card.

On the pfsense side of things, have you considered any of their hardware offerings?

The SG-3100 is pretty nice, it is a little odd due to its integrated switch (that can do VLANs) however is a very low power device (6W idle).

You could easily get something a little beefier like the XG-7100 as that has some nice expansion options in future (10Gb SFP).

As for WiFi, I always side with Ubiquiti APs. They’re nice and simple to use, the configuration/management tool is simple yet has a nice amount of information within it (even more if you use more of the eco system). They do multi-SSID with VLAN so you can segregate traffic and networks easily.
There are better, such as the Meraki MR series of APs, however they are quite costly and have licensing costs (they’re more intended for larger high density roll outs).

1 Like

I’ll investigate that thank you.

1 Like

I have the SG and it’s wonderful. If you’re doing this for a business, then you definitely want to get warranty and support from pfSense. All the stuff you buy from them comes with a free year of support BTW.

3 Likes

https://www.pfsense.org/products

I can certainly recommend their products. I have experience with several of their systems from SG3100 & XG-7100 upwards.
Good hardware, good support, good documentation obviously, and It’s pretty much guaranteed to work.

For WiFi I would recommend you start with a test, setup one AP in the center of an area you want to cover and then just with a WiFi Analyzer/speedtest phone go around and check for coverage dBm & up down link as percentage of the actual connection, then as needed setup extra access points connected via ethernet in low coverage areas.

What AP’s you get I can’t really make a recommendation, as it really depends on what’s available to you and what you need.

In my company we have a Cisco Meraki AP Network made up of MR53’s, but this may be overkill for lots of situations.

https://meraki.cisco.com/products/wireless/mr53

1 Like

thanks for the information at this point I’m pretty confident I’ll pull the trigger on a SG3100 for the AP I’m planning to buy two because I’ll need two completely separate network (our office is very small I would say 10m*10m) internal and guest but I start to realize that any prosumer AP will offer that functionality.

2 Likes

If you’re just planning to run a firewall with it, then it is definitely overpowered. The dedicated firewall hardware from PFSense will be significantly more power efficient, plus support!

However, if you are interested in utilizing more of that r210, you could use the spare power from the r210 to setup a network backup, or just a shared network location for documents that everyone works on. It’s still not an ideal use for it, due to its limited hard drive bays, but it’s a foot in the door. It can also be used for hosting your company’s website, if that is something you wanted to look into.

By itself, the R210 II is overpowered, but you can expand its purpose beyond firewall since pfSense is a pretty lightweight OS.

1 Like

Only talking 12 machines here, unless you need IDS or VPN I would go full ubiquiti stack with a USG3 router and a single UAP-AC-Pro, running their controller on a VM somewhere. Would work fine, it’s fully supported, and very inexpensive. I don’t play around with tech at work, that’s for my own time. Stuff at work needs to well, work.

pfSense also supports a caching proxy. If you do make use of the server for it, you can put that disk space to good use. Even for small offices, the speedup for updates alone can usually justify it in terms of reducing workstation downtime. It also scales well as the company grows.

Also handy for rural businesses, where bandwith might be constrained or prone to interruptions.

You could always run squid somewhere other than your edge router. Or really it’s 2018, unless you’re rural like imhigh said, who cares about bandwidth these days?

PCEngines APU2 are perfect for PFSense.

1 Like

I don’t have one, but I heard they have problems NATing 1Gb speeds without high MTUs.

I can personally confirm the USG3 has no such difficulties, as long as you leave QoS, VPN, and IDS turned off.

thank you all for the information I think that a the end I’m gonna buy a netgate SG-3100 and a ubuquiti unifi AP AC PRO for the wifi.

1 Like