Pfsense Hardware 100-125 users

I am in the process of piecing together a PFsense router for a local private school. They have around 100-125 users on the network. Where should I start as far as processor, RAM, and drive space for logs? I have a pfsense box at my house that is using an AMD A10-6800 with 16GB DDR3 and a 240 GB SSD. It is major overkill for my house but I had the parts laying around so that is what I used. Any suggestions?

1 Like

What is the connection at the school?
How many vlans are going to be running?
Are we using an L2 or L3 managed switch?
Any optional packages going to be installed?

I believe it is only a 50Mbps cable connection. No VLANS. no managed switches. I will most likely install intrusion prevention, radius, web proxy and that's probably about it. I am trying to keep my billable work to a minimum for their benefit. They have a low leel tech on staff that will manage the device, but I will be building it and setting it up for them and then hand it over.

What is their budget?
Im thinking a Pentium G3950 for the new aes-ni instruction requirement for upgrades down the road. There are other chips that have this but this would be low cost and new.
4gb ddr4
500gb spinning rust will suffice them for a while and can be had for 40 bucks.
Cheap motherboard that supports said chip.
Dual Intel Gigabit NIC from server off ebay for 20 bucks.

1 Like

They did not give me a budget. They told me to put something together and present it to them. I will take a look at your recommendations. Thanks for giving me a start. Like I said, my pfsense box at home was built from what I had laying around so I had really nothing to base it on. I will report back with what I decide to present to them and then again once we have a box up and running. Thanks again.

1 Like

Something i believe we both forgot to discuss how are 125 people going to be connected to said network?
Do they have a current infrastructure?

From what I know they have a standard home router at the moment. Also, they don't always have the full 125 devices connecting all at once but there is a potential of up to 125 devices. I am not familiar with the rest of their network because I was contacted by a friend to see if I could help them out.

Ok well see if you can gather any more details and Ill help you get an overall network layed out so when you present to them there isn't any question left unanswered.
I am assuming a lot of of wireless devices so we will want to look into some Ubiquiti equipment for this and see if you can find out how many wired desktops and such are running so we can account for that.

1 Like

I will see what I can do, but for now all they are contracting me to do is build and install a new router. I am hoping that they look into more upgrades. I will report back once I get more info. It may be a while though. We have to wait till they are out of school to do the router anyway.

@lunarlyte79

Not sure if you heard that version 2.5 and up seems to require AES-NI support at the processor level.
If anyone has more info or I am incorrect please let me know :slight_smile:

I posted about it here:

1 Like

Yea i gave him a processor that has aes support according to intel ark.

2 Likes

That is something that I was unaware of. Thanks for the info.

I have created two builds based on the above recommendations.

https://pcpartpicker.com/user/lunarlyte/saved/#view=zWpsYJ
https://pcpartpicker.com/user/lunarlyte/saved/#view=QhQbvK

Let me know what you think. Thanks again. I will be presenting these builds to them soon.

1 Like

Both look great.

1 Like

Any hardware is good enough hardware for pfsense given that you don't install extra packages and have a 1Ghz+ CPU and 512 MB of ram.

I actually think that running pfsense on baremetal is a waste of computer resources 99% of the times. I'd go for virtualization and put other things on the system to make the most out of it.

I know lots of people virtualize pfsense, but afaik it is advised against because it is a critical part of infrastructure. I don't know a lot about this but I can imagine it would be harder to insure stability and security when it is run as a virtual machine, two things you want in a firewall and router.