Josh Stompro wrote:
I am trying
to get things organized to deploy firewalls in 19 public libraries and
1 headquarters. I initially was using IPcop but really needed some of
the features that pfSense was offering.
Currently I am looking to buy 21 FX5620 (the one Scott mentioned on the
pfSense blog) from Abiatech.com (site down, email abiatech (at)
sbcglobal.net for info) for around $390 each. I was going to go with
Lex booksized pc (CV860A-3R5F) from synertrontech.com (about $260 each
with no memory), but I really need 4 interfaces for what I want to do.
Each branch would use the interfaces like this (with some differences
due to size of the library)
1 - Wan
1 - Staff PC (Lan,dhcp, may use the other 2 ports in bridged mode for
staff machines, so I don't need an extra or managed switch, High
Priority)
1 - Public PC (Opt1, dhcp, throttled low priority)
1 - Public Wireless (Opt2, Captive portal, dhcp, Throttled low
priority)
Currently it isn't' possible to traffic shape more than 2 interfaces
with pfSense so I think that part of the plan will have to wait, I
would only throttle the public wireless interface to start with, and
the others would just have a free run.
A main goal is to protect the staff machines from the public machines
and the wireless and make sure they always have the bandwidth they need
for our core circulation application to remain responsive. I also want
to setup vpn links between our staff machines in the branches and
headquarters so I can get everyone on one active directory.
I was planning on doing a mix of Hard drive and CF setups, hard drives
in a few larger branches where we may want to run squid filtering or
have a local samba share. In most of the other locations I would
rather go with CF so there are no moving parts. I am looking at
Kingston Elite Pro CF cards, 512mb for $30 dollars, I saw them
mentioned on the list. Does anyone have any recommendations of other
brands. Is there really any point to getting a larger CF card? IS 64
or 128 sufficient when going with CF since I wouldn't want to be doing
anything read or write intensive with them anyway? Anyone have
recommendations for 2.5 inch hard drives for this sort of application?
Has anyone thought of how a pfSense manager would work, something that
would control a large deployment of pfSense Firewalls.
Thank you
Josh
You are aware that it is possible to get bespoke features via a
bounty?
Chris
|
