I dont see any reason why PF wouldnt fit your bill. The hardware may be slightly overkill, but so what. What are you going to do pull that aging pIII server out of the closet dust it off and fire it up?
On Wed, Feb 9, 2011 at 3:41 PM, Tony Zakula <[email protected]> wrote: > Hi, > > I have been using a Linux distribution router/firewall for a number of > years for a small company. I have been aware of Pfsense for a few > years, but have never switched. I am now in the position that we are > going beyond a few servers and will be running web and email servers > for third parties. I am going to do a hardware upgrade and so I have > a chance to switch. A couple of questions to try to get a sense of > the differences. > > Our layout, I would plan to install pfsense as the main router at the > end of the ISP line. We have lots of public ip addresses which will > be mapped to VPS servers behind this machine. I currently NAT all > traffic, but was considering assigning the public ips to the VPSs > themselves to simplify things. Ranges of ip addresses have different > subnets and gateways. > > IDS and updates is provided for a fee for us right now. In a setup > like this, is IDS a good idea? Or will it probably cause headaches > locking some clients out accidentally? I would assume PFS is hardened > to withstand attacks against it. We have multiple wans, but we run > all traffic on one pipe and lan traffic on the other which has another > firewall to separate it from the servers. > > Would running a firewall on PFS in this situation be a good idea? Or > just run it as a router? > > The fail over sounds great, especially for a production environment. > If I start with one machine now, can I add a second one later while > things are running? > > We have a 5mb line, is a quad core processor with 4gb of ram overkill? > I will want to do ip accounting. > > Thanks for any info from the experts! > > TonyZ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > Commercial support available - https://portal.pfsense.org > >
