Network Upgrade (Part 1)

As I keep saying, I am not a blogger and I do not post very often or with any regularity. Sometimes I use this blog for posting items that I would like to remember later and had a hard time finding. And, I always try to give credit where credit is due (likely my university science degree background…).

Anyway, about a year ago my SonicWall TZ205W went out of support. It was getting old anyway and many features I would like were not available. Bell Fibe (what used to be Bell Aliant FibreOp – I think FibreOp sounds cooler than Fibe, but anyway…) upgraded me to 500 Mbit/s. The TZ205W could barely push 100 Mbit/s. The neat Sonicwall “published apps,” if you will, either needed ActiveX (what?!?!?!) or Java. Java has security issues (especially outbound) and I don’t need to say anything about ActiveX.

I really like SonicOS – I know that this is a polarising statement – but it worked just fine for me. I liked the SonicWall appliances from the old, used, SoHo 3 I picked up from a local newsgroup to the TZ170 Enhanced to the current TZ205W. I started looking at a new SonicWall but that was pushing the budget limit with the annual maintenance. Plus, adding IDPS, etc. could really slow the system down. I also did not need a wireless version as I had Asus and Netgear access points. Now, I do not need 500+ Mbit/s but is do want it!

One of my staff – who is very open source – mentioned pfSense. It seemed interesting but I would have to procure my own hardware. I like having separate network infrastructure even though I’m a big VMware ESXi fan. I then spent a few months thinking about it…

I then happened on a video on YouTube by Tom Lawrence of Lawrence Technology Services. I like Tom’s videos; they can be a little technical which is great and his howto guides are great. Anyway, after watching a couple of his videos on pfSense I started looking at the Netgate SG-3100. Hmm… It is an appliance – like my old SonicWalls – so I would not have to buy additional hardware and ran pfSense. Looking good. I then went to buy it and… It was out of stock on Amazon (Canada). Dunh!

More thought…

I started researching what others were using for hosting pfSense and noted a few products. I eventually landed on a rack mountable chassis with 6  Intel 82583V GigE interfaces, an Intel I5-2540M with AES-NI support (was going to be required for pfSense 2.5 but no longer; that being said, it does help with OpenVPN offloading), 2 GB RAM and a 32 GB SSD on Amazon (Canada) for about $400 (similar to this one). Now, it did come with pfSense, from China, so that had to go. (Do not use it, do not upgrade it; reinstall from an official download. See this video.)

Off with a fresh, clean, checksummed ISO from pfsense.org I installed pfSense 2.4.4. I configured everything basically the same way that I had the old TZ300W (stay tuned for part 2 on what come out of that) and this was the result of my first speed test:

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.