Service providers shoulder an enourmous responsibility to deliver and manage the networking infrastructure that businesses of all sizes depend on every day. Securing this infrastructure while maintaining the flexibility needed to turn up new services is essential to the business of any provider. Network security appliances from Netgate® combined with pfSense® software addresses these requirements while providing advanced technology and capabilities, all at advantageous pricing for this highly competitive market.

Recommended Appliances for Service Providers

Best Used For Processor RAM Storage Options Ports Price
Netgate XG-1537 1U pfSense Security Gateway Appliance
XG-1537 1U
Medium Business
Large Business
Branch Offices
Intel Xeon ®
D-1537 SoC 1.7 GHz 8-Core
256GB M.2 SSD 6GB/s 3D TLC NAND 2x Intel 10Gb SFP+
2x Intel 1GbE RJ-45
$1,949 More Details
Netgate XG-1541 1U pfSense Security Gateway Appliance
XG-1541 1U
Medium Business
Large Business
Branch Offices
Intel Xeon®
2.1 GHz 8-Core
256GB m.2 SATA 2x Intel 10GbE
2x Intel 1GbE
$2,649 More Details
Netgate XG-1541 1U HA pfSense Security Gateway Appliance
XG-1541 1U HA
Medium Business
Large Business
Branch Offices
Intel Xeon®
2.1 GHz 8-Core
256GB m.2 SATA 2x Intel 10GbE
2x Intel 1GbE
$5,298 More Details
Netgate CPIC 8955 pfSense Security Gateway Appliance
CPIC 8955
$799 More Details

Appliance Guidance

The following outlines the best practices for choosing the appliance best suitable for your environment.

Feature Considerations

Most features do not factor into hardware sizing, although a few will have a significant impact on hardware utilization:

VPN - Heavy use of any of the VPN services included in the pfSense software will increase CPU requirements. Encrypting and decrypting traffic is CPU intensive. The number of connections is much less of a concern than the throughput required. AES-NI acceleration of IPsec significantly reduces CPU requirements on platforms that support it.

Captive Portal - While the primary concern is typically throughput, environments with hundreds of simultaneous captive portal users (of which there are many) will require slightly more CPU power than recommended above.

Large State Tables - State table entries require about 1 KB of RAM each. The default state table size is calculated based on 10% of the available RAM in the firewall. For example, a firewall with 1 GB of RAM will default to 100,000 states which when full would use about 100 MB of RAM. For large environments requiring state tables with several hundred thousand connections, or millions of connections, ensure adequate RAM is available.

Packages - Some of the packages increase RAM requirements significantly. Snort and ntop are two that should not be installed on a system with less than 1GB RAM.