Firewall Selection 2G WAN (40G/10G/1G LAN)
- Thread starter AJXCR
- Start date
Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
I looked at it briefly, but haven't really performed any in depth research. Unless the software is far more capable than PFSense, however, I just don't see anything being able to compete with a box I could assemble for nearly $0 using parts from existing stock.
I guess I'll just need to find someone with high throughput PF sense experience.. information seems to be sparse.
I've got a deal worked out for a sizeable lot of high spec V3 & V4 processors that should take place at the end of the week. Also have spare:
-Numerous smaller SSD's
-At least one spare T580
-64GB (in 8GB sticks) of DDR4 2400 RDIMMS
-Boxes of coolers/fans
-Boxes of PSU's
-A couple of spare GPU's and access to cheap prev gen Teslas (I ran accross a post where someone was using a GPU's to drastically increase PFSense performance)
-And several more boxes of misc.
To build a dedicated box I would basically need a case, MB, and maybe a few extra NIC's
You could try sophos XG, its a full UTM the only limits are 4 cores and 6gb of ram. Depending on the cores you should get the throughput you want, has a lot of features included for free.
Free Firewall for Home Users | Free Home Security Appliance Download | Sophos XG Firewall
Free Firewall for Home Users | Free Home Security Appliance Download | Sophos XG Firewall
What kind of processor would you run there? 4 cores pretty much cuts out most of the Xeons. Something like a 7700K means no RDIMMS, I suppose an i3 and reg mem?
Looking at the higher end big name devices, they seem to include quite a bit of processing power.. I thought I might dump these 4655v3's or a set of 2643V4's in there..
It will only use 4 processors, if you install it on something that has more than 4 it just wont use them, or you run it as a vm. The E3 line of xeons are quad cores.
Current PFSense vm is hosted in a 44 core server... trying to get it out of a virtualized environment.
I guess I'll just have to educate myself a bit.
If you're just looking for a firewall, even the $79 EdgeRouter can manage full Gb. It's not going to consume a ton of power for a stateful firewall. It's all of the other features that will start to increase your hardware requirements.
On pfsense, if you use snort, it is still a single threaded process so you're limited in what it can filter and analyze through that single thread. YOu could use surricata for multi-threaded performance.
As a point of reference, I'm running a Sophos XG home edition UTM at home. It is running as a VM with 4 vCPU, 6GB RAM, 100GB SSD and 2 NIC ports. The hardware it is running on is a Dell R230 with a E3-1240v5, 64 GB DDR4 RAM, a 4 port Intel Gb NIC card and a 400GB SSD.
My home connection is sadly only 940Mbps but I've been able to fully utilize the bandwidth with everything turned on (full UTM including AV, IPS...etc). The Sophos CPU utilization doesn't go higher than around 30% when downloading at full throttle and memory utilization hovers around 45% mark with 61 devices including 15 hosted web servers for various applications.
If you want a full UTM, then based on this, the R230's specs may fit perfectly, just exchange the NIC for a 10G card I suppose.
On pfsense, if you use snort, it is still a single threaded process so you're limited in what it can filter and analyze through that single thread. YOu could use surricata for multi-threaded performance.
As a point of reference, I'm running a Sophos XG home edition UTM at home. It is running as a VM with 4 vCPU, 6GB RAM, 100GB SSD and 2 NIC ports. The hardware it is running on is a Dell R230 with a E3-1240v5, 64 GB DDR4 RAM, a 4 port Intel Gb NIC card and a 400GB SSD.
My home connection is sadly only 940Mbps but I've been able to fully utilize the bandwidth with everything turned on (full UTM including AV, IPS...etc). The Sophos CPU utilization doesn't go higher than around 30% when downloading at full throttle and memory utilization hovers around 45% mark with 61 devices including 15 hosted web servers for various applications.
If you want a full UTM, then based on this, the R230's specs may fit perfectly, just exchange the NIC for a 10G card I suppose.
hmm.. yeah make sure not to put tons of rules etc on if you want to push 1g full duplex. Wont handle that very well iirc.
Are you referring to the EdgeRouter or Sophos? I can see the EdgeRouter crapping out if there are a ton of rules.
Do you just want routing with some firewall rules ? Or do you want also IDS/IPS, virus scan, malware protection, URL filtering, ssl inspection, etc ?
One is easy at multi gig speeds, the other is much much harder, products like edgerouter anyway only do the former so may be pointless even looking at it depending on needs.
One is easy at multi gig speeds, the other is much much harder, products like edgerouter anyway only do the former so may be pointless even looking at it depending on needs.
you could also do plain firewall/routing with pfsense and put an utm passive on a mirrored port on a separate device.