Yet another PfSense Question - Building a box ( quiet/1u/passive'ish )

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
M

mstone

Active Member
Mar 11, 2015
505
118
43
46
Patrick said:
Rohit has a review of the Protectli FW4A as a silent pfSense box almost done. Amazon Protectli FW4A

Looks fairly good. No moving parts from the pictures.
Click to expand...
Seems expensive for what you're getting unless you really, really, really need to not have a fan.

kapone said:
While that's not a bad box, it's "only" clocked at 1.9GHz. In the OPs case, that may be sufficient as he has less than 200mbps internet, but for a faster connection (I have 1gbps symmetric), that may not be enough, depending on what you run.

Something to think about.
Click to expand...
It should be more than enough to firewall 1Gbps, definitely a lot more than 200Mbps. The only wildcard is PPPoE, which does require significant single thread performance in the freebsd implementation.
 
IamSpartacus

IamSpartacus

Well-Known Member
Mar 14, 2016
2,516
650
113
mstone said:
Yup, and if that's what you want then have at it. Luckily my fanless needs can be met by pcengines gear for one heck of a lot less money.
Click to expand...
I wasn't making any statement about that linked unit. I paid a premium for an Akasa case so that I could still get good performance (C2758) while being silent.

With regard to PC Engines, I've been looking at them for some time now. Do any of their APU units compare performance wise to the C2750/58? I need to be able to push at least 400-500Mbps across a site-to-site IP sec VPN.
 
M

mstone

Active Member
Mar 11, 2015
505
118
43
46
IamSpartacus said:
With regard to PC Engines, I've been looking at them for some time now. Do any of their APU units compare performance wise to the C2750/58? I need to be able to push at least 400-500Mbps across a site-to-site IP sec VPN.
Click to expand...
APU2/3 performs about the same as C2750 for AES-GCM, about 30% worse for AES-CBC on a per-core basis, and has half the cores. Other stuff like interrupt handling the APU will be slower than the C2750. It's maybe doable, but depends on the implementation, and you've got less slack. I don't think it will happen with pfsense. Sorry it's been long enough that I looked at VPN performance on one of those that I just don't remember the final numbers.
 
You must log in or register to reply here.
Top Bottom