Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Imagine you had a client with 1200 users... That wants VPN and reporting!

    Scheduled Pinned Locked Moved General pfSense Questions
    15 Posts 6 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • AndyRHA
      AndyRH
      last edited by

      I like pfSense, but this is not a job for pfSense. There are corporate VPN providers that do this.

      o||||o
      7100-1u

      johnpozJ 1 Reply Last reply Reply Quote 1
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @AndyRH
        last edited by

        @andyrh True - quote him one of those and see if he likes the price ;) They sure ain't freaking cheap hehehe

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • AndyRHA
          AndyRH
          last edited by

          I have the home version of LogonBox, nice Web UI that has a QR code to configure the client. At work we use zScaler for 25k+ users.
          At some point if you want the pretty pictures and easy config you have to pay the ones that developed it and as you said, they are proud of their work.

          o||||o
          7100-1u

          1 Reply Last reply Reply Quote 0
          • S
            Saqqara
            last edited by

            Netgate PFSense devices can not handle 10GB wan connections.

            Cool_CoronaC M 2 Replies Last reply Reply Quote 0
            • Cool_CoronaC
              Cool_Corona @Saqqara
              last edited by

              @saqqara I run it virtualized on pretty awesome hardware.

              :)

              1 Reply Last reply Reply Quote 0
              • M
                michmoor LAYER 8 Rebel Alliance @Saqqara
                last edited by

                @saqqara said in Imagine you had a client with 1200 users... That wants VPN and reporting!:

                Netgate PFSense devices can not handle 10GB wan connection

                Are you sure about that? Without running TNSR, the limitation is up to 10Gbps on the rack based pfsense+ gear.

                Firewall: NetGate,Palo Alto-VM,Juniper SRX
                Routing: Juniper, Arista, Cisco
                Switching: Juniper, Arista, Cisco
                Wireless: Unifi, Aruba IAP
                JNCIP,CCNP Enterprise

                johnpozJ 1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator @michmoor
                  last edited by

                  @michmoor better be one hell of a box that can handle 10ge over vpn connections ;)

                  From the summary page it lists the 1541 running pfsense for ipec vpn
                  IPERF3 Traffic: 9.30 Gbps

                  But imix on that drops too
                  IMIX Traffic: 1.77 Gbps

                  With the requirements of this RFP - don't believe pfsense would be best fit no.

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  M 1 Reply Last reply Reply Quote 0
                  • M
                    michmoor LAYER 8 Rebel Alliance @johnpoz
                    last edited by michmoor

                    @johnpoz I interpret it as just routing at L3 for 10Gbps.
                    "With the requirements of this RFP - don't believe pfsense would be best fit no."

                    • Probably not pfsense. TNSR?

                    But IPsec VPN sustained for 10Gbps...Yikes.. Looking up big brand vendors (PA), they do have boxes that do that but you will be paying so much $$$.
                    Maybe there's a budget for that. Then again, TNSR can do 10Gbps easily for the fraction of the price.

                    Im wondering if GrayLog has the ability to do a "live map" for VPN.
                    I have a set up for Snort where I have a world map of the IPs that are tripping my sensor and their location. MaxMind license required. At a high level I can see how it could be adaptable to VPNs.

                    Firewall: NetGate,Palo Alto-VM,Juniper SRX
                    Routing: Juniper, Arista, Cisco
                    Switching: Juniper, Arista, Cisco
                    Wireless: Unifi, Aruba IAP
                    JNCIP,CCNP Enterprise

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S
                      stephenw10 Netgate Administrator
                      last edited by

                      This is 1200 individual VPN clients?

                      Cool_CoronaC 1 Reply Last reply Reply Quote 0
                      • Cool_CoronaC
                        Cool_Corona @stephenw10
                        last edited by

                        @stephenw10 Yes.

                        1 Reply Last reply Reply Quote 0
                        • stephenw10S
                          stephenw10 Netgate Administrator
                          last edited by

                          Mmm, that's tough because generally that means one server process. So 10G is pretty much right out with pfSense.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.