pfsense crypto QAT Atom Vs G4400 no QAT.
-
Good evening,
I've got a couple of Sophos XG hardware devices, the XG 230 Rev 2 with an Intel G4400, which I may upgrade to an i5-6500T or i3-6100T. I've also got a Sophos XG 125 Rev3 which has an Intel(R) Atom(TM) CPU C3508 @ 1.60GHz, but has the QAT option on chip.
I've got a 500/50 connection at present, but hopefully a 900/900 in 2024. I use a variety of VPN services, IPSec to another pfsense box, OpenVPN with Windows laptop (AD auth) and Wireguard for 4 x iOS devices.
Performance wise, what's the better option the Atom CPU with QAT or the XG 230 Skylake CPU.
Both are on pfsense Plus, one has a longer license.
-
The skylake will be faster. If you enable IIMB in Plus it will be a lot faster.
-
@stephenw10 said in pfsense crypto QAT Atom Vs G4400 no QAT.:
The skylake will be faster. If you enable IIMB in Plus it will be a lot faster.
Interesting. Thank you for info, will look at 1151 CPU options.
IPsec-MB Crypto Is enabled on the Atom system too and active.
-
Wished I'd put my license on this box instead of my XG135 rev3. So looks like I'll sell off my xg135 rev3 and purchase a new plus license for the XG210 Rev2.
QAT was the main aspect for sticking with the Atom, but at 20w Vs 30w for the XG210 with a 6100T CPU, what's 10w..
It's got CE on it atm as the plus license expired a few weeks ago.
My 900/900 connection hasn't arrived yet as toob are still building the network in the area. Once I have a 900/900 I'll FT VPN traffic through my connection.
-
The 135 Rev. 3 will handle 1GBit IPsec with QAT.
I use it as my cold standby Backup and test a 256 AES GCM to my 6100 and run full GBit line Speed to a SMB Share.
And the 135 Rev. 3 will go down to 17-18W if you switch of HDMI out in the Bios and use speedstep. -
@NOCling said in pfsense crypto QAT Atom Vs G4400 no QAT.:
The 135 Rev. 3 will handle 1GBit IPsec with QAT.
I use it as my cold standby Backup and test a 256 AES GCM to my 6100 and run full GBit line Speed to a SMB Share.
And the 135 Rev. 3 will go down to 17-18W if you switch of HDMI out in the Bios and use speedstep.Will look at the HDMI aspect, but there are no CPU/speedstep options within the BIOS on the unit.
-
If speedstep is enbled though you just have to enable powerd in pfSense to use it. That's in Sys > Adv > Misc.
-
Yes I've seen that on my XG210 Rev2
