Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfsense crypto QAT Atom Vs G4400 no QAT.

    Scheduled Pinned Locked Moved General pfSense Questions
    8 Posts 3 Posters 764 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mikey_s
      last edited by

      Good evening,

      I've got a couple of Sophos XG hardware devices, the XG 230 Rev 2 with an Intel G4400, which I may upgrade to an i5-6500T or i3-6100T. I've also got a Sophos XG 125 Rev3 which has an Intel(R) Atom(TM) CPU C3508 @ 1.60GHz, but has the QAT option on chip.

      I've got a 500/50 connection at present, but hopefully a 900/900 in 2024. I use a variety of VPN services, IPSec to another pfsense box, OpenVPN with Windows laptop (AD auth) and Wireguard for 4 x iOS devices.

      Performance wise, what's the better option the Atom CPU with QAT or the XG 230 Skylake CPU.

      Both are on pfsense Plus, one has a longer license.

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        The skylake will be faster. If you enable IIMB in Plus it will be a lot faster.

        M 1 Reply Last reply Reply Quote 1
        • M
          mikey_s @stephenw10
          last edited by mikey_s

          @stephenw10 said in pfsense crypto QAT Atom Vs G4400 no QAT.:

          The skylake will be faster. If you enable IIMB in Plus it will be a lot faster.

          Interesting. Thank you for info, will look at 1151 CPU options.

          IPsec-MB Crypto Is enabled on the Atom system too and active.

          1 Reply Last reply Reply Quote 0
          • M
            mikey_s
            last edited by mikey_s

            Wished I'd put my license on this box instead of my XG135 rev3. So looks like I'll sell off my xg135 rev3 and purchase a new plus license for the XG210 Rev2.

            QAT was the main aspect for sticking with the Atom, but at 20w Vs 30w for the XG210 with a 6100T CPU, what's 10w..

            It's got CE on it atm as the plus license expired a few weeks ago.

            My 900/900 connection hasn't arrived yet as toob are still building the network in the area. Once I have a 900/900 I'll FT VPN traffic through my connection.

            1 Reply Last reply Reply Quote 0
            • N
              NOCling
              last edited by NOCling

              The 135 Rev. 3 will handle 1GBit IPsec with QAT.
              I use it as my cold standby Backup and test a 256 AES GCM to my 6100 and run full GBit line Speed to a SMB Share.
              And the 135 Rev. 3 will go down to 17-18W if you switch of HDMI out in the Bios and use speedstep.

              Netgate 6100 & Netgate 2100

              M 1 Reply Last reply Reply Quote 1
              • M
                mikey_s @NOCling
                last edited by

                @NOCling said in pfsense crypto QAT Atom Vs G4400 no QAT.:

                The 135 Rev. 3 will handle 1GBit IPsec with QAT.
                I use it as my cold standby Backup and test a 256 AES GCM to my 6100 and run full GBit line Speed to a SMB Share.
                And the 135 Rev. 3 will go down to 17-18W if you switch of HDMI out in the Bios and use speedstep.

                Will look at the HDMI aspect, but there are no CPU/speedstep options within the BIOS on the unit.

                1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  If speedstep is enbled though you just have to enable powerd in pfSense to use it. That's in Sys > Adv > Misc.

                  M 1 Reply Last reply Reply Quote 1
                  • M
                    mikey_s @stephenw10
                    last edited by

                    @stephenw10

                    Yes I've seen that on my XG210 Rev2

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.