Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Hardware recommendation pfblockerng + wireguard + "room to wiggle"

    Scheduled Pinned Locked Moved Official Netgate® Hardware
    5 Posts 3 Posters 910 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      Pizzamaka
      last edited by

      Hi all.
      I have an SG-1100 and running pfblockerng-devel. I see it constantly runs out of memory (kills unbound+pfblocker etc...)and am thinking of what a potential upgrade would be. Below are my thoughts / requirements, please add your points :)

      What I would like to do:

      • run pfblcokerNG-devel
      • run a wireguard server
      • eventually run some packet inspection in the future
      • I love the support in this community (and I have enought things to care about), so I would really love to have some kind of appliance (no custom hardware)
      • I have a 400 MBit WAN connection (will stay that way, since I don't really need more)
      • 3 VLans planned (not really set up yet)

      My thoughts on hardware

      • The 2100
        • has 4GB of memory, so that should be fine 🙂
        • has the same CPU as the 1100 (Often the CPU is maxed out on mine) 😔
        • has similar low power consumption like the 1100 🙂
        • has an M2-SSD which can be upgraded/swapped 🙂
      • The 4200 is like the 2100 with
        • better CPU 🙂
        • higher Power consumption 😔

      So my questions are

      • do I need the better CPU? (In my case that probably is the only thing that differs)
      • Is there anything I am missing?
      W 1 Reply Last reply Reply Quote 0
      • W
        WN1X @Pizzamaka
        last edited by

        @Pizzamaka I went with the 4200. At the time, the max option was not available so I upgraded itself. I have 1gig service with pfBlockerNG plus a few other packages. Very happy with it.

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          Mmm, I would choose the 4200. You are likely to be close to hitting the CPU limit on the 2100 with that combination of VPN and packages.

          P 1 Reply Last reply Reply Quote 0
          • P
            Pizzamaka @stephenw10
            last edited by

            @stephenw10 is that due to the packet inspection or is wireguard + pfblocker already pushing the CPU?

            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              The maximum throughput without any packages or VPNs on the 2100 is 600-700Mbps. No problem for 400Mbps. But if you want to pass 400Mbps over wireguard you are going to be CPU limited. If you want to do that with Snort or Suricata running, even more so. Memory shouldn't be an issue unless you load up ever list and definition in pfBlocker and Snort (which you shouldn't!).

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.