pfSense vs TNSR
-
Hello everyone,
Im thinking to switch from pfSense to TNSR due to my new apartment gets 10G Fiber Internet and I also upgraded to 10G internally in my home. I reed somewhere that about this speed the pfSense Software will be at its limits and its better to use TNSR.
If this is true someone could give me information how long / difficult the transition is?Kind regards,
-
@sysadminfromhell Very difficult to judge without knowing what HW you are running on, and what modules/plugins you run.
I have been running pfsense virtualized on a Proxmox server with an i5-11400 CPU and X520 SFP+ NICs. With Suricata in Legacy mode I get 8Gbit+ on speedtest. If I change over to Inline mode, it drops down to 3.5-4 Gbit speed instead. Which to be honest is more than what Steam, Battle.net are capable of delivering on a good day anyway. And to be honest, game updates or SW downloads are the only use cases I can think of right now for anything above 1 Gbit, or at least 2.5Gbit. Except the bragging rights...
And, even if your HW is capable already today, you might want to consider all the additional cost. Since you would need at least a 10G NIC for your PC and perhaps your servers. And probably one or two 10G switches...
-
@Gblenn The internal network is already completly upgraded to 10G (exceptions are my PS4 and/or my WiFi which is 2.5G) all wired Clients are connected via 10G. Thats why I was thinking about it.
But if you say that the i5 11400 can handle that virtualized I think my dedicated hardware should be able to handle that. (E3-1260L v5) -
@sysadminfromhell Yes, I think it should definitely work, although the E3-1260L v5 is a bit behind an i5-11400. I have also run it on an 10400 which is perhaps in the middle between the E3 and 11400 and it got almost the same numbers. All based on cpubenchmark.com...
I pass through my NIC's to the firewall so my only real limitation is with the CPU. But since it's about using the "cores" and "threads" I doubt there is any measurable overhead from running it virtualized. I have tried assigning more CPUs to the firewall but it doesn't really make a difference for the speedtests.
-
@Gblenn just out of curiosity: are you talking about pfSense on a i5 11400 or TNSR?
TNSR is primary a routing platform (w/o no gui I guess) and I got the impression implementing the firewall rules is quite different to pfSense. TNSR is based on Linux and that affects the way how easy (or not) you can can migrate existing pfSense firewall rules over (which in TNSR are called ACLs).
And it's a very different price range than pfSense. TNSR is a minimum of $999/year.
-
@patient0 said in pfSense vs TNSR:
@Gblenn just out of curiosity: are you talking about pfSense on a i5 11400 or TNSR?
Sorry, I sort of thought it would be understood to be pfsense... But I'll edit the post so there is no confusion.
-
@Gblenn you're probably right, not sure if Suricata is available for TNSR. Sorry for the confusion.
-
@patient0 said in pfSense vs TNSR:
[...] And it's a very different price range than pfSense. TNSR is a minimum of $999/year.
yea the price tag I saw already but yea I figured I stick with my current setup so far. got still an old Hme license with allows me to use pfSense Plus anyways which is incredible and the usage is amazing. The frequent Updates are much better then at CE so as long as my FW can handle the 10G I won't upgrade anything so far.
Thanks for your informations at all and for your insights.
-
@sysadminfromhell said in pfSense vs TNSR:
as long as my FW can handle the 10G I won't upgrade anything so far
And even if you don't get the full 10G, how much do you really need? Of course there is also the option of upgrading your HW. The yearly cost of a TNSR license would buy you some serious HW upgrades, every year...
-
@Gblenn said in pfSense vs TNSR:
@sysadminfromhell said in pfSense vs TNSR:
as long as my FW can handle the 10G I won't upgrade anything so far
And even if you don't get the full 10G, how much do you really need? Of course there is also the option of upgrading your HW. The yearly cost of a TNSR license would buy you some serious HW upgrades, every year...
Yea thats the next issue, mayhaps its a good idea to do some research at this point to figure out if I have to move to another Firewall Vendor :(
-
@sysadminfromhell said in pfSense vs TNSR:
if I have to move to another Firewall Vendor :(
Why move?
I doubt you will get much better performance from other firewalls on the same HW. Assuming you want to have some level of functionality that is similar to what pfsense offers.
I have been playing around with Sophos XG, which is available for free for home use. It has some minor limitations in # of CPU's and memory, but I get pretty much the same performance out of that as I do with pfsense in a like for like comparison (same amount of CPU's). Memory has never been an issue for me...
