Watchguard Firebox performance
-
got one for $1000 and another for $9999 australian ebay :o decisions decisions.
Thanks i'll have a look on the UK site and hope someone will post to me.
-
Blimey!! I paid about £200 GBP for mine!
-
got one for $1000 and another for $9999 australian ebay :o decisions decisions.
What! :o I paid £40 each for mine and one of those was an X5500-E originally far more expensive.
The value of the Firebox units is entirely in the software licensing, if it comes with a years subscription it's going to be valuable.They're Marvell NICs in the X-e boxes and two different types. There is currently a driver problem with the additional 4 NICs found on the X750e and higher boxes that can cause lockups. The other four work perfectly and the driver problem will almost certainly be fixed by the move to FreeBSD 9 for the upcoming pfSense 2.1.
Steve
-
Sorry yes Steve is correct they are Marvel, which arnt great but a lot better than the realtek's!
-
got one for $1000 and another for $9999 australian ebay :o decisions decisions.
What! :o I paid £40 each for mine and one of those was an X5500-E originally far more expensive.
The value of the Firebox units is entirely in the software licensing, if it comes with a years subscription it's going to be valuable.They're Marvell NICs in the X-e boxes and two different types. There is currently a driver problem with the additional 4 NICs found on the X750e and higher boxes that can cause lockups. The other four work perfectly and the driver problem will almost certainly be fixed by the move to FreeBSD 9 for the upcoming pfSense 2.1.
Steve
So i should be after the X5500-E is what you are saying? hows this one http://www.ebay.com.au/itm/WATCHGUARD-FIREBOX-X5500E-FIREWALL-W-3YR-UTM-BUNDLE-NEW-/170536869134?pt=AU_Networking&hash=item27b4ca1d0e
Geez feel like finding me a few for $40 or f?
I did have a X500 but i had to let go of it…. by let go i mean holding it in two hands and bridging the power supply with the lid open while it was running, the electric shock threw it out of my arms :D ::) Anyway that was a while ago i haven't touched one since.
-
I forgot to mention there will be about 10-20 IPSEC VPN tunnels hanging off these too.
-
The X5500 is the firebox peak they are better because they have intel nics IIRC but they are expensive, the X550e X750e X1250e should be fine for you.
-
thanks for your help, i'll see if i can't find one.
-
Steve is right with the watchguards the cost is in the software/licences you are best off trying to find a x550e or x750e without any subscriptions as it will be a lot cheaper.
Quite often they come up pulled working from environments but without any subscriptions or even the passwords, they are the ones you want :)
-
the electric shock threw it out of my arms
Well that doesn't sound like fun!
Like their previous range Watchguard released the X-e boxes in two groups, X-Core-E and X-Peak-E. The two look identical from the outside and use the same motherboard. The peak units have a faster CPU, 2GHz Pentium-M vs 1.3GHz Celeron, more ram and VPN accelerator card.
Almost none of that is any advantage for pfSense! The VPN card isn't supported, RAM can be had for pennies on Ebay and the CPU (at least under 2.0) doesn't throttle correctly so it runs hot.The X-Peak-e boxes are not worth buying for pfSense. Stick to the X-core-e boxes. You can add ram if you find it's not enough, any old DDR2 sticks will work, and swap out the CPU.
The VPN performance is not great TBH. See my test results here.
What is your conncetion speed?Steve
-
Steve I thought the Peak had intel nics?
-
The previous generation X-Peak (no E) had 9 all Intel NICs and a 2.8GHz Pentium 4 CPU. Not as fast as the E box and uses more power. They are incredibly rare it seems. I have one, it's great! ;D
Steve
-
Ahhh ok, I will stop looking out for a cheap one on ebay then if the newer peaks are the same mobo etc as the cores :D
-
Yep don't bother. I only bought one because it was really cheap, it had a dead CF card which wasn't a problem for me. I was hoping the vpn card might be interesting but I think it's proprietary. When I connect it I just get an interupt flood and it's not seen by the OS. It is quoted as supporting 600Mbps VPN throughput though, which would be nice.
Steve
-
How do the cf cards go, wouldn't the logs hammer these?
These will be in a datacentre.
Are these a better option with an extra nic, newer hardware should be faster.
http://www.supermicro.com/products/system/1U/5015/SYS-5015A-EHF-D525.cfm -
The NanoBSD images are specially setup for embedded systems on flash drives. They don't log to the CF card and mount the card RO with noatime. They only write to the card when you change the config.
I don't know why the Watchguard CF card had failed. It could have been corrupted during a software upgrade or a power failure I didn't spent much time looking into it.Actually the performance of the Atom is surprisingly similar to the Pentium-M. See some nice results from a D510, here. It will be slightly faster.
Although it's dual core a lot of the firewalling components do not multi thread.Steve
-
The problem with systems like that is by the time you have added a decent quad NIC they get expensive, if you can pick up a Watchguard for a decent price you cant really beat it.
-
Would i need a quad nic? i think i'll go with the supermicro's can get for $300. Come with Dual GB onboard will put in another 2 x gb card.
This should let me run load balancing with 3 nics, or any other reasons i should put a 4 port in it? giving a total of 6 NICs?Will be buying 2. can put 4GB ram in them too.
-
No reason. ;)
It's just that most of the Watchguard boxes have 6 or 8 NICs so to do a fair comparison you have to add that cost.
If you need more interfaces, for multiwan or more internal subnets, it usually easier to do it with VLANs and a managed switch.Steve
-
trying to find one of these now http://www.witronix.com.sg/prolist/Witronix%5CAC%5CMBX-1726.pdf
