Watchguard Firebox performance

jp141

Steve I thought the Peak had intel nics?

stephenw10

The previous generation X-Peak (no E) had 9 all Intel NICs and a 2.8GHz Pentium 4 CPU. Not as fast as the E box and uses more power. They are incredibly rare it seems. I have one, it's great!  ;D

Steve

jp141

Ahhh ok, I will stop looking out for a cheap one on ebay then if the newer peaks are the same mobo etc as the cores :D

stephenw10

Yep don't bother. I only bought one because it was really cheap, it had a dead CF card which wasn't a problem for me. I was hoping the vpn card might be interesting but I think it's proprietary. When I connect it I just get an interupt flood and it's not seen by the OS. It is quoted as supporting 600Mbps VPN throughput though, which would be nice.

Steve

network1

How do the cf cards go, wouldn't the logs hammer these?

These will be in a datacentre.

Are these a better option with an extra nic, newer hardware should be faster.
http://www.supermicro.com/products/system/1U/5015/SYS-5015A-EHF-D525.cfm

stephenw10

The NanoBSD images are specially setup for embedded systems on flash drives. They don't log to the CF card and mount the card RO with noatime. They only write to the card when you change the config.
I don't know why the Watchguard CF card had failed. It could have been corrupted during a software upgrade or a power failure I didn't spent much time looking into it.

Actually the performance of the Atom is surprisingly similar to the Pentium-M. See some nice results from a D510, here. It will be slightly faster.
Although it's dual core a lot of the firewalling components do not multi thread.

Steve

jp141

The problem with systems like that is by the time you have added a decent quad NIC they get expensive, if you can pick up a Watchguard for a decent price you cant really beat it.

network1

Would i need a quad nic? i think i'll go with the supermicro's can get for $300. Come with Dual GB onboard will put in another 2 x gb card.
This should let me run load balancing with 3 nics, or any other reasons i should put a 4 port in it? giving a total of 6 NICs?

Will be buying 2. can put 4GB ram in them too.

stephenw10

No reason.  ;)
It's just that most of the Watchguard boxes have 6 or 8 NICs so to do a fair comparison you have to add that cost.
If you need more interfaces, for multiwan or more internal subnets, it usually easier to do it with VLANs and a managed switch.

Steve

network1

trying to find one of these now http://www.witronix.com.sg/prolist/Witronix%5CAC%5CMBX-1726.pdf

network1

OK thoughts on this unit please, would it be supported

Remove HTTP….. ftp://ftp.arbor.com.tw/pub/datasheet/network_communication_appliances/MBX-1736A.pdf

Works with the following CPU
Core 2 Duo Processor E4300 - 1.80GHz / FSB-800 / 2M cache
Pentium Processor E2160       - 1.80GHz / FSB-800 / 1M cache
Pentium 4 Processor 651         - 3.40GHz / FSB-800 / 2M cache
Celeron Processor 440             - 2.00GHz / FSB-800 / 512K cache

Takes a CF card, 6 nics, and its red.

Again what would be the pick of the CPU's for performance and utilisation.

stephenw10

@network1:

and its red.

Nice.  :D

Looks expensive. And rare!
I'd go with the Core2Duo. You can pick those up second hand for next to nothing so why not.

Steve

network1

how do the core2's go with firewall though? will it only use half the cpu etc.

I'm waiting on price but they look good so far.

Should be a pretty quick machine, would smoke the firebox performance wise.

stephenw10

pfSense uses a multiprocessor kernel it will run just fine on a Core2Due.
However you're right that you won't get double the performance since a lot of the firewall processes don't multi-thread.
Yep it would smoke any of the fireboxes you've talked about. You'd have to step up to the XTM5 series (which is very similar) but they are the current model so you pay a huge premuim.

Steve

network1

Well about $1000 for those boxes…. I'm undecided but may just get one yet.

maybe i'll get a firebox as a secondary

Is there any use getting one with the LCM screen? what would pfsense display

stephenw10

If the display is supported by LCDproc then it's very easy to get it running with a variety of display options via the lcdproc package. You can write your own lcdproc client if you want alternative information or use one someone else has written.

$1000 is cheaper than I thought it would be.

Steve

network1

Well went to order…. they are discontinued  :'(

They can be made to order, however there is a min order of 100.

So are their 98 others interested? or maybe someone willing to lend $98,000  ::)

Such a shame these looked like the best units i could find so far and resonably priced.

doofoo

@network1:

Well went to order…. they are discontinued  :'(

They can be made to order, however there is a min order of 100.

So are their 98 others interested? or maybe someone willing to lend $98,000  ::)

Such a shame these looked like the best units i could find so far and resonably priced.

Did you ever find anything else remotely similar to this?  I got my hopes up on page 2 and now I see it's discontinued.  This was perfect for what I was looking for. :(

network1

@doofoo:

@network1:

Well went to order…. they are discontinued  :'(

They can be made to order, however there is a min order of 100.

So are their 98 others interested? or maybe someone willing to lend $98,000  ::)

Such a shame these looked like the best units i could find so far and resonably priced.

Did you ever find anything else remotely similar to this?  I got my hopes up on page 2 and now I see it's discontinued.  This was perfect for what I was looking for. :(

Yes, however decided on using IBM servers after all this.

This place are the ones that made the boxes for arbor… they will still make them for you too.

http://www.evoc.com/products/Network-Application-Platform/list.aspx