Hardware Available at the pfSense Store
-
Speaking of hardware - I see one of the adverts in this web site is www.netgate.com pushing their m1n1wall box running on an alix. Is this appropriate adverts for pfsense's own web site?
-
Speaking of hardware - I see one of the adverts in this web site is www.netgate.com pushing their m1n1wall box running on an alix. Is this appropriate adverts for pfsense's own web site?
Personally, I want to stop the adverts altogether. Others in the company support continuing them for partners.
Some things you might want to consider, however:
-
Netgate is, by far, the largest and longest supporter of the project
-
pfSense HQ is co-located with Netgate in our Austin, TX offices
-
Netgate acts as the shipping department for the store
-
Netgate's owner is the majority shareholder of ESF (you know, the company behind pfSense)
Given these, your concern, while understandable, seems a little … apprehensive?
If there were ever a company closely aligned with pfSense, it is Netgate.
-
-
The shop is a very good idea.
Are you going to sell many different hardware appliances or will you stick to like 3 to 5 different "grades"?I bought the USB stick to support you a little bit :)
-
I don't know what you mean by "many".
I would say that there will be "several" hardware offerings this year.
-
I was going to support the good cause and buy two machines from you. However, there is a slightly, iny tiny, small, problem ;D ;D ;D
I attached a screenshot.
This is for shipping to The Netherlands. If I may, the UPS/Fedex's of this world must be completely mentally retarded. For that amount of money I can depart from Schiphol Airport Amsterdam and fly to New York myself.
So, sorry, I really wanted to buy two machines and in the process support the good cause :-[
On another note: couldn't you go via Amazon Marketplace? I've never had these insane shipping costs when ordering from Amazon USA.
Just a thought :P
-
@Hollander:
If I may, the UPS/Fedex's of this world must be completely mentally retarded. For that amount of money I can depart from Schiphol Airport Amsterdam and fly to New York myself.
ROFL… Insane indeed.
-
…not to forget the customs fun. And then you end up with trash like this (see photo),, btw. inside there were two SAS HDDs, I desperately needed them, otherwise would have returned them....
But in the Netherlands you have other options:
http://www.applianceshop.eu/index.php/?___store=en
:-)
...they do some advertising on the forum, too and I was very satisfied with the service!
-
@gonzopancho:
I don't know what you mean by "many".
I would say that there will be "several" hardware offerings this year.
Any plans on adding anything soon? There's a pretty big gap in price and functionality of what's currently available. Habey has a nice looking 1U that I've been thinking about getting…might even pay a little more if it came in red ;)
http://www.habeyusa.com/products/fw-1044-1u-4-gbe-w-bypass-segment-fanless-network-hub/Edit: speling
-
The C2758 was just added about a week ago.
https://store.pfsense.org/c2758/
It's sold out already, more are on the way.There will be more to come.
-
@chemlud:
…they do some advertising on the forum, too and I was very satisfied with the service!
Actually, they don't.
-
I love the idea of pfSense selling their own hardware, but am lost as to what the unit capabilities are. the C2758 would be great, but how many concurrent connections would it support? Sorry, but I'm not knowledgable enough to translate the raw pass-through numbers to connections.
We're a catholic k-8 school in need of firewall and content filtering…..Currently running a sonicwall 2400
-
May firewall vendors artificially limit "connections". Sonicwall is one such vendor.
We do not.
See the discussion here under "Feature Considerations"
https://www.pfsense.org/hardware/#sizing -
@gonzopancho:
May firewall vendors artificially limit "connections". Sonicwall is one such vendor.
I don't believe they do (not that I would ever recommend those horrible pieces of junk to anyone). I think he's referring to this statistic:
Per http://www.sonicwall.com/us/en/products/NSA-2400.html#tab=specifications
Connections per second 4,000/secI have no idea where they get those numbers from, but their other numbers are very similar to the c2758. I don't believe anything Dell says about Sonicwall, though. Those things perform terribly and are a nightmare to administrate and exhibit very odd behavior.
-
No arguments from me on the sonicwall. They've been a giant pain in my butt as long as I have had to deal with them. And that was even BEFORE Dell took over!
And no, I have no idea where they pull those numbers from. I guess I was more concerned with the throughput. But I guess if I load it up with memory it should handle the web filtering. I'll wander the boards to find out more about that.
Thanks for slapping me upside the head to realize exactly what I should be looking at!
-
I'm not sure what they mean by "connections / sec".
Typically this is a web server metric.
A dual Intel Xeon X5670 (2 * 6 cores @ 2.93 GHz, 2 threads per core) with 24GB of RAM will do 500K connections/sec to nginx.
I've not measured it, but the C2758 cores each benchmark pretty close to a 5600 series ("Westmere ") Xeon. The C2758 only has 8 cores (not 12 in the system above) and they each run at 2.4GHZ, not 2.9GHz, but overall, I'd bet the C2758 can do at least 400K connections/sec in a similar benchmark.Maybe they mean new connections / second to the IPsec endpoint. We haven't measured it.
If they mean packets per second (pps), then that number sucks by comparison. In an Untuned state, the hardware will run 585Kpps per interface without the overhead of pf. Those are minimum-sized (64 byte) packets.
With a bit of tuning, and a single stateful rule installed in the packet filter, the rate goes up to nearly 800Kpps.
Their IMIX is oddly stated at 1280 byte UDP packets. That's not mixed. Typical firewall vendor BS.
http://en.wikipedia.org/wiki/Internet_MixAssuming an IMIX of PPS * ( 7*(40+14) + 4*(576+14) + 1*(1500+14) )/12*8, the IMIX thoughput for this is 2.267Gbps, which, you will note, is faster than the interfaces. This shatters the quoted IMIX throughput for the Sonicwall NSA 2400 (235 Mbps)
And we're after far (far) more. Stay tuned. I LOVE this hardware, and plan to make the most out of it for pfSense.
By comparison, here are the numbers for a PC Engines APU:
154.17 Kpps - raw routing (est IMIX throughput = 437 Mb/s)
88.12 Kpps - with a single, stateful 'pf' rule installed (est IMIX thoughput = 250Mbps)Note that even this is faster than the NSA 2400 you pointed to.
So there it is, a real-world result, the C2758 is about 10X faster than an APU, and I've just gotten started.
-
And the lower-end, Sonicwall does limit the number of nodes behind the firewall (that use the firewall).
http://help.mysonicwall.com/sw/eng/305/ui2/23100/System/Licenses.htmHere is a reseller of Sonicwall node licenses, just so you can check prices.
http://www.sonicguard.com/NodeUpgrades.aspTo be fair, some Sonicwall devices (such as the NSA 2400) come with an "unrestriced" node license.
There are some very early benchmarks (using iPerf, which I loathe) of the C2758 here:
http://store.pfsense.org/c2758/ -
Isn't The C2758 Product page @ http://store.pfsense.org/c2758/ Misleading?!?!?!
It clearly states "No additional usage or feature based pricing. Unlimited users, firewall rules, VPN connections, etc."
However, the Quick Start Guide @ http://support.netgate.com/index.php?/Knowledgebase/Article/View/18/9/where-can-i-find-the-c2758-quick-start-guide, on page 7 states "One year of pfSense Certified software updates and bug fixes
One year of Netgate’s pfSense Certified premium add-ons for pfSense 2.1"Which in my mind at least, tells me there is feature based pricing.. At least in that there is a renewal for whatever 'premium add-ons' are included. Shouldn't mention of this appear in the fine print of the product page?
Also, since I'm bound to be starting a mess here, can clarification be added on Netgate/ESF for these purchase? The documentation clearly states in numerous places, that this is a Netgate firewall, yet, that is left off the pfSense page, leading one to believe this is an ESF product. This seems deceptive.
I understand Netgate is now a majority? share holder of ESF, but ESF != Netgate and Netgate != ESF. It seems you have two separate companies by design, yet you are merging the two or using them like they are one.
Who's collecting the money from this purchase directly? ESF? or Netgate?
Is ESF directly reselling Netgate equipment (Netgate is a supplier)? or am I buying Netgate directly, who then in turn makes a donation to ESF? Who's responsible for the warranty?
I am probably not the only one wondering about this last set of questions, and I don't mean to be creating problems, I'd just like clarity. If I decide to buy one of these, I'd like to know who is it truly benefiting from the purchase.
-
@gonzopancho:
And the lower-end, Sonicwall does limit the number of nodes behind the firewall (that use the firewall).
http://help.mysonicwall.com/sw/eng/305/ui2/23100/System/Licenses.htmWow. The more I learn about just how bad they are the more I don't understand how the company has been in business for so long. The day I retired the Sonicwall was one of the happiest days of my life (at least that's how I remember it).
Like I said, I don't believe anything they say about Sonicwall devices. My experience and reading user forums has taught me that they never perform anywhere even close to what the specs say, and unless you're doing just basic firewalling from LAN to WAN they don't ever actually work as expected either.
-
Isn't The C2758 Product page @ http://store.pfsense.org/c2758/ Misleading?!?!?!
It clearly states "No additional usage or feature based pricing. Unlimited users, firewall rules, VPN connections, etc."
However, the Quick Start Guide @ http://support.netgate.com/index.php?/Knowledgebase/Article/View/18/9/where-can-i-find-the-c2758-quick-start-guide, on page 7 states "One year of pfSense Certified software updates and bug fixes
One year of Netgate’s pfSense Certified premium add-ons for pfSense 2.1"Obviously there is some editing to do.
Which in my mind at least, tells me there is feature based pricing.. At least in that there is a renewal for whatever 'premium add-ons' are included. Shouldn't mention of this appear in the fine print of the product page?
See above.
Also, since I'm bound to be starting a mess here, can clarification be added on Netgate/ESF for these purchase? The documentation clearly states in numerous places, that this is a Netgate firewall, yet, that is left off the pfSense page, leading one to believe this is an ESF product. This seems deceptive.
I understand Netgate is now a majority? share holder of ESF, but ESF != Netgate and Netgate != ESF. It seems you have two separate companies by design, yet you are merging the two or using them like they are one.
Your "understanding" is flawed. Netgate is not a majority shareholder of ESF, but the principals of Netgate are the majority shareholders of ESF.
You are correct when you state "ESF != Netgate and Netgate != ESF". That said, the two companies are co-located in the same office space, and I tend to use what people and resources are available for the tasks at-hand.
Who's collecting the money from this purchase directly? ESF? or Netgate?
Is ESF directly reselling Netgate equipment (Netgate is a supplier)? or am I buying Netgate directly, who then in turn makes a donation to ESF? Who's responsible for the warranty?
In answer to both of your questions: Which store did you buy it from? There is your answer.
I am probably not the only one wondering about this last set of questions, and I don't mean to be creating problems, I'd just like clarity. If I decide to buy one of these, I'd like to know who is it truly benefiting from the purchase.
-
@gonzopancho:
I'm not sure what they mean by "connections / sec".
No, seems odd for a firewall.
Perhaps the nearest thing might be state table inserts per second? Or maybe state table searches per second?
See this thread for some big numbers:
https://forum.pfsense.org/index.php?topic=72810.0Steve