Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Standard to Measure Throughput

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 3 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      awsiemieniec
      last edited by

      I often read about various products throughput and then want to compare them to a pfSense unit.  Since pfSense, aside from the hardware purchased from pfSense.org, runs on all sorts of old or new hardware, there aren't any stats that say what the firewall is rated for (throughput).  How do I apples:apples compare a pfSense unit with, say, a SonicWALL (http://www.sonicwall.com/us/en/products/TZ-Series.html#tab=comparea)

      How do I measure various throughput/performance counters of a pfSense firewall?

      Thanks

      1 Reply Last reply Reply Quote 0
      • M
        MindfulCoyote
        last edited by

        IMHO best way to answer that question is to choose comparable hardware from one of the pfSense recommended hardware vendors (https://www.pfsense.org/hardware/#vendors) to line up with your Sonicwall list.

        Sonicwall is a linux kernel and pfSense is FreeBSD. Put on identical hardware they will probably do pretty much identical things.  I personally chose pfSense because it's $99/year for unlimited features, unlimited users, unlimited installs, well, unlimited everything (you get the idea),  and I get to choose the hardware. The only user limit in pfSense is based on the hardware you choose to install it on. With Sonicwall (and Cisco and others) the user limits are arbitrary numbers chosen by accountants to eke as much profit out of each sale as possible.  When you do your comparison don't forget to add in "per user licensing" to the final cost.

        Also: https://www.google.com/search?q=pfsense+on+sonicwall&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a&channel=sb#channel=sb&q=pfsense+vs.+sonicwall+site:forum.pfsense.org&rls=org.mozilla:en-US:official

        Err

        –
        Erreu Gedmon

        Firewalls are hard...
        but the book makes it easier: https://portal.pfsense.org/book/

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          The numbers you see on the forum are often just the maximum download speeds through the box as seen from a client behind it. A single http conection. Sometimes they are a result from a speedtest website which might be 3-3 TCP connections. Some people who have gone to some trouble might post a result from an iperf test using a server and client on each side of the box on test. Even that is often not directly comparible because the iperf server/client do not always have the same default settings. It is also not a real world test and doesn't help guage Snort or Squid perfomance
          The numbers you see given for commercial 'hardware' firewalls are usually from a test that has been tweaked to give the highest possible numbers for better marketing value. Usually a sum of many connections through ther box at large TCP window sizes.

          It's hard to compare anything directly.  ;)

          Steve

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.