SG-2220 or SG-2440

cplmayo

@Phishfry:

Yea but the C2338 offers no "Quick Assist" and the C2358 does.
So if that gets implemented as planned they those numbers should increase.

I didn't realize that quick assist wasn't a feature on the SG-2220. I was leaning towards it after looking at the performance numbers but now knowing that I don't think it will be an option because with VPN performance being such a huge part of my setup that is a feature that I will want to have in the future if it is implemented.

Guest

I thought I would throw that factoid out there.
The way it looks to me the Intel implementation in Linux uses a binary blob and that might not pass muster in FreeBSD. So it may not be an advantage except with Linux.. I can not speak much about the topic as I am not familiar with it.

Regardless I like seeing hard numbers that GonzoP posted on Reddit.

Guest

Looking further it looks like it is being worked on:

https://blog.pfsense.org/?p=1626

Guest

Discussion of the issues..

http://openbsd-archive.7691.n7.nabble.com/vpn-performance-C2750-vs-C2758-td264741.html

cplmayo

After reading the pfSense road map I have been drooling over the features they are adding. A lot of what they are trying to implement will make significant improvement in performance.

Quick Assist may not be implemented yet but with the prospect of it coming the future I will have to have it as a feature. Especially with VPN being such a important part of my gateway.

Guest

I could be wrong on Quick Assist as I am going by the Intel Ark page for the CPU features.

It would not be uncommon to have the bottom rung on the cpu ladder to be missing a feature.

Guest

@cplmayo

Go and save a little bit more money and go for the SG-2440 unit.
It comes with AES-NI and Intel QuickAssist and let you expand the whole box for mSATA and WiFi
or a modem & SIM card if at some days needed. If Intel QuickAssist is going in to the pfSense code
I would really say the first year all customers of an SG-xxxx units will be benefit from this feature
at first before all others would be able to see it in the wild and so it might be a really hint to go with
one of this boxes.

Especially with VPN being such a important part of my gateway.

If so, please take the time to set up a IPSec VPN and now at the time you will be benefit
from the AES-NI feature mostly!!! You can high up the number of the throughput to 4x
or 5x as without using AES-NI. since version 2.2.5 this will work for everybody!

Mostly it all is pending on the used services, installed packages, the WAN and VPN speed
if you are going to set up a fully UTM device and need something around ~500 MBit/s of
VPN throughput also the SG-4860 could be a really challenge for you.

cplmayo

@BlueKobold:

@cplmayo

Go and save a little bit more money and go for the SG-2440 unit.
It comes with AES-NI and Intel QuickAssist and let you expand the whole box for mSATA and WiFi
or a modem & SIM card if at some days needed. If Intel QuickAssist is going in to the pfSense code
I would really say the first year all customers of an SG-xxxx units will be benefit from this feature
at first before all others would be able to see it in the wild and so it might be a really hint to go with
one of this boxes.

Especially with VPN being such a important part of my gateway.

If so, please take the time to set up a IPSec VPN and now at the time you will be benefit
from the AES-NI feature mostly!!! You can high up the number of the throughput to 4x
or 5x as without using AES-NI. since version 2.2.5 this will work for everybody!

Mostly it all is pending on the used services, installed packages, the WAN and VPN speed
if you are going to set up a fully UTM device and need something around ~500 MBit/s of
VPN throughput also the SG-4860 could be a really challenge for you.

Right now I'm running a self built box with a Supermicro Rangeley C2558 CPU that is pure overkill; AES-NI is awesome from what I have seen. However I have a ESXi box that is build on super old, P4 era Xeon, dual CPU system. Due to the power draw from this box I want to use a pfSense Appliance to support the cause and migrate my C2558 system to VM duties, it is only four cores but that should be plenty for what I use my vms for.

Guest

I want a box that can handle 1Gbps so that I have some headroom if my WAN gets upgraded.

The first SG-xxx unit that is named to handle right the 1 GBit/s at the WAN interface and route it, is the SG-2440
unit. And for sure it will be the best option for you as I see it right now. (Only my opinion)

Right now I'm running a self built box with a Supermicro Rangeley C2558 CPU that is pure overkill;

It is more to compare with the SG-4860 and that is capable to run pfSense firewall, Snort, pfBlocker-NG and route
also 1 GBit/s at the WAN interface, but IPSec with nearly ~500 MBit/s on top of this too!!!

AES-NI is awesome from what I have seen.

But please accept that the OpenVPN you want to use, is not taking any advantage from the presents of AES-NI!
Only IPSec is at the moment benefit from this AES-NI CPU or SoC registers, but then well. It is speeding up the
entire IPSec throughput up to x4 or in good conditions up to x5 of the normal throughput.

Due to the power draw from this box I want to use a pfSense Appliance to support the cause and migrate my C2558 system to VM duties, it is only four cores but that should be plenty for what I use my vms for.

Good luck and well success.

wayner92

I am in the same boat as I am looking for a new router/firewall that could support a Gbps internet connection.  I currently have Rogers cable's 250 service which actually measure out at 320 Mbps.  Soon Rogers will be offering 1Gbps in all of my city.

I really don't need a lot of ports as I have a 24 port switch in my house.  I also don't need wifi as I have a few Ubiquiti Unifi WAPs in my house.

The gateway supplied by Rogers is a Hitron 32x8 DOCSIS 3.0 device.  It normally acts as both router and modem but can be put in Bridge mode to only act as a modem.  But the router function of this device sucks - or at least I am pretty sure it will if it is similar to other Hitron devices that Rogers has deployed.

But I want something that can support gigabit internet.  I will be using Open VPN on it and doing some port forwarding but nothing else that is too fancy.

I have started playing around with pfSense on an older PC with two NICs so I am considering this option or getting a 2220 or 2440.

Guest

I have started playing around with pfSense on an older PC with two NICs so I am considering this option or getting a 2220 or 2440.

The SG-2220 will not handle 1 GBit/s at the WAB interface as I see it right. And the PPPoE connection is
only using one CPU core at the moment to handle the WAN speed. But if you don´t need the PPPoE part
you will be really surprised.

Techtrends

This post is deleted!