Can Pfsense process 100k NATs at a time?
-
We have requirement to do 100k NATs. The traffic is originated from our private IP always.
We have currently configured 4K NATs and it is working fine. We are planning to have 100K NATs on pfsense.Will pfsense process 100K NATs at a time?Please clarify..... -
This is heavily dependent on the hardware you are running pfSense on.
Each state or translation entry will take approximately 1KB of RAM so as long as you have over ~100MB of RAM free after booting, this is theoretically possible.
How it will perform on the other hand will be a function mainly of your CPU processing power.
Can you share what hardware you are running pfSense on?
-
Each NAT'd connection will be two firewall states, one on LAN, one NAT'd on WAN so you would need double that. But 200K firewall states is not especially high. We have seen multiple millions of states before. The issue becomes servicing a state table that size which requires more CPU power as well as RAM to hold it.
Steve
-
Thanks for the clarifications @nkaminski and @stephenw10
