Speed question
-
Hi there
I am considering buying a Netgate and other new equipment so my setup will end up in the lines of: fiber modem -> Netgate -> switch -> AP and wired connections.
However, I am pretty new to PFsense, and the listed speeds in the hardware comparison chart does not make complete sense to me (like iPerf3 vs IMIX, what this is in practical use) , and I see some forum post with users reporting other speeds.I have a gigabit connection (1000/1000) that I would like to take full advantage off. My other requirement is that I would like to split my secure (private) and unsecure devices (IoT, e.g., robot vacuum cleaners) so the unsecure network cannot access the private.
My use cases are basically: just playing online (Steam, Epic and so on), streaming, sending large video files to clients, let the family browse/YouTube etc., and allowing a connection for those smart home devices I have not yet made independent of internet connection. So fairly regular.That is pretty much it. So, to avoid complete overkill, or buying to weak, which Netgate would you recommend?
-
In my opinion, for gigabit symmetric like you say you've got, you need at least the SG-3100. If it were me, and I had the funds, I would splurge and get the SG-5100. That's a great box.
Or, if you are considering not getting Netgate hardware, the 4-6 port Protectli Vault boxes with the i5 processor, or the Atom 3845 processor can support an internet connection like that. You won't get true 1Gb up and down, you'll get something like 940Mb up and down.
-
@akuma1x Thanks, good to know what to expect. I will look into local price for 5100, and maybe give the Protectli and atom a look.
-
@spaziba Just to be clear, the Protectli Vault boxes come with both Intel dual and quad core i5 and i7 processor options, as well as dual core Celeron and quad core Intel Atom processor options. Be careful to select one that has Intel network chips, not Realtek.
All of them are on Amazon, if that's a shopping option for you.
-
@akuma1x Great, thank you for the clarification.
Perhaps an odd question, but what is the limiting factor in terms of speeds? I understand VPN will give significant impact or running other advanced stuff. But do the firewall rules have any effect, and vlan splitting?
-
@spaziba said in Speed question:
iPerf3 vs IMIX, what this is in practical use
See https://www.netgate.com/blog/choosing-the-right-netgate-appliance.html.
"What is IMIX? Internet Mix (IMIX) is a mix of packet sizes used to emulate real-world traffic conditions experienced by network equipment - like routers, switches and firewalls - in traffic tests. The Simple IMIX is seven 40 byte packets, four 576 byte packets, and one 1500 byte packet. So how should it factor into a firewall or router purchase decision? That depends..."
Firewall rules will have some effect but the table on https://www.netgate.com/products/appliances/ is for 10000 ACLs so how many rules will you have?
The VPN has the most effect on speed because it uses the CPU and the smaller devices are ARM and not that powerful. VLAN should just be normal routing and I would think that wouldn't have much impact. I'd say IDS is in between.
re: SG-3100, I hate to say it but if you're intending to run packages I'd avoid the 3100 for now as there are issues with PHP crashing in Snort/Suricata and pfBlocker. (see various other threads) Hopefully they'll get that sorted out soon.
-
@teamits Oh I see, makes somewhat more sense at the moment. Ha ha okay I do not think I will end up at 10000. Is the train-of-though 1) Block everything, 2) Allow what is needed, completely off? Otherwise, I think follow Lawrence Systems guides,
Ah, cool. Of course, that leaves the problem that when I get into it and suddenly realize I simply cannot live without IDS etc.
Gotcha on the 3100 - that's too bad.