For those looking for hardware that will push 1Gb



  • I just got this:

    $245+shipping for $278 total

    QOTOM-Q355G4 Factory Price Pfsense Firewall Router Fanless
    CPU:Intel Core i5-5250U Processor (3M Cache, up to 2.7 GHz, Broadwell)
    Configuration:8G Kingston RAM, 30G Intel SSD,NO WIFI
    Main Port: HD Video Port, 4 Gigabit LAN, 2 USB2.0, 2 USB3.0, COM, SIM card slot

    I have AT&T Gigapower 1Gb internet

    Attached is my speedtest after replacing my hardware with this Qotom.  Previously my firewall cpu would peg at around 450Mb/s

    I know it's not a full gigabit bandwidth but it's on par with what I was getting straight from the ISP Gateway so I am happy with it



  • I have been testing tonight and also want to mention that I am now getting 80Mb/s throughput over my openvpn connection. :)



  • I think the speed score 946Mbps is pretty good for a laptop i5 cpu(cpu benchmark 3xxx). A desktop cpu i3-7320(benchmark 6xxx) with IDS/IPS got 940Mbps in other post of this board(https://forum.pfsense.org/index.php?topic=123801.0)

    Through searching "pfSense 1Gbps WAN" in this forum, I found hardware board's record is 980Mbps(I cannot find a picture to show it, only texts).


  • Banned

    Very nice, I'm glad you got something that works for you!

    How's the CPU load when you're sustaining that throughput?

    Was that 80MBps VPN or 800Mbps?



  • Dear authenticx, will you do a IPv6 speed test through your ISP's speedtest website?

    I am using a 100Mbps cable internet service at home and in the ISP's speed test, IPv4 gets 96Mbps/5-6Mbps and IPv6 gets over 120Mbps usually. IPv6 speed may be much faster than IPv4 in this case. Of cause for security reason, I disabled IPv6 after these tests.


  • Banned

    @newabc:

    Of cause for security reason, I disabled IPv6 after these tests.

    whats wrong with security in ipv6?



  • IPv6 make every piece of equipment own an individual ip(v6) address to the internet world which make the computer face the internet directly. But any computer without any top security enhancement(firewall, anti-virus, and so on) is danger to face the internet directly.

    At home, in IPv4 stack, the computer can use private IP only and behind the NAT router/firewall. Then the security level of the computer itself can be lower.



  • IPv6 make every piece of equipment own an individual ip(v6) address to the internet world which make the computer face the internet directly. But any computer without any top security enhancement(firewall, anti-virus, and so on) is danger to face the internet directly.

    That is true, but together with Squid and SquidGuard as a proxy server between the Internet and the entire LAN
    the devices will be not really direct connected to the Internet. So it is based on what the admin is setting up for
    his users. And with IDS such Snort or Suricate is offering, the security gain of the entire network will grow once
    more again.

    At home, in IPv4 stack, the computer can use private IP only and behind the NAT router/firewall. Then the security level of the computer itself can be lower.

    For sure but together with other packets, perhaps not all available for pfSense, but in regular I mean it more now, such as
    TripWire, Fail2ban, DenyHost, or pfBlockerNG the security level would be able to set much high and higher, so IPv6 will be
    not really a problem. The more points you are putting in the entire security plan for your entire local network, let you getting
    more and more far away from the highest unsecured level!


  • Netgate

    @authenticx:

    I just got this:

    $245+shipping for $278 total

    QOTOM-Q355G4 Factory Price Pfsense Firewall Router Fanless
    CPU:Intel Core i5-5250U Processor (3M Cache, up to 2.7 GHz, Broadwell)
    Configuration:8G Kingston RAM, 30G Intel SSD,NO WIFI
    Main Port: HD Video Port, 4 Gigabit LAN, 2 USB2.0, 2 USB3.0, COM, SIM card slot

    I have AT&T Gigapower 1Gb internet

    Attached is my speedtest after replacing my hardware with this Qotom.  Previously my firewall cpu would peg at around 450Mb/s

    I know it's not a full gigabit bandwidth but it's on par with what I was getting straight from the ISP Gateway so I am happy with it

    1. that's NOT a "Pfsense Firewall Router".  Next time you post about someone violating our trademark  rules, I will permanently ban your account and IP.  This is your only warning.

    2. 942 gbps IS full gigabit.  Ethernet overhead is 7 bytes preamble + 1 byte Start of frame delimiter + 6 bytes MAC destination + 6 bytes MAC source + 2 bytes ethertype + 4 bytes frame check sequence (CRC) + 12 bytes Inter packet gap (time with nothing on the wire).

    7 + 1 + 6 + 6 + 2 + 4 + 12 = 38 bytes
    With a 1500 byte payload this is 1538 bytes sent for 1500 bytes of payload.
    IPv4 headers are 20 bytes (no IP options).
    TCP headers are 20 bytes (no TCP options).

    So you really send 1460 bytes of payload for 1538 bytes on the wire.

    1460/1538 = 0.9493

    So perfection is 949.3Mbps.

    A single 802.1q vlan header is another 4 bytes of overhead.

    Now you're sending 1542 bytes for 1460 bytes of payload.

    1460/1542 = 0.9468, or 946.8 Mbps.


  • Banned

    @jwt:

    1. that's NOT a "Pfsense Firewall Router".  Next time you post about someone violating our trademark  rules, I will permanently ban your account and IP.  This is your only warning.

    Seriously? You think he meant anything against pfSense? He isn't the one screwing you over, all of the online retailers that are violating your trademark rules are. This guy probably said that because…. that's what it says on the website he bought it from?

    You can't honestly think all (any) of your users and/or customers read through the details of your trademark rules?

    If you really think this guy is spamming on your forum then I imagine you would just ban without warning?

    So you just thought threatening your users for an honest mistake was a great idea...

    You took a great opportunity to inform your users (fans) that other companies are actively screwing you over (I didn't know this) and you turned it into making yourself look like the bad guy.

    Just so you know most people are here because we support your company.


  • Rebel Alliance Global Moderator

    jwt that did come off a bit harsh ;)

    Here
    LINK REMOVED

    It clearly says pfsense firewall router on it..

    you should prob go after these guys on amazon and other sites selling this hardware with pfsense installed on it.. The should just say pfsense installed, etc.

    2nd pic another example off amazon - that sure doesn't look like netgate/pfsense to me ;)

    BTW like your math on top gig speed ;)





  • Galactic Empire Netgate

    @pfBasic:

    @jwt:

    1. that's NOT a "Pfsense Firewall Router".  Next time you post about someone violating our trademark  rules, I will permanently ban your account and IP.  This is your only warning.

    Seriously? You think he meant anything against pfSense? He isn't the one screwing you over, all of the online retailers that are violating your trademark rules are. This guy probably said that because…. that's what it says on the website he bought it from?

    Yes, seriously. We are dealing with the 3rd party sellers of "pfSense routers" every day, it feels very wrong to have that happen on our own doorstep.

    You can't honestly think all (any) of your users and/or customers read through the details of your trademark rules?

    Its irrelevant if all users read it, it's our obligation to defend it.

    If you really think this guy is spamming on your forum then I imagine you would just ban without warning?

    So you just thought threatening your users for an honest mistake was a great idea…

    He did get a warning, not a threat as you claim.

    You took a great opportunity to inform your users (fans) that other companies are actively screwing you over (I didn't know this) and you turned it into making yourself look like the bad guy.

    How? I think you may be overreacting here.

    Just so you know most people are here because we support your company.

    You can't possibly think it's a good idea to bring in the argument "we support your company" in a thread that's violating the trademark of the same company?


  • Galactic Empire Netgate

    @johnpoz:

    jwt that did come off a bit harsh ;)

    Here
    LINK REMOVED

    It clearly says pfsense firewall router on it..

    you should prob go after these guys on amazon and other sites selling this hardware with pfsense installed on it.. The should just say pfsense installed, etc.

    2nd pic another example off amazon - that sure doesn't look like netgate/pfsense to me ;)

    BTW like your math on top gig speed ;)

    Its irrelevant what it says on the Amazon link, it's still violating our trademark. We are actively engaging many 3rd party sellers on Amazon, however there is many of them, so it takes a bit time. It shouldn't mention pfSense at all, not say "pfSense installed". As long as the 3rd party sellers are using our name and work to profit, it's against our trademark (which directly hurts the pfSense project).


  • Galactic Empire Netgate

    Thread locked because it's off topic.


Locked