Could an SG-1000 handle this scenario?
-
I have a very small hosting network. I recently migrated away from Sonicwall to an SG-4860 and it rocks. The 4860 is way overkill to my pleasant surprise.
I have been keeping my old Sonicwalls on cold standby in case of emergency. Now that the pfSense appliance has been online for a few months and there are zero problems, I'd like to pull out the SonicWalls and put in another pfSense appliance as my cold standby.
(No interest in HA. A small amount of downtime is ok for my needs.)
Obviously, another 4860 or even a 3100 would be fine. In fact, I've pretty much settled on the 3100 and am excited about its release. But as an experiment:
Could a SG-1000 handle my traffic in case of emergency or during updates of the 4860? I think it might work!
My stats: I only push 10-15 mbps. I run OpenVPN but just for me and so only one VPN connection max, and it's usually off. I have a WAN, DMZ and a LAN, but the LAN is just for connecting to my switches and I don't need to have that interface active in an emergency. So in the SG-1000 scenario I would only need WAN/DMZ interfaces.
A typical 4860 load looks like this:
State table size
2% (16195/814000)
MBUF Usage
1% (10376/1000000)
Load average
0.12, 0.14, 0.10
CPU usage
3%
Memory usage
11% of 8143 MiB
SWAP usage
0% of 8191 MiB
Disk usage ( / )
16% of 20GiB - ufs
Disk usage ( /var/run )
3% of 3.4MiB - ufs in RAMAnyway, I have a feeling I need to get both a 3100 and 1000 and try it out. I'll use the 3100 as the permanent standby firewall, and I'll just have to have the SG-1000 for fun.
I'll follow up with results in a few weeks. I really want to try running the whole network on the SG-1000. If it fails miserably, it'll be in the name of science. The idea of being able to run what used to take up all that Sonicwall rackspace with a tiny SG-1000 is amazing to me.
Wish me luck!
-
If your not wanting to run all kinds of packages like snort,ntopng,squid, etc.. And just need to push your 10-15mbps then yeah the sg-1000 should more than handle that sort of setup.
Very interested in testing and experience with both the 3100 and 1000. Glad to hear your happy with the sg-4860 since I will be getting one soon.
-
snort,ntopng,squid, etc..
Good point about the packages. The stats I listed above are with ntop running. And I will turn that off for the sg-1000 scenario. Anyway, just ordered it so we'll see. I'll post back in a week or so.
-
Follow up on the SG-1000:
Overall, really interesting! Right now my hosting network is running off the SG-1000, and the experiment is so far successful. Lots of random notes:
-
As a firewall, it's working just fine. Traffic from is flowing normally.
-
OpenVPN runs just fine with my single connection.
-
My LAN interface is offline since the SG-1000 only has two interfaces. Restoring the config from the SG-4860 was straightforward and I was prompted to clean up the interface assignments. The restore process rocks, nice job from the pfSense team.
-
With VPN off, just acting as a firewall, CPU usage is 25-65%, so that's ok.
-
As soon as I start clicking around in the GUI, though, CPU pegs to 100% pretty quickly. So the single-core CPU on the SG-1000 shows.
-
As expected, limited horsepower means I don't think I should install ntop and I need to keep packages to a minimum.
-
The web interface is very slow compared to my SG-4860. Installing pfBlockerNG took a long time, close to an hour (that's the only package I installed, too.)
-
A single IPv4 block list (FireHOL) runs fine with pfBlockerNG. Reloading and processing the block list takes noticeably longer than my SG-4860: 30 seconds vs almost instantaneous
-
All other metrics seem fine: state table (23%), disk (26%), RAM (30-40% in use most of the time)
My conclusions:
In an emergency, I wouldn't hesitate to put the SG-1000 back online, and my initial results were good enough that I'm leaving it online for the moment to test heavier use during the day tomorrow before putting my SG-4860 back online as my primary. The CPU seems to be the bottleneck.If the SG-1000 handles tomorrow's traffic ok, I might not be in such a hurry to get an SG-3100. This little guy might end up being my cold standby firewall after all!
For such a low price, the SG-1000 seems quite capable and does exactly what it's designed to do. I can't help but wonder what a dual-core version of it would look like? I know I really shouldn't be pushing a production hosting network through such a low-powered device, but the fact that I CAN speaks volumes. Thumbs up!
-
-
"With VPN off, just acting as a firewall, CPU usage is 25-65%, so that's ok"
Where are you viewing this cpu usage? In the gui? Or via ssh/console and top? SNMP query?
-
Where are you viewing this cpu usage? In the gui? Or via ssh/console and top? SNMP query?
That was just CPU% in the gui, hadn't even tried ssh. However your question prompted me to enable ssh. So with the VPN on, logged out of the gui, pushing about 8mbps, running "top" via ssh shows 5 and 15 minute averages around .60. The first value, one minute load average, jumps all over the place, .2 to .98, up and down.
Logging into the GUI pops the load to over 2.0 for several minutes (!). It seems to settle down again (.70) if I close the dashboard and browse to another page like Rules. Clicking back to the Dashboard pops the load again - must be all the stats that page keeps collecting. Logging out of the GUI drops the load averages down again.
I should probably test latency, too, but my hosting network feels just as snappy based on my unscientific clicking and browsing around various sites. I'll record some numbers now to compare to the SG-4860 when I put it back online today or tomorrow.
-
The gui home page with all the widgets yes is a bit of cpu hog ;)
