Netgate XG-1541 vs Ubiquiti USG Pro 4

  • I'm running into issues with my USG Pro 4 rebooting under high throughput. Just got 1Gb fiber internet and whenever doing a lot of traffic it just reboots. So, we're starting to look at upgrading the gateway hardware. We've had no issues with the 48port Ubiquiti switches, so we'd be keeping those.

    I've got a medium sized office with around 100 users right now, but about 400 active connected clients and growing. Active connections are somewhere around 40k at any given moment.

    I'm looking at the XG-1541 but it's maximum VPN throughput isn't listed anywhere. I'd like to have at least 500Mbps VPN throughput using L2TP. One of the main thing I'd use this for is a Site-to-Site VPN into an AWS VPC.

    Also don't see any information on how many clients can be connected over VPN at any given time. What I'd like to know:

    • 1 Gbps WAN throughput?
    • Minimum 500 Mbps VPN throughput?
    • Client level network monitoring and reporting?

    I'm not too interested in using any firewall features, more interested in just getting a gateway appliance that can handle 1Gbps and VPN traffic, with some nice monitoring and reporting built in.

    Also considering the Meraki MX 100 or MX 250.

    Does anyone know these answers?


  • Don't do VPN on the same box that's doing your routing/firewall with those speeds. Keep the USG Pro and move the VPN to a pfSense instance. pfSense in a VM is great for running additional services like VPN on.

    OpenVPN is single threaded so single thread performance is key - a good list to go CPU shopping from:

    500 Mbps on a VPN is a pretty tough nut to crack - you may not be able to do it within a VPN - may require dedicated box without virtualization. I thought I had an article that talked about maximizing performance with OpenVPN; if I can find it in my bookmarks I'll try to remember to post it too.

  • Netgate Administrator

    @internaught said in Netgate XG-1541 vs Ubiquiti USG Pro 4:

    I'd like to have at least 500Mbps VPN throughput using L2TP

    I assume the OP means IPSec/L2TP here. Either way it's probably going to give trouble.


Log in to reply