pfSense on QNAP NAS



  • I'm thinking of buying a QNAP NAS and would like to run pfSense on it (want to reduce the number of devices on my network rack). As everyone knows, Netgate just released pfSense for use on certain QNAP models through its "Virtualization Station" app. Although it's only been out a week, I was wondering if anyone's had a chance to look at it. I'm new to QNAP (as well as pfSense) and I'm wondering how involved it would be to set up. From what I've read, it seems pretty straightforward, but reality is often different. 😏

    Also, since this runs on a VM, which has it's own overhead, I'm wondering how much processing power the NAS will need to run pfSense with basic security services (like Snort, pfBlocker, OpenVPN, LightSquid), as well as all the storage duties, without throttling my 100/10Mbps bandwidth. The NAS models I'm considering are TS-473 (AMD RX-421ND cpu, 4635 passmark) and TS-677 (AMD Ryzen 5-1600, 12298 passmark). The TS-473 is less than half the cost, so I would prefer it if it can handle this.

    Thanks for any feedback. I hope this is a reasonable thing to try.



  • Hello there,

    I recently started putting the pfsense on the ts-677. With basic configuration as provided by QNAP installation guide. I was able to get 940 Mbps and 7 Mbps despite the fact that I have 1Gbit both ways internet. I need to do more testing. But it looks promising. In addition, there are other threads on here that are related to this topic. Hope this will help you.

    https://forum.netgate.com/topic/95439/virtualized-pfsense-on-qnap-nas



  • @brother_scud said in pfSense on QNAP NAS:

    Hello there,

    I recently started putting the pfsense on the ts-677. With basic configuration as provided by QNAP installation guide. I was able to get 940 Mbps and 7 Mbps despite the fact that I have 1Gbit both ways internet. I need to do more testing. But it looks promising. In addition, there are other threads on here that are related to this topic. Hope this will help you.

    https://forum.netgate.com/topic/95439/virtualized-pfsense-on-qnap-nas

    Thanks so much for the feedback. It's the sort of information I've been looking for. If you don't mind me asking, are you running just the firewall, or do you have other packages (like Snort, SquidGuard, etc) going as well? I ask because I know these other packages (Snort in particular) can consume a lot of processing power and really throttle the throughput. It can be up to an order of magnitude based on specs sheets I've seen from other security vendors.

    Also, any idea why your upload is so low?

    Thanks again for the feedback. It is indeed sounding promising!



  • Hey there,

    after trying out for couple days, I couldnt figure out what was the issue. Looks like I need to contact the Qnap support for their opinions on AMD machine despite disabling the hardware checksum. Other wise Im going to try other firewall softwares out there.

    And no, Im just testing with basic configurations if it can get me the speeds then I would do the next steps. I am quite new to pfsense.

    if I have any updates in the future, I ll post good news here :)



  • @pmk3
    Hey there,
    Update: I was able to get the full speeds up perfectly with QNAP's pre-image and the NAS did not struggled at all. Very happy with the performance. Which program do you recommend me first to try? Or the most CPU intensive..

    In Nerd mode: The issue was one of the 4 adapters were strangely acting up.

    So far really happy with the equipment.

    cheers



  • @brother_scud said in pfSense on QNAP NAS:

    @pmk3
    Hey there,
    Update: I was able to get the full speeds up perfectly with QNAP's pre-image and the NAS did not struggled at all. Very happy with the performance. Which program do you recommend me first to try? Or the most CPU intensive..

    In Nerd mode: The issue was one of the 4 adapters were strangely acting up.

    So far really happy with the equipment.

    cheers

    Thanks for the update! Happy to hear you got it working.

    In terms of packages, I've read that Snort (intrusion detection and prevention system) can be quite cpu intensive. Other packages that interest me are pfBlockNG (for blocking incoming and outgoing traffic based on IP address or domain name), and SquidGuard (URL filter and redirector). I don't know if there are packages for spam or virus filtering, but those would be worth checking out as well. I know the throughput can drop dramatically (up to 10x) when you start running other services, so I'll be interested in hearing how it does.

    Thanks for checking it out!


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy