Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Setting up pfSense with multi wan and gigabit

    Hardware
    snort multi-wan gigabit
    2
    4
    1.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mdahal
      last edited by

      Hello everyone,

      I am in the process of starting a new business of providing offsite backup storage and computing. Since it is in its infancy and only have 3 clients so far. This is all going to be hosted in my homelab.

      The plan is to have 2 X 1000Mbps down 400Mbps up connection from two isp. However I only have 2 X 250Mbps down and 100Mbps up currwntly. One will be for my home use and another for business with home connection being backup for business.

      Also, being a startup unable to purchase any netgate hardware at this stage but plan to do down the road.

      I will be using the parts I already have to build the firewall and use saved cash for buying storage hardware.

      Hardware, I have is cpu i5-4690. Intel quad port nic and supermicro 1150 motherboard wiith two nics built in and 16gb memory.

      The usage would be 3 site to site vpn(clients connecting to me) using openvpn. Package to include will be snort(As many rules enabled as possible), pfblockerng and ntopng.

      My question is will this be able to handle at a minimum my current bandwith ? And 2gbps in future. The current N3700(Supermicro SYS-E200-9B Mini-ITX 1U Server with Intel Pentium Processor N3700 SoC) I have struggles when snort enabled and pushed through single 250 X 100 Mbps. Eventually I will purchase some dedicated hardware with failover.

      Appreciate your feedback.

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        It surprises me that an N3700 would have a problem passing 250Mbps with Snort. Unless maybe you have every single Snort signature enabled and a CPU intensive patter match algorithm. Or perhaps it is not running at it's turbo mode, stuck at 1.6GHz.

        The 4690 should be OK for the 2Gbps but not with OpenVPN traffic. I would expect it to fill 2x 250Mbps encrypted though.
        You may need to tune your Snort settings if what you're running is affecting the 3700.

        Steve

        1 Reply Last reply Reply Quote 0
        • M
          mdahal
          last edited by

          Thank you for your respose Steve.

          Just double checking now. I have search method as AC-BNFA. IPS policy as balanced. Auto flowbit rules enabled and open appid rules enabled. I have selectively whitelisted over time. I have 4 interfaces WAN,LAN,DMZ,WIFI

          Furthermore, for my planned use case what sort of computing power I am looking at ? In terms of netgate hardware or generic cpu would be much appreciated.

          Cheers,

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            The biggest factor there is how much of that traffic will be over OpenVPN. If the majority of it is and you want to get anywhere near 2Gbps you're going to need the fastest CPU you can get hold of. Each OpenVPN process is single threaded so less cores at higher speeds wins here if you have only a few tunnels.

            Steve

            1 Reply Last reply Reply Quote 1
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.