Anyone using A2SDI-8C+-HLN4F for pfSense with 1G bandwith with IDS? Thoughts?



  • Anyone's using A2SDI-8C+-HLN4F for pfSense with IDS turned on a 1gbps internet bandwith?
    What are your thoughts.?


  • Netgate Administrator

    That's a C3758 for reference. Any board using that is going to have very similar performance since it's an SoC.

    There are a lot of variables with Snort/Suricata. I would expect it to pass 1Gbps with a basic setup but Snort can eat a lot of resources with all the options set.
    I have never tested that CPU/board myself though.

    Steve



  • @stephenw10 said in Anyone using A2SDI-8C+-HLN4F for pfSense with 1G bandwith with IDS? Thoughts?:

    That's a C3758 for reference. Any board using that is going to have very similar performance since it's an SoC.

    There are a lot of variables with Snort/Suricata. I would expect it to pass 1Gbps with a basic setup but Snort can eat a lot of resources with all the options set.
    I have never tested that CPU/board myself though.

    Steve

    Thanks for your replies Steve. But doesnt XG-7100 1U use one of the similar CPU's (at 4 cores, while the one i listed is 8), and is touted to be one of the best Hardware Appliance for pfsense?


  • Netgate Administrator

    Yes, it is a C3K CPU (C3558) but not that exact one and not that board. But even if it was, as I said, Snort/Suricata can have very different throughputs depending how they're configured.

    Steve



  • You can use suricata other than snort for 1gbps throughput IDS. There are no GUI setting method in current pfSense for snort to fork multi processes to monitor an interface. (200mbps per snort process from Security Onion and other snort documents.)
    From the information of a reddit post, XG-7100 is sure can make 1gbps IDS with suricata.

    I have used suricata as IDS in a C3758 barebone and used iperf2 to test the throughput of an suricata monitored gigabit interface then got 946mbps on download.