SG-1100 vs. running pfSense as virtual machine on a QNAP NAS



  • I am using pfSense in a virtual machine on a QNAP NAS since more than a year. After a steep learning curve (I am in no way a network expert), I have a reliable setup with various packages/services enabled (DHCP, unbdound, DynDNS, openVPN server and multiple client connections, suricata, pfBlockerNG). It serves my needs perfectly and never let me down so far.

    Now I am thinking of replacing the pfSense-VM with the SG-1100 for various reasons (especially: I want to shut down/suspend the NAS in times I do not need it but that would cut off my internet, too). I have the following questions:

    1. My VM has 4GB RAM assigned. Since pfSense usually uses only around 10% of it, the 1 GB RAM of the SG-1100 should be sufficient even with various services enabled, right? Anyone ran into "insufficient RAM-problems" with the SG-1100 before?

    2. Can I expect a performance improvement ("faster internet") when switching from a pfSense-VM in a NAS to the SG-1100? I would expect so since, I assume, the whole "NAS-VM-Setup" should slow things down considerably, right?

    3. On the product page, netgate states that the product is not POE compatible. As far as I understand it, that has nothing to do with pppoe, right? I plan to connect the SG-1100 WAN to my cable internet and set up my pppoe-login in pfSense. That workds, right?

    4. I have read that few of the SG-1100 frequently reboot due to a problem with power supply. I understand that the issue is identified and being resolved. If I order (from netgate's german premium reseller) now, can I assume to receive a unit where the problem has already been resolved?

    5. Anything else I should consider when it comes to replacing my "pfSense-VM-setup"; anything on pfSense that does not work with "real hardware" as it does with a virtual machine?

    Thanks for your answers.


  • Netgate Administrator

    What's your connection speed? What throughput do you need?

    Packages like pfBlocker and Suricata can consume a lot of RAM if you load up loads of lists/signatures. On the SG-1100 you have to be aware of that. It looks like your usage is not too much though.

    PPPoE is unrelated to PoE.

    Steve



  • Internet is provided by my landlord. If I do a speed test on the WAN interface, the result is around 87.4 Mbps down / 40.6 Mbps upload. Of course, the speed drops drastically on the VPN client interfaces.

    I understand that pfBlocker and Suricata can take up a lot of ram. However, since my VM now always uses around 10% of the allocated 4GB RAM and I do not plan to load more lists on the SG-1100: can I expect a similar behaviour (or will the SG1100 use more RAM than pfSense in a VM)?

    Thanks


  • Netgate Administrator

    RAM usage should be similar but you would have to be aware of it more.

    Neither of those setups should really restrict OpenVPN speeds when the WAN is less than 100Mbps. At least not in processing ability. The link latency and speed of the provider obviously can.

    Steve



  • I would frankly stay with the VM. Does the QNAP have the ability to let the drives sleep? Probably just me, but I'd be wary of power-managing any RAID system, but I guess if the OS allows it... But if you really want the SG-1100 hardware, you may want to wait until the forum-reported hardware issues are fully resolved (and maybe they have been).



  • @provels said in SG-1100 vs. running pfSense as virtual machine on a QNAP NAS:

    I would frankly stay with the VM. Does the QNAP have the ability to let the drives sleep? Probably just me, but I'd be wary of power-managing any RAID system, but I guess if the OS allows it... But if you really want the SG-1100 hardware, you may want to wait until the forum-reported hardware issues are fully resolved (and maybe they have been).

    Valid point. The OS provides an energy-saving scheme that allows putting the NAS to sleep for a period of time so I assume that it works and causes no problems upon waking up (never tried it so far). However, you are probably right that it might not be the best idea for the RAID.

    For the time being, I'll just limit the VM to the SG-1100 specs (especially to 1GB RAM) and see how that works out in terms of performance before thinking any further.

    Thanks for your answers.



  • @richtemark "Parts left out cost nothing and create no service problems" ~ Bunkie Knudsen, Chevrolet General Manager - 1961


Log in to reply