Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    onboard/discreet LAN/WAN interfaces

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 2 Posters 584 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      jc1976
      last edited by

      Is there an ideal setup between onboard and discreet interface assignments between the LAN/WAN nics?

      Meaning; is it better to have the onboard intel nic for the LAN interface with the discreet (and usually more powerful) nic (intel as well for this example) on the WAN, or vice versa?

      I always figured that for throughput, it's better to put the discreet nic on the WAN side because it's far more powerful than the onboard (intel as well) nic.

      It's not that i'm splitting hairs, I'm just trying to learn the 'guts' of pfsense and how it processes, thinking that the incoming data streams come through on the discreet card where it goes straight to the cpu, gets processed/inspected/etc.. then sent on its way to the LAN.

      thoughts?

      And as always, THANKS!

      1 Reply Last reply Reply Quote 0
      • stephenw10S Offline
        stephenw10 Netgate Administrator
        last edited by

        If both NICs are Intel there's probably not much in it.

        Both are probably PCIe devices with similar or identical connectivity.

        You might one supports more queues which means it can distribute load across more CPU cores. If so you probably want that on LAN as the LAN side bandwidth is usually higher. Potentially at least if you have multiple internal subnets and are routing between them.

        Steve

        J 1 Reply Last reply Reply Quote 0
        • J Offline
          jc1976 @stephenw10
          last edited by

          @stephenw10 I'm not doing any routing, just looking to maximize throughput and maximize the cpus availability for processing the data streams.

          My scenario assumes that the firewall itself is doing just that, firewalling and anomaly scanning for protection, and handling vpn's, nothing else. all routing and ip addressing is handled by another router and dhcp server. This way, if the firewall ever quits on me, i may lose my internet connectivity, however i don't lose my network.

          1 Reply Last reply Reply Quote 0
          • stephenw10S Offline
            stephenw10 Netgate Administrator
            last edited by

            I assume you mean you're not doing any internal routing but are still routing between WAN and LAN? Otherwise you would have to be bridging WAN and LAN.

            Either way in that setup both WAN and LAN are carrying the same traffic so it really doesn't matter which way you assign the NICs.

            Steve

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.