This this overkill for PFSense?
-
So I want some opinions if this is overkill. I brought home a computer that we were going to destroy at work as it was just too old. It’s an i3-4150 With 16 gigs of RAM and a 120gb intel 330 series SSD. I have Comcast one gig down 40 mb up and the built in Realtek and the PCI-e Realtek cards were only getting 330mb to the FW. Found an article about slow performance with realtek cards. I won an Intel X550 10gb dual card at a vendor show that I have not used. I installed it and now I get full gig speed down. My question is…..is this massive overkill? I have snort, DHCP, DNS, and OPENVPN running on it. Just thinking that maybe I can use a lower performance system and get the same amazing performance that this one gets. Power is not an issue as this running off a solar system with battery power.
FYI : I am using AES for crypto
Intel(R) Core(TM) i3-4150 CPU @ 3.50GHz
4 CPUs: 1 package(s) x 2 core(s) x 2 hardware threads
AES-NI CPU Crypto: Yes (active)
QAT Crypto: No
Hardware crypto AES-CBC,AES-CCM,AES-GCM,AES-ICM,AES-XTS
Thank you in advance for any and all help!
-
@alpine7513 Maybe but if it works... :) Do you have System/Advanced/Miscellaneous -> PowerD enabled? I'm guessing not from your copy/paste since there should be a line for the CPU frequency. We have one older PC on 2.6 that is just fine left at "hiadaptive." (note the dashboard will use CPU time for all its updates, so the real usage is likely less than shown)
-
No its not.
-
Intel(R) Core(TM) i3-4150 CPU @ 3.50GHz
For ~500 MBit/s you should have a 2,0GHz CPU and yours
is pretty much over (3,5GHz) so this is well for 1 GBit/s.question is…..is this massive overkill?
Never, it all depends on how many packets you were installing and what you are doing with it! Also how many
snort rules and/or pfBlocker-NG lists you will be loading might be a huge difference to a "normal" usage.I have snort, DHCP, DNS, and OPENVPN
If later perhaps some packets comes on top and also some rules more for snort you may be lucky about the 16GB.
-
This runs Suricata and pfB with a shitload of rules both on WAN, LAN and DMZ.
So 16GB is more than enough.
-
This runs Suricata and pfB with a shitload of rules both
on WAN, LAN and DMZ.Cool! I would wisch the data were from mine! I have installed
- pfBlocker-NG
- SquidGuard
- ClamAV
- Squid
- Snort
I get with a tuned AMD CPU something between 30 - 50 %
CPU load and from 4 GB 50 % - 90 % sometimes more sometimes less are in usage and 10 % - 50 % from 4 GB
swap are normally in usage. So you know a 3,5GHz CPU
and 16 GB is not really overkill it from my point of view
running a fully UTM better then good to own! -
I would say 16G is probably not necessary there but the CPU is probably in the ball-park for 1G throughput with a bunch of packages.
That CPU socket gives you a lot of options too. Not the most power efficient device though.Steve
