PfSense processor



  • I am planning to upgrade my firewall to new hardware. I need nearly 250-300Mbit/s output. Snort using most processor time in my firewall. Can anyone tell me:
    1. What is more critical for pfsense (with snort): processor frequensy or cache? I.e. Pentium vs Celeron?
    2. Is there any differenсe between Intel and AMD?
    3. Intel D820 - is it equivalent for 2 one-core intel processors of the same frequensy in pfsense?
    Thanks.



  • First you should try to get a board with the fastest available pci bus with some good nics (intel preferred). Keep in mind that all traffic has to pass pci and cpu. As you want to run snort too make sure you have enough ram in there and also a good cpu (I wouldn't go with a celeron but that's more of a "feeling" rather than experience or benchmarks). Unfortunately I don't have the possibility to bench such systems under that load though I'm interested in the results. Please post back any findings if you do tests.



  • @hoba:

    First you should try to get a board with the fastest available pci bus with some good nics (intel preferred). Keep in mind that all traffic has to pass pci and cpu. As you want to run snort too make sure you have enough ram in there and also a good cpu (I wouldn't go with a celeron but that's more of a "feeling" rather than experience or benchmarks). Unfortunately I don't have the possibility to bench such systems under that load though I'm interested in the results. Please post back any findings if you do tests.

    Thanks, Hoba.
    There was 2 hardware platforms in my firewall.
    1. Celeron 400 slot 1 (m/b Abit bf6)/256Mb RAM/2Gb HDD Fujitsy/1xIntel pro/1000 desktop NIC on DMZ & 3xRealtec Nics on LAN, WAN & OPT2. Polling was used. Snort was used with almost all rulesets checked on except nearly 12 rulesets (i.e. nearly 36 rulesets), snort was set to "lowmem". Also i used ntop. There was 10 rules on WAN interface, 8th rule was used in test. In this case i have 12Mbit/s output (on traffic from DMZ to WAN).
    2. Athlon 1600+/512Ram. Other hardware was the same as in 1st case. In this case i have 50-55Mbit/s output. Then i leave only 18 rulesets in snort (vs nearly 36 in 1st case), snort was set to "ac" - the result was 100Mbit/s. I think with ntop turned off it would be 120Mbit/s.
    Now i am planning to upgrade my firewall and will post back my results.


Log in to reply