Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense 2.0 VS Checkpoint.

    2.0-RC Snapshot Feedback and Problems - RETIRED
    1
    1
    2.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      David Handelman
      last edited by

      Hi All,
      I'm currently moving to 10G Ethernet.
      I decided to test PFsense vs Checkpoint using 10G and 1G interfaces.
      Checkpoint provided me a huge 1U appliance for testing. based on Nokia IPSO and CPR65.
      The Pfsense was running on Dell R-210 Xeon 2.4Ghz with Myricom 10G nics. Pfsense AMD64 version 2.0 beta5.

      Part of the numbers bellow are from my memory I'm not in the office untill next week,, but it's very very close to that.. I will adjust it next week to be 100% accurate.

      All the numbers are in Micro Seconds.
      10G Test
      I had two servers that already connected to a few switches.
      I have disconnected one server from the switch and put a firewall between the server and the switch.

      The only change I made at the PFsense was adjusting the Coalescing on the nics to "1" (1 Micro second).
      Checkpoint and Pfsense had the same rules and the same logging options.

      A udp test similar to the netperf TCP_RR shows the following.
      PFsense 32.053 Us
      Checkpoint 34.315 Us

      TCP Test-Netperf TCP_rr Test
      Pfsense 14500 PPS
      Checkpoint 13600 PPS

      Multicast test.

      On the average PFsense and Checkpoint are the same, but the standard deviation on the PFsense is a little bit higher.

      Checkpoint
      41 Us
      Standard deviation 4 Us

      PFsense
      41 US
      Standard deviation 6 Us

      1G Test.
      On this test I have used two Dell R610 servers connected to directly to the firewall no switch at all.

      A udp test similar to the netperf TCP_RR shows the following.

      PFsesne 34 Us
      Checkpoint 62 Us

      TCP Test-Netperf TCP_rr Test

      PFsense 13400 PPS
      Checkpoint 7600 PPS.

      YES on 1G interfaces the Pfsense is two times faster… i have verified this a few times, checking the nics duplex, speed and run it a few times all looks correct.

      Bottom line.
      PFSense is 2 Micro second faster while using 10G and 30 Micro seconds faster while using 1G interfaces..
      The Checkpoint price is around 40K$ with unlimited IP and cluster support.
      The Dell R-210 with the 10G nic around 1500$

      REMARKS:
      I have tested the most important things for my usage only.
      The test is relative (On the 10G the numbers include switches as well).

      PFsense TEAM
      THANK YOU FOR THIS GREAT PRODUCT….......

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.