PfSense performance on huge traffic



  • First, i´m new here, my name is Rafael from Brazil, and I´m a m0n0wall home user and knowing pfsense now…

    My question is: does pfsense support huge traffic in a company with about 250 computers in LAN and 10 servers (email server, application server, terminal server, proxy server, domain server, etc...) in DMZ?

    Acctualy that company uses RouteFinder Appliance (RF850 from Multitech) as firewall/gateway, and I´m thinking substitute that rf appliance for a pfsense firewall... that is possible? can pfsense obtain same performance? pfsense can support as well as rf appliance (or better)???

    Thanks for any help...

    ps.: sorry about my ENGLISH, it´s so bad... lol...



  • That's not "huge" traffic, really. There are MUCH bigger installs out there.

    It's just a matter of making sure your hardware is properly sized. That varies greatly from one network to another, but mostly depends on how much Internet bandwidth you have, and how much traffic you route between LAN and DMZ. If you can estimate your throughput requirements, we can suggest hardware sizing.



  • We've got 100 computers accessing through our pfSense box, and 2 terminal servers being published, add to that a public network on a separate VLAN with anywhere up to 200 users connection. We're using an old Dell Poweredge 1550, 1Ghz CPU with 512MB ram, and it's flying. I could probably double the usage on it.



  • sounds great tacfit… but can i obtain good pfsense performance using a box with VIA Eden 1GHz processor, PC133 512MB SoDIMM and 1gb Compact Flash???
    think in a situation with throughput of a 200 hosts in lan, incoming external connection and 2 vpn´s tunneling with about 30 hosts in each one...
    thanks



  • Again, to provide any meaningful feedback, we need to know Internet connection speed, expected LAN to DMZ throughput requirements, and expected VPN throughput requirements.



  • @rafaelsantos:

    sounds great tacfit… but can i obtain good pfsense performance using a box with VIA Eden 1GHz processor, PC133 512MB SoDIMM and 1gb Compact Flash???
    think in a situation with throughput of a 200 hosts in lan, incoming external connection and 2 vpn´s tunneling with about 30 hosts in each one...
    thanks

    As cmd says, more details needed. First off, I don't know how the Eden compares with a Pentium III based Xeon, but if they're comparable, and those users are doing "typical" surfing, e-mail, downloading general stuff, I would say your performance will be fine.

    BUT… again, this is a total guess on my part. I would say the first bottleneck you're going to run into is memory... and depending on the encryption used for your VPNs, CPU speed. Also, if you've got users download lots of torrents and other stuff like that, that'll throw things off. If this was for an office where you would restrict the types of traffic allowed, I think you wouldn't be far off the mark.

    I've been VERY impressed with pfSense's performance, but bare in mind I'm running it on a full sized server. It sounds like you're using a smaller device, which may be just fine... but I can only speak from my own experience :)


Log in to reply