About Hardware Capacity



  • Hi,
    I am using pfsense with Intel SR1680MV hardwares. If the bandwith usage increase to 200 Mbit the firewall is down and can't answer any request. My hardware include Xeon5603 dual cpu, 32 GB memory and 240GB SSD disk. I need hardware config for 10 Gigabit uplink and its should be work with bandwith and snort packets…
    Thanks for all of suggestions...



  • There must be something wrong with your setup. My Intel Atom D525 CPU can do 450Mbit/sec easily…



  • May be you are right but if i recevied 2 million states its going down status… How can i resolve the problem ?

    @robi:

    There must be something wrong with your setup. My Intel Atom D525 CPU can do 450Mbit/sec easily…



  • Go to System-Advanced-Firewall/NAT    Increase the number of states.

    With 32GB of RAM you should be able to increase that a bunch.  Id say 20million without breaking a sweat.



  • Problem is not state number its already increased to 3161000, but if the states going to million the firewall is down and we cant access networks or firewall GUI, Console or etc…
    I will try this night with Xeon 5570 dual cpu and 64 GB of memory...

    @chpalmer:

    Go to System-Advanced-Firewall/NAT    Increase the number of states.

    With 32GB of RAM you should be able to increase that a bunch.  Id say 20million without breaking a sweat.



  • Im confused…  :-\

    Your first post seems to say 2mbps of traffic brings it down.

    Your second post says that it fails at 2 million states.

    Your third post says it fails at 1 million states.

    That hardware should easily handle that.    What packages besides Snort do you have installed?  What version of pfSense are you running?

    Need more information.    :)



  • chpalmer,
    I have write approximately 200 mbit and up traffics :) after this trafics increased and states going to up the firewall cant answer anything…I have not snort packages but i am plaining the use and version is 2.0.2-RELEASE (amd64)... By the way all networks working with reel ips, we are the hosting company and we have get lot of attacks from Internet like as DOS or legal attacks...
    Thanks,

    @chpalmer:

    Im confused…  :-\

    Your first post seems to say 2mbps of traffic brings it down.

    Your second post says that it fails at 2 million states.

    Your third post says it fails at 1 million states.

    That hardware should easily handle that.    What packages besides Snort do you have installed?  What version of pfSense are you running?

    Need more information.     :)



  • we dont run snort but we see 800Mbit traffic full duplex 24/7 with no problems.

    were on Supermicro 1u servers with Xeon L5420 CPU and 32G of ram and Dual
    Intel GigaBit Nics built into the motherboard.

    something wrong with the Hardware is my best guess.



  • Finaly after thne change hardware the firewall is not crashed, its working with Xeon 5570 dual cpu and 64GB memory. This day we have received an attack again with 1 GB traffics everything is working fine… For now i should be get snort packages with session limits per ip base...Could you pls share us config types?


Locked