Hardware Available at the pfSense Store
-
I was going to support the good cause and buy two machines from you. However, there is a slightly, iny tiny, small, problem ;D ;D ;D
I attached a screenshot.
This is for shipping to The Netherlands. If I may, the UPS/Fedex's of this world must be completely mentally retarded. For that amount of money I can depart from Schiphol Airport Amsterdam and fly to New York myself.
So, sorry, I really wanted to buy two machines and in the process support the good cause :-[
On another note: couldn't you go via Amazon Marketplace? I've never had these insane shipping costs when ordering from Amazon USA.
Just a thought :P
-
@Hollander:
If I may, the UPS/Fedex's of this world must be completely mentally retarded. For that amount of money I can depart from Schiphol Airport Amsterdam and fly to New York myself.
ROFL… Insane indeed.
-
…not to forget the customs fun. And then you end up with trash like this (see photo),, btw. inside there were two SAS HDDs, I desperately needed them, otherwise would have returned them....
But in the Netherlands you have other options:
http://www.applianceshop.eu/index.php/?___store=en
:-)
...they do some advertising on the forum, too and I was very satisfied with the service!
-
@gonzopancho:
I don't know what you mean by "many".
I would say that there will be "several" hardware offerings this year.
Any plans on adding anything soon? There's a pretty big gap in price and functionality of what's currently available. Habey has a nice looking 1U that I've been thinking about getting…might even pay a little more if it came in red ;)
http://www.habeyusa.com/products/fw-1044-1u-4-gbe-w-bypass-segment-fanless-network-hub/Edit: speling
-
The C2758 was just added about a week ago.
https://store.pfsense.org/c2758/
It's sold out already, more are on the way.There will be more to come.
-
@chemlud:
…they do some advertising on the forum, too and I was very satisfied with the service!
Actually, they don't.
-
I love the idea of pfSense selling their own hardware, but am lost as to what the unit capabilities are. the C2758 would be great, but how many concurrent connections would it support? Sorry, but I'm not knowledgable enough to translate the raw pass-through numbers to connections.
We're a catholic k-8 school in need of firewall and content filtering…..Currently running a sonicwall 2400
-
May firewall vendors artificially limit "connections". Sonicwall is one such vendor.
We do not.
See the discussion here under "Feature Considerations"
https://www.pfsense.org/hardware/#sizing -
@gonzopancho:
May firewall vendors artificially limit "connections". Sonicwall is one such vendor.
I don't believe they do (not that I would ever recommend those horrible pieces of junk to anyone). I think he's referring to this statistic:
Per http://www.sonicwall.com/us/en/products/NSA-2400.html#tab=specifications
Connections per second 4,000/secI have no idea where they get those numbers from, but their other numbers are very similar to the c2758. I don't believe anything Dell says about Sonicwall, though. Those things perform terribly and are a nightmare to administrate and exhibit very odd behavior.
-
No arguments from me on the sonicwall. They've been a giant pain in my butt as long as I have had to deal with them. And that was even BEFORE Dell took over!
And no, I have no idea where they pull those numbers from. I guess I was more concerned with the throughput. But I guess if I load it up with memory it should handle the web filtering. I'll wander the boards to find out more about that.
Thanks for slapping me upside the head to realize exactly what I should be looking at!
-
I'm not sure what they mean by "connections / sec".
Typically this is a web server metric.
A dual Intel Xeon X5670 (2 * 6 cores @ 2.93 GHz, 2 threads per core) with 24GB of RAM will do 500K connections/sec to nginx.
I've not measured it, but the C2758 cores each benchmark pretty close to a 5600 series ("Westmere ") Xeon. The C2758 only has 8 cores (not 12 in the system above) and they each run at 2.4GHZ, not 2.9GHz, but overall, I'd bet the C2758 can do at least 400K connections/sec in a similar benchmark.Maybe they mean new connections / second to the IPsec endpoint. We haven't measured it.
If they mean packets per second (pps), then that number sucks by comparison. In an Untuned state, the hardware will run 585Kpps per interface without the overhead of pf. Those are minimum-sized (64 byte) packets.
With a bit of tuning, and a single stateful rule installed in the packet filter, the rate goes up to nearly 800Kpps.
Their IMIX is oddly stated at 1280 byte UDP packets. That's not mixed. Typical firewall vendor BS.
http://en.wikipedia.org/wiki/Internet_MixAssuming an IMIX of PPS * ( 7*(40+14) + 4*(576+14) + 1*(1500+14) )/12*8, the IMIX thoughput for this is 2.267Gbps, which, you will note, is faster than the interfaces. This shatters the quoted IMIX throughput for the Sonicwall NSA 2400 (235 Mbps)
And we're after far (far) more. Stay tuned. I LOVE this hardware, and plan to make the most out of it for pfSense.
By comparison, here are the numbers for a PC Engines APU:
154.17 Kpps - raw routing (est IMIX throughput = 437 Mb/s)
88.12 Kpps - with a single, stateful 'pf' rule installed (est IMIX thoughput = 250Mbps)Note that even this is faster than the NSA 2400 you pointed to.
So there it is, a real-world result, the C2758 is about 10X faster than an APU, and I've just gotten started.
-
And the lower-end, Sonicwall does limit the number of nodes behind the firewall (that use the firewall).
http://help.mysonicwall.com/sw/eng/305/ui2/23100/System/Licenses.htmHere is a reseller of Sonicwall node licenses, just so you can check prices.
http://www.sonicguard.com/NodeUpgrades.aspTo be fair, some Sonicwall devices (such as the NSA 2400) come with an "unrestriced" node license.
There are some very early benchmarks (using iPerf, which I loathe) of the C2758 here:
http://store.pfsense.org/c2758/ -
Isn't The C2758 Product page @ http://store.pfsense.org/c2758/ Misleading?!?!?!
It clearly states "No additional usage or feature based pricing. Unlimited users, firewall rules, VPN connections, etc."
However, the Quick Start Guide @ http://support.netgate.com/index.php?/Knowledgebase/Article/View/18/9/where-can-i-find-the-c2758-quick-start-guide, on page 7 states "One year of pfSense Certified software updates and bug fixes
One year of Netgate’s pfSense Certified premium add-ons for pfSense 2.1"Which in my mind at least, tells me there is feature based pricing.. At least in that there is a renewal for whatever 'premium add-ons' are included. Shouldn't mention of this appear in the fine print of the product page?
Also, since I'm bound to be starting a mess here, can clarification be added on Netgate/ESF for these purchase? The documentation clearly states in numerous places, that this is a Netgate firewall, yet, that is left off the pfSense page, leading one to believe this is an ESF product. This seems deceptive.
I understand Netgate is now a majority? share holder of ESF, but ESF != Netgate and Netgate != ESF. It seems you have two separate companies by design, yet you are merging the two or using them like they are one.
Who's collecting the money from this purchase directly? ESF? or Netgate?
Is ESF directly reselling Netgate equipment (Netgate is a supplier)? or am I buying Netgate directly, who then in turn makes a donation to ESF? Who's responsible for the warranty?
I am probably not the only one wondering about this last set of questions, and I don't mean to be creating problems, I'd just like clarity. If I decide to buy one of these, I'd like to know who is it truly benefiting from the purchase.
-
@gonzopancho:
And the lower-end, Sonicwall does limit the number of nodes behind the firewall (that use the firewall).
http://help.mysonicwall.com/sw/eng/305/ui2/23100/System/Licenses.htmWow. The more I learn about just how bad they are the more I don't understand how the company has been in business for so long. The day I retired the Sonicwall was one of the happiest days of my life (at least that's how I remember it).
Like I said, I don't believe anything they say about Sonicwall devices. My experience and reading user forums has taught me that they never perform anywhere even close to what the specs say, and unless you're doing just basic firewalling from LAN to WAN they don't ever actually work as expected either.
-
Isn't The C2758 Product page @ http://store.pfsense.org/c2758/ Misleading?!?!?!
It clearly states "No additional usage or feature based pricing. Unlimited users, firewall rules, VPN connections, etc."
However, the Quick Start Guide @ http://support.netgate.com/index.php?/Knowledgebase/Article/View/18/9/where-can-i-find-the-c2758-quick-start-guide, on page 7 states "One year of pfSense Certified software updates and bug fixes
One year of Netgate’s pfSense Certified premium add-ons for pfSense 2.1"Obviously there is some editing to do.
Which in my mind at least, tells me there is feature based pricing.. At least in that there is a renewal for whatever 'premium add-ons' are included. Shouldn't mention of this appear in the fine print of the product page?
See above.
Also, since I'm bound to be starting a mess here, can clarification be added on Netgate/ESF for these purchase? The documentation clearly states in numerous places, that this is a Netgate firewall, yet, that is left off the pfSense page, leading one to believe this is an ESF product. This seems deceptive.
I understand Netgate is now a majority? share holder of ESF, but ESF != Netgate and Netgate != ESF. It seems you have two separate companies by design, yet you are merging the two or using them like they are one.
Your "understanding" is flawed. Netgate is not a majority shareholder of ESF, but the principals of Netgate are the majority shareholders of ESF.
You are correct when you state "ESF != Netgate and Netgate != ESF". That said, the two companies are co-located in the same office space, and I tend to use what people and resources are available for the tasks at-hand.
Who's collecting the money from this purchase directly? ESF? or Netgate?
Is ESF directly reselling Netgate equipment (Netgate is a supplier)? or am I buying Netgate directly, who then in turn makes a donation to ESF? Who's responsible for the warranty?
In answer to both of your questions: Which store did you buy it from? There is your answer.
I am probably not the only one wondering about this last set of questions, and I don't mean to be creating problems, I'd just like clarity. If I decide to buy one of these, I'd like to know who is it truly benefiting from the purchase.
-
@gonzopancho:
I'm not sure what they mean by "connections / sec".
No, seems odd for a firewall.
Perhaps the nearest thing might be state table inserts per second? Or maybe state table searches per second?
See this thread for some big numbers:
https://forum.pfsense.org/index.php?topic=72810.0Steve
-
Note that all of our equipment is suitable for US power standards. If you live outside the United States, be aware you may need to find a different power adapter / power supply to use your equipment.
(from http://store.netgate.com/International-Order-Payment-W9C111.aspx)
Can someone comment it? Do I need to buy additional power supply if I want to use it in Europe?
-
Almost certainly not.
The vast majority of computer equipment are using switching power supplies with 90-250V input so you can use them in Europe or the US. You may need a different power lead to connect the PSU to the wall socket but these will be easily available locally to you.
There are some exceptions to this though (some laptops and similar power bricks for example) so best to ask about the exact product.Steve
-
Gents, one thing that would really help is more detail on the performance.
I'm looking for a box that will give about 25MBPS on AirVPN:
-
4096 bit RSA keys size
-
AES-256-CBC Data Channel
-
4096 bit Diffie-Hellman keys size
-
HMAC SHA1 Control Channel
-
TLS additional authorization layer key: 2048 bit
-
Perfect Forward Secrecy through Diffie-Hellman key exchange DHE.
Can you advise me? I posted this here instead of just emailing as I thought the reply might be useful for others too.
-
-
Gents, one thing that would really help is more detail on the performance.
I'm looking for a box that will give about 25MBPS on AirVPN:
-
4096 bit RSA keys size
-
AES-256-CBC Data Channel
-
4096 bit Diffie-Hellman keys size
-
HMAC SHA1 Control Channel
-
TLS additional authorization layer key: 2048 bit
-
Perfect Forward Secrecy through Diffie-Hellman key exchange DHE.
I'm assuming you likely mean Mbps (bits). The VK-T40 and C2758 platforms we sell will both do well upwards 25 Mbps with those parameters. The 2D13 is the only system we sell that would struggle to reach 25 Mbps across a VPN with those parameters.
You may have issues reaching 25 Mbps with VPN providers along those lines for reasons entirely unrelated to your firewall. 25 Mbps probably isn't too difficult to reach, but that depends on what kind of load the provider's servers and network are under, how far away you are from the VPN server, and how far the ultimate destination of your traffic is from the VPN server. The higher latency makes it more difficult to achieve high throughput (see "long fat pipe") depending on how high it is. Some providers also significantly over-subscribe their networks and/or servers and hence perform poorly during peak times. I'm not familiar with that provider in particular so not sure what you can expect.
-