Standard to Measure Throughput
-
I often read about various products throughput and then want to compare them to a pfSense unit. Since pfSense, aside from the hardware purchased from pfSense.org, runs on all sorts of old or new hardware, there aren't any stats that say what the firewall is rated for (throughput). How do I apples:apples compare a pfSense unit with, say, a SonicWALL (http://www.sonicwall.com/us/en/products/TZ-Series.html#tab=comparea)
How do I measure various throughput/performance counters of a pfSense firewall?
Thanks
-
IMHO best way to answer that question is to choose comparable hardware from one of the pfSense recommended hardware vendors (https://www.pfsense.org/hardware/#vendors) to line up with your Sonicwall list.
Sonicwall is a linux kernel and pfSense is FreeBSD. Put on identical hardware they will probably do pretty much identical things. I personally chose pfSense because it's $99/year for unlimited features, unlimited users, unlimited installs, well, unlimited everything (you get the idea), and I get to choose the hardware. The only user limit in pfSense is based on the hardware you choose to install it on. With Sonicwall (and Cisco and others) the user limits are arbitrary numbers chosen by accountants to eke as much profit out of each sale as possible. When you do your comparison don't forget to add in "per user licensing" to the final cost.
Also: https://www.google.com/search?q=pfsense+on+sonicwall&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a&channel=sb#channel=sb&q=pfsense+vs.+sonicwall+site:forum.pfsense.org&rls=org.mozilla:en-US:official
-
The numbers you see on the forum are often just the maximum download speeds through the box as seen from a client behind it. A single http conection. Sometimes they are a result from a speedtest website which might be 3-3 TCP connections. Some people who have gone to some trouble might post a result from an iperf test using a server and client on each side of the box on test. Even that is often not directly comparible because the iperf server/client do not always have the same default settings. It is also not a real world test and doesn't help guage Snort or Squid perfomance
The numbers you see given for commercial 'hardware' firewalls are usually from a test that has been tweaked to give the highest possible numbers for better marketing value. Usually a sum of many connections through ther box at large TCP window sizes.It's hard to compare anything directly. ;)
Steve