Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Will net4801+Hifn7955 do the job?

    Scheduled Pinned Locked Moved Hardware
    5 Posts 2 Posters 3.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      heureka
      last edited by

      Hi all!

      I know there is no "true" answer to a question like this.
      I just want a hint about what kind of workload a net4801+Hifn7955+pfSense can handle.

      This is my basic conditions:

      • A 10 Mbit/s symmetric Internet connection.
      • 5 "permanent" IPsec tunnels, mostly Terminal Service traffic, 0.5 Mbit/s in the other ends.
      • 6 "occasionally" PPTP connections, mostly Terminal Service traffic.
      • ~30 LAN users, mostly Internet browsing.
      • Exchange server (400 emails per day)
      • Web server (400 unique visitors, 200 Mb per day)

      Today we are using a Watchguard Firebox II.
      Is Soekris 4801 a realistic substitute? (I cannot find the hardware spec for FBII)

      /Erik

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        The question is how fast do you need the IPSEC to be. Besides the IPSEC throughput there is no problem at all for a soekris 4801 handling that load. I don't have an IPSEC hardware encryption card but I would assume that you should get near the 10 mbit/s encryption throughput with it depending on the codec that is used (I have read something like that at the m0n0 list but don't know how comparable that is if it is used with pfSense). The card however won't help you with PPTP traffic. If somebody has such a card I would like to see some benchmark results with and without the card.

        1 Reply Last reply Reply Quote 0
        • H
          heureka
          last edited by

          Thanks for the answer.
          Is throughput noticeable affected with e.g. 1 x 10 Mbit/s IPsec compared to 5 x 2 Mbit/s ?

          @hoba:

          If somebody has such a card I would like to see some benchmark results with and without the card.

          I have access to a net4801 with Hifn7955 and would gladly do some benchmarking if you give me some instructions on how to do it.

          1 Reply Last reply Reply Quote 0
          • H
            hoba
            last edited by

            The raw throughput inside the tunnels will be a bit less due to the overhead that is generated by the ipsec encapsulation but I would guess besides that there should be no big differnce.

            If you want to bench the device make sure you have a device at the other end that can do more IPSEC throughput than the soekris, if not you are benching the opposite end rather than the soekris. Build an IPSEC tunnel between the two devices and send traffic through between two clients at each end. You can use a tool like netio for that ( http://www.ars.de/ars/ars.nsf/docs/netio ).

            1 Reply Last reply Reply Quote 0
            • H
              heureka
              last edited by

              I'll do the test next week if I can get my hands on a device with higher throughput than the soekris.
              Thanks for the help.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.