Firewall interfering with wan throughput?



  • Hi!

    I am experiencing slow speed with pfsense. Although, the box has been configured with few firewall rules, packet inspection is interfering with the wan throughput drastically!

    When I disable the firewall pfSense, quickly we managed to get close to the available bandwidth limit.

    The scenario:

    01 - PfSense Box - Atom 2758 08 Cores (01 per socket) / 16 GB RAM / SSD 32 GB / 06 INTEL GIGABIT NICs

    01.1 - INTERFACES:

    • WAN (two interfaces - LACP)

    • CLIENT-NET01 (one interface)

    • CLIENT-NET02 (one interface)

    • LAN (one interface)

    • SYNC (one interface - CARP)

    01.2 - SERVICES:

    • FIREWALL

    • ROUTING

    • CAPTIVE PORTAL

    • DHCP SERVER

    02 - INTERNET LINK:

    • BANDWIDTH AVAILABLE (01 GBPS)

    • PfSENSE with firewall enabled = 450 MBPS (average)

    • PfSENSE with firewall disabled = 800 MBPS (average)

    Someone would have any idea what can I do to improve performance?

    Thank you!



  • Enable powerd.  Set it to hiadaptive or maximum.



  • Hi, almabes!

    Thank you for the quick reply, but I think I don't understand your suggestion because powerd is intended to offer "power-saving modes that can be individually selected for operation on AC power or batteries."

    I can't see the relation with the issue I'm facing right now. Would you please clarify it?

    Thank you!



  • Your CPU is most likely not ramping up to its full operating frequency.  This is a known issue with newer Atom processors.  Enabling powerd and setting it to hiadaptive allows the OS to ramp up the processor frequency in response to system load.

    There are several threads about this in the hardware section already.  I am not going to post links.



  • Hi, almabes!

    Thank you for the information. I'm gonna try it right now!


Log in to reply