Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Alternaive to cisco router?

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 5 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      asmith3006
      last edited by

      Hi, I'm very new to the world of firewalls so sorry if this is a stupid question.

      At work we're installing some new debian servers in a rack which we have at a data center. The servers will be used for live video streaming to several thousand users and so we will be using about 1Gbps of bandwidth. This high end of firewalls is beyond me at the moment so I'm trying to learn.

      We have been advised by the dc that a cisco ASA5550 would be the best device to get as is has the throughput. We have 2x1GBps ports coming into our rack and then about 5 servers inside the rack. Each server will have its own public and private IP address.

      What I want to know is, is it possible for the m0n0wall box to deliver the same reliability of the cisco ASA5550 (we're willing to spend money on this if it's cheaper than a ASA5550 so something like a £1000 dell Xeon with RAID 1 SCSI drives which I know is overkill but this is mission critical) and also deliver the traffic to the servers based on the public IP address whilst still filtering out hack attempts etc?

      One last question, obviously we'd have the two incoming connections hooked up, but we would also want to have two connections to the rack switch for redundancy purposes. Is this possible?

      Thanks for any and all advice.

      Andrew.

      1 Reply Last reply Reply Quote 0
      • JeGrJ
        JeGr LAYER 8 Moderator
        last edited by

        First, you are talking about pfSense. No m0n0wall here ;)
        As for the reliability: I have two pfSense firewalls in our datacenter each one hooked to a seperate 100MBit/s connection. Both are working in CARP redundancy mode and since I started using them, I have no more bad feeling in powering off the active node, 'cause I simply know that the second one will take over almost instantly, even with streaming video/audio or active remote connections.

        Only limiting thingy IMHO is the hardware you run pfSense on. Buy apropriate and supported hardware and it should work. I think there have been reports around the forums here, what is necessary for running 1GB/s smoothly.

        Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

        If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

        1 Reply Last reply Reply Quote 0
        • C
          cybrsrfr
          last edited by

          You may be interested in this thread where foomanjee talks about his pfSense firewalls running foxnews.com and foxbusiness.com.
          http://forum.pfsense.org/index.php/topic,7668.msg43776.html#msg43776

          Also make sure you are using server class Intel Gigabit NICs. Intel handles the processing on the NIC itself and saves your CPU.

          When pfSense 1.3 is released it will be running on FreeBSD 7. FreeBSD 7 TCP stack is even faster.
          http://blog.pfsense.org/?p=173

          1 Reply Last reply Reply Quote 0
          • valnarV
            valnar
            last edited by

            Does pfsense work with NAT-T?  That was a deal breaker for me.

            1 Reply Last reply Reply Quote 0
            • C
              cmb
              last edited by

              @valnar:

              Does pfsense work with NAT-T?  That was a deal breaker for me.

              1.3 will.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.