Planning to use as Internal Segmentation Firewall (ISFW)

Started by Deepak Kumar, July 14, 2018, 02:50:54 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 14, 2018, 02:50:54 PM
Dear All,
I am planning to use the Opensense firewall as ISFW in my office datacenter. As per basic requirement, I need 40 Gbps speed for "east-west" traffic.  My planning to implement this with 8 vCPU, 16 Gb RAM.

Please guide, will it handle the 40Gbps throughput? I want IPS + Antivirus + Some Basic Firewall Rules. But the most important topic, It will work in Bridge mode.

Regards,
Deepak Kumar
July 14, 2018, 02:56:33 PM #1
Antivirus and 40G .. never. With Chelsio NICs you might geht the 40G, but IPS and AV, no.
July 14, 2018, 03:01:37 PM #2
very likely no because the hardware will very likely not make it. IPS and AV need a lot of CPU power, the web proxy (squid) too if you enable HTTPS inspection. Remember that for 40 GBit/s you need at least 5GB of RAM only to handle the packet forwarding (no operating system or services are count here). The next thing is that you very likely have multiple copies in your memory for different scanners not to mention the speed of your memroy, CPU, bus systems etc. IMHO you need a stronger machine for that.
July 14, 2018, 04:00:02 PM #3
Thanks for your information. What about if I will give 32Gb RAM with HP Gen9 DL380 (16 core CPU) dedicated server for this firewall.
https://www.hpe.com/us/en/product-catalog/servers/proliant-servers/pip.specifications.hpe-proliant-dl380-gen9-server.7271241.html

Regards,
Deepak Kumar
July 14, 2018, 04:41:03 PM #4
You will not gain the full 40g .. there is a reason why commercial vendors want 50k for such systems
Print
Go Up Pages1
User actions