OPNsense Forum
English Forums => General Discussion => Topic started by: naltalef on January 22, 2019, 01:06:37 am
-
Hello everyone.
I'm looking through the possibility of replacing a firewall that is running OpenBSD at present.
They're two systems with carp configured (active/passive) that use HP Proliant DL360 G7 servers.
(quad Xeon E5640 @ 2.67GHz).
RAM: 6 GB
Network interfaces:
- Two Internet links of symmetrical 150 mbps each (VLAN interfaces) 40% average use.
- DMZ (Gigabit interface)
- LAN (Gigabit interface) average use: 200 mbps
pf states: aproximately 50.000 - 60.000
I have some questions about this:
Does one of you have OPNsense installed on a firewall that could manage this number of connections and traffic?
What CPU and RAM options would be reasonable for using OPNSense just for packet filtering? New hardware will be used (server or network appliance)
What needs to be upgraded if we add services as Intrusion Detection, Netflow, Monit and Unbound in a near future?
Should the default Tuneable Parameters be changed in any way?
Thanks beforehand if any suggestion comes to mind.
Sincerely, Norberto.