OPNsense Forum
English Forums => General Discussion => Topic started by: Deepak Kumar on July 14, 2018, 02:50:54 pm
-
Dear All,
I am planning to use the Opensense firewall as ISFW in my office datacenter. As per basic requirement, I need 40 Gbps speed for "east-west" traffic. My planning to implement this with 8 vCPU, 16 Gb RAM.
Please guide, will it handle the 40Gbps throughput? I want IPS + Antivirus + Some Basic Firewall Rules. But the most important topic, It will work in Bridge mode.
Regards,
Deepak Kumar
-
Antivirus and 40G .. never. With Chelsio NICs you might geht the 40G, but IPS and AV, no.
-
very likely no because the hardware will very likely not make it. IPS and AV need a lot of CPU power, the web proxy (squid) too if you enable HTTPS inspection. Remember that for 40 GBit/s you need at least 5GB of RAM only to handle the packet forwarding (no operating system or services are count here). The next thing is that you very likely have multiple copies in your memory for different scanners not to mention the speed of your memroy, CPU, bus systems etc. IMHO you need a stronger machine for that.
-
Thanks for your information. What about if I will give 32Gb RAM with HP Gen9 DL380 (16 core CPU) dedicated server for this firewall.
https://www.hpe.com/us/en/product-catalog/servers/proliant-servers/pip.specifications.hpe-proliant-dl380-gen9-server.7271241.html
Regards,
Deepak Kumar
-
You will not gain the full 40g .. there is a reason why commercial vendors want 50k for such systems