Messages

Iperf was done via LAN and internet.

Considering the majaority of the traffic will be over the WAN I care more about how it will perform via the internet.

I'm not too sure about fast.com but the rest were multi stream.

The usual ways.

Fast.com
Speedtest.net
and iperf

Opnsense performed the worst by far.

The tests were all run the same way on the same hardware.

Untangle
IPFire
Sophos XG
FreeBSD 11.2 (basic PF firewall)

They all performed just fine without any strain on the hardware.
Untangle and Sophos XG easily outperformed Opnsense even with IDS/IPS enabled.
Opnsense as a basic firewall was still slower.

The hardware itself is fine and is overkill for what I need it for.
IRQ problems are very rare on modern hardware so it's not that.

I would say it would have alot to do with Linux currently having superior SMP.

Given that most of these solutions use utilise many of the same opensource technologies there isn't really a compelling reason to switch between them if what you currently use is working fine. Of course that will change depending on your requirements.

They are marketed asa "desktop" adaptor but considering I can easily get 1gb throughput through them with other firewall solutions I don't see the point in replacing them.

I searched the model number quickly on google and it seems there are a few people using them successfully on pfsense.

Both IDS and IPS.

Even with both turned off the performance isn't great.

If I had more spare time I would look into it further as I like Opnsense as a product.
But for now I will use Untangle and install Opnsense again to figure out what is going when I have enough free time.

The Intel cards are both Intel EXPI9301CTBLK.

They aren't the greatest NICs but they should be up to the task.

Thanks for the reply.

I ended up building a box with the an Intel i3-8100, 8gb RAM and Intel 1gb NICs.

Opnsense had appalling performance without IDS turned on.
Without IDS I was getting 640mb down and 400mb up.

With IDS turned on I was only getting 290mb down and 300mb up.

This was with stock settings. The same box running FreeBSD 11 is able to perform without a problem.

Linux based firewalls such as IPFire and Untangle give me pretty much 1gb down and 500mb up

For now I will stick with Untangle. There isn't really any compelling reason for me to see what is wrong with Opnsense.

I am looking into buying some hardware to run Opnsense but I am not sure exactly which specs I will need.

The internet connection is 1000/500 and I want to be able to be able to utilize the full speed of my connection
or as close to it as possible.

I will use the usual basic features such as NAT, firewall and IDS which I know will impact perfomance.
I have done some research but I am unable to see how much processing power or memory I will need.

The only other thing I want is to keep power consumption as low as possible.

Budget isnt a concern right now I am looking more at performance but I know it wont be cheap.

Can anyone give me some assistance?