Messages

All;

I am setting up a test bed and have done some testing.  I am wondering what other people are seeing with Multi-Wan performance.

I have a Comcast business Internet for my primary internet with 4 static IP addresses (IP's don't matter for this). My secondary is a T-Mobile 5G connection. Currently with my Sophos UTM I am seeing decent load balancing but I do not like the limited IP licensing of 50IP addresses so I am trying to replace it with OpnSense and hopefully maintain or improve performance with Opnsense I am currently able to get higher than my one provider download meaning I am seeing a multithreaded test my Comcast is 250GB down with 25 up I get that consistently. With T-Mobile plugged in and loadbalanced I can get 500 or so down with 60~80 up which means it is combining the 2 ISP's.

What are some of the Dual Wan performance bandwidth are people in the forum seeing and with what type of equipment?

My equipment is the following:
Dell Optio plex 7050 16GB Ram
Intel 4port 1GB nic
Intel 10GB SFP nic
SSD 120GB drive
Network switch is a Cisco 3560X with 10GB modules
the 10GB has 4 VLAN's configured for local access.

Hey BathToast;

To question 1: - yes you can remove the original LAN interface, however I generally like to keep a (management) interface that is untagged in the event that things go sideways.  So you can plug into it with any ole ethernet and assign the IP address and manage the firewall if required. 

I also generally setup my (LAN) and rename it to (management) I do not set a gateway or anything but I maintain it for management and then have a Linux host that only responds with Private key authentication with an ssl forward to the firewall to lock down management of the firewall.  I am a bit paranoid.... having been a network engineer with emphasis on security for the last 20+ years created a lot of distrust.

As far as question 2 natively the bottom of all the interfaces should be an implicit deny that would deny traffic between VLAN's if you would prefer to put a deny with an any/any and log the traffic it will give you more visibility in that situation, which is generally something I do as I also send firewall logs to a local instance of splunk.

I realize this is a long response to answer your questions but I am hoping it has helped.

Thanks
Scott

I did see that I can load the if_qlxgb but when I do I get a scrolling error non-stop and can't assign anything to it.

ok I am trying to build a replacement for my Sophos UTM and want to use OPNsense however the HP NC523SFP 10 GB Nic I have is not recognized by the system.
I have searched and found this https://forum.opnsense.org/index.php?topic=21884.msg103423#msg103423 however that did not solve my issue.
The driver is not found I am installing a 21.7.1 that was the most recent available when I downloaded the image a few days ago.

I really don't want to purchase new nic's as I have 2 systems and I want to run them in HA and I have 2 exact same cards.

Thanks
Scott