Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
OPNsense to replace OpenBSD firewall
« previous
next »
Print
Pages: [
1
]
Author
Topic: OPNsense to replace OpenBSD firewall (Read 2129 times)
naltalef
Newbie
Posts: 38
Karma: 2
OPNsense to replace OpenBSD firewall
«
on:
January 22, 2019, 01:06:37 am »
Hello everyone.
I'm looking through the possibility of replacing a firewall that is running OpenBSD at present.
They're two systems with carp configured (active/passive) that use HP Proliant DL360 G7 servers.
(quad Xeon E5640 @ 2.67GHz).
RAM: 6 GB
Network interfaces:
- Two Internet links of symmetrical 150 mbps each (VLAN interfaces) 40% average use.
- DMZ (Gigabit interface)
- LAN (Gigabit interface) average use: 200 mbps
pf states: aproximately 50.000 - 60.000
I have some questions about this:
Does one of you have OPNsense installed on a firewall that could manage this number of connections and traffic?
What CPU and RAM options would be reasonable for using OPNSense just for packet filtering? New hardware will be used (server or network appliance)
What needs to be upgraded if we add services as Intrusion Detection, Netflow, Monit and Unbound in a near future?
Should the default Tuneable Parameters be changed in any way?
Thanks beforehand if any suggestion comes to mind.
Sincerely, Norberto.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
OPNsense to replace OpenBSD firewall