Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Planning to use as Internal Segmentation Firewall (ISFW)
« previous
next »
Print
Pages: [
1
]
Author
Topic: Planning to use as Internal Segmentation Firewall (ISFW) (Read 3251 times)
Deepak Kumar
Newbie
Posts: 17
Karma: 2
Planning to use as Internal Segmentation Firewall (ISFW)
«
on:
July 14, 2018, 02:50:54 pm »
Dear All,
I am planning to use the Opensense firewall as ISFW in my office datacenter. As per basic requirement, I need 40 Gbps speed for "east-west" traffic. My planning to implement this with 8 vCPU, 16 Gb RAM.
Please guide, will it handle the 40Gbps throughput? I want IPS + Antivirus + Some Basic Firewall Rules. But the most important topic, It will work in Bridge mode.
Regards,
Deepak Kumar
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: Planning to use as Internal Segmentation Firewall (ISFW)
«
Reply #1 on:
July 14, 2018, 02:56:33 pm »
Antivirus and 40G .. never. With Chelsio NICs you might geht the 40G, but IPS and AV, no.
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: Planning to use as Internal Segmentation Firewall (ISFW)
«
Reply #2 on:
July 14, 2018, 03:01:37 pm »
very likely no because the hardware will very likely not make it. IPS and AV need a lot of CPU power, the web proxy (squid) too if you enable HTTPS inspection. Remember that for 40 GBit/s you need at least 5GB of RAM only to handle the packet forwarding (no operating system or services are count here). The next thing is that you very likely have multiple copies in your memory for different scanners not to mention the speed of your memroy, CPU, bus systems etc. IMHO you need a stronger machine for that.
Logged
Deepak Kumar
Newbie
Posts: 17
Karma: 2
Re: Planning to use as Internal Segmentation Firewall (ISFW)
«
Reply #3 on:
July 14, 2018, 04:00:02 pm »
Thanks for your information. What about if I will give 32Gb RAM with HP Gen9 DL380 (16 core CPU) dedicated server for this firewall.
https://www.hpe.com/us/en/product-catalog/servers/proliant-servers/pip.specifications.hpe-proliant-dl380-gen9-server.7271241.html
Regards,
Deepak Kumar
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: Planning to use as Internal Segmentation Firewall (ISFW)
«
Reply #4 on:
July 14, 2018, 04:41:03 pm »
You will not gain the full 40g .. there is a reason why commercial vendors want 50k for such systems
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Planning to use as Internal Segmentation Firewall (ISFW)