Which Processor and how much RAM for 10 gbps Down/Up with 1500 Clients and IPS

[Friedemann]

Hi,

we're planning to make a custom firewall with opnsense for around 1500 Clients.
Up until now we were using the Securepoint RC1000 UTM Firewall but that's just for 1000 Clients and also we finally want to take advantage of our fibre cables inbetween the buildings, so i want to integrate sfp+ or even sfp28.
Does anyone have suggestions for the Hardware I should use?
I thought that I'll just use a Xeon e.g. an E-2146G together with16 gb of DDR4 ECC Memory.
Or does someone have a full example System?

[pylox]

Hi Friedemann,

i do not have a "example" configuration - because either is different... Have a look on the supermicro website. If your requirement is 10Gb with IPS you will need strong hardware.

CPU: minimum 8 cores (without hyperthreading, performance wise), modern 10Gb nics (drivers) will have >= 8 queues and normally each queue will bound to one CPU core. Suggestion: E5-26xxV4
NIC: 10Gb Mellanox, Chelsio or Intel

Be careful with your choice you have to check FreeBSD support/compatibility

Regards pylox

[mimugmail]

You really want IPS for 1500 clients? Is this really what you want? You'll spend so much time running after crazy user reports saying that something doesn't work and whitelist all the time.
Mellanox ConnectX-4 is supported with 19.1, so you should be safe for SFP+ or SFP28.
I did some performance tests here:
https://www.routerperformance.net/routers/nexcom-nsa/fujitsu-rx1330/
https://www.routerperformance.net/routers/nexcom-nsa/thomas-krenn-ri1102d/

But they weren't with IPS is it doesn't make sense since you have to enable one or ALL rules to make it consitent. But enabling all rules is more than stupid, so, hard to benchmark. Also one stream gives completely different throughput compared to 1500 user making around 10000 current sessions.