Question on expected performance of setup

[beyondnoyeb]

Hey all,

Been using opnsense for a few months now and am absolutely in love.  With that said, I am trying to best tune my environment for performance and seem to be hitting some issues. 

Setup:  (this is an older box I am repurposing)
CPU: i7-3770
Memory: 32gb
Nic: Intel i350-t4
opnsense: 20.1.6
VLANs: 4

I have made all changes listed in the sticky thread regarding intel nic tuning

Test Case 1) Without things like netflow (insights), suricata, and GeoIP I can saturate my Verizon fios 940/880. 
Test Case 2) Netflow / Suricata (19,000 rules set to drop, monitoring WAN and LAN interfaces) / GeoIP  my speeds are dropping down to 400/400.
Test Case 3) Netflow / Suricata GeoIP running but Suricata ONLY monitoring WAN, I can manage to get it back up to 800/800.

During the testing, I can see suricata is definitely using up all 8 threads on the cpu (750-780% CPU usage) via top in test case 2.  This drops down to 300-400% CPU usage in test case 3.

Is this CPU / older box simply too old to run at line rate?  I don't mind investing in a newer gen; I just want to make sure that a newer gen xeon type setup will run at the full line rate with everything turned on (monitoring WAN and LAN).

Thanks!

[beyondnoyeb]

Added a test case 4 after talking another member on a PM:

test case 4) Netflow monitoring all interfaces, suricata monitoring LAN only and geoip on.  With this setup for some reason I get almost equal performance to without suricata... pushing 930-940/870-880

Not really sure why test case 4 is better than test case 3... Also not sure if monitoring only the LAN is doing as much protection.