Protectli Vp2420 performance experiences

[Mming]

Good afternoon,
Considering purchasing a Protectli VP2420 for my network. As far as I understand this uses the Intel J6420 CPU. I was wondering if anyone have any experience using this, or a similar device, with this CPU for Opnsense and Zenarmor NG Firewall. The current network is not large, I would estimate to 25-30 devices.
Storage will not be an issue and I plan for 16GB of ram.

/Mming.

[Greg_E]

I would look for a 4 core processor, the J6420 says it is only 2 cores. This will be even more important when Zenarmor goes to multithreaded operation towards the end of the year.

That said, I see they also have a version with the J6412 which the Amazon listing says is 4 cores. You might also look at some of the AMD powered devices.

[tangofan]

The vp2420 uses the Intel J6412, which is indeed a Quad-core CPU: https://protectli.com/product/vp2420/

I'd also be interested in its performance with OPNsense and ZenArmor in a 16GB RAM configuration.

[qarkhs]

I am using a small box with a J6412 (https://www.gigaipc.com/en/products-detail/QBiX-EHLA6412-A1/), 16GB Ram, and running a paid version of Zenarmor. There's miles of headroom but the network load is not exactly demanding and I am not running either Suricata or a VPN.

[Vilmalith]

I don't have experience with this particular model. These low-end mini pcs and their low end cpus aren't really meant for IDS/IPS, at least not if you need, want or are planning on getting speeds of 1Gbps or more.

The Protectli VP2420 does have 2.5GB ports and it comes with the Celeron J6412 (single thread rating 1371, multi thread rating 3831). 

Just a base OPNsense install and then installing Suricata. Most users turn on Suricata on WAN, go bananas with enabling shit and then never look back.  Suricata is not set it and forget it. The speed hit you get from Suricata will depend on what you enable and if you're actually monitoring it and make changes per your use case and what you are seeing.  Regardless, Suricata will cap you at less than 1Gbps on this hardware.  A quick search online shows benchmarks on this exact Protectli hardware ranging from 200Mbps - 800Mbps.

Just a base OPNsense install and then installing Zenarmor. Zenarmor will be a lower performance hit compared to Suricata. They are 2 different beasts after all. It's intended for LAN side. You should see somewhere between 1Gbps and 2Gbps....  maybe even port max.  Zenarmor is not multi threaded yet, they keep pushing it back but claim it will be out this year (2025). Currently, regardless of hardware, Zenarmor caps out around 5Gbps.


I run OPNsense on much more powerful hardware then this (I have 10Gbps fiber internet at home).  I do use Zenarmor Paid.  I do have services running behind a reverse proxy.  I do not use Suricata, it's too much work in a home environment and the performance hit even on high end hardware is too great for what you get in return.  I'd argue with the advent of services like Crowdsec (which I do use on WAN and Proxy) and Maltrail (I dabble on Proxy), Suricata isn't worth it anywhere. Except maybe as a means to torture yourself.