Upgraded to Fiber 2.5 at home

[zzup]

I am kinda supprised that my opnsense with zenarmor is handling my new fiber internet at home.  I have a 2.5 gig connection via fiber at home now.  I know we are not a huge network but around 45 device or more and 5 users.  Here are my specs

I3-14100 4.7 ghz
MSI B760 Pro
16 GB ddr4 3200
WD 850x 1 tb
Dell intel x550-t2 (on the main PCIE port that is CPU bound)

[sy]

Hi,

It's great to hear that. Your CPU single threat rate is pretty high and can handle 2.5 Gbps. Have fun with Zenarmor.

[Greg_E]

It will be nicer when we have the multithreaded version. Just want to make sure that this isn't forgotten. 

How are other functions working on that processor? I'm just thinking about my next hardware step and keeping options open. Probably going with OPNsense hardware, but I may need to build my own again. On my E3-1230v5 with 16gb of ECC ram, I get around 600-700 mbps download with ZenArmor, IDS/IPS, and Crowdsec all turned on, we have a 1gbps connection to the web that often does show a real gigabit speed without all the filters.

[sy]

Hi,

It is not forgotten. The team is working on it to ship at the end of this year. Thanks for your patience.

[zzup]

It will be nicer when we have the multithreaded version. Just want to make sure that this isn't forgotten. 

How are other functions working on that processor? I'm just thinking about my next hardware step and keeping options open. Probably going with OPNsense hardware, but I may need to build my own again. On my E3-1230v5 with 16gb of ECC ram, I get around 600-700 mbps download with ZenArmor, IDS/IPS, and Crowdsec all turned on, we have a 1gbps connection to the web that often does show a real gigabit speed without all the filters.

The CPU with no E cores is working well.  I really enjoy it the speed.  I have been running now for 2 weeks of the 2.5 gb/s connection and had no real bottlenecks.  I do not run a lot of services really just standard firewall, zenarmor and shaper to keep latency down as we are a huge gamer house.   The MB, CPU, Ram and CPU cooler cost a total of like $300.  I had the case, PSU and hard drive already.  It is a normal desktop size but it keeps the X550 nice and cool and is pretty quiet with the fan setup i have.

On a side note.  Any reason to run CrowdSec and zenarmor together? I always thought they did the same thing.  (still learning some of this as it is a hobby).

[ruuskil]

On a side note.  Any reason to run CrowdSec and zenarmor together? I always thought they did the same thing.  (still learning some of this as it is a hobby).

I'm doing it and it works without any issues. It does give extra layer of security especially if you run servers.

[zzup]

On a side note.  Any reason to run CrowdSec and zenarmor together? I always thought they did the same thing.  (still learning some of this as it is a hobby).

I'm doing it and it works without any issues. It does give extra layer of security especially if you run servers.

Do you run it to protect the lan or wan side?  I have not really looked into it much as i though that zenarmor covered it.  But if it helps the wan side as i use quite a bit of port forwarding that would be great.  And if it does not mess with zenarmor that is a must.  Which sounds like it doesn't based on your comment.

[ruuskil]

On a side note.  Any reason to run CrowdSec and zenarmor together? I always thought they did the same thing.  (still learning some of this as it is a hobby).

I'm doing it and it works without any issues. It does give extra layer of security especially if you run servers.

Do you run it to protect the lan or wan side?  I have not really looked into it much as i though that zenarmor covered it.  But if it helps the wan side as i use quite a bit of port forwarding that would be great.  And if it does not mess with zenarmor that is a must.  Which sounds like it doesn't based on your comment.

CrodwSec is most useful for protecting the servers on wan side but you can configure the firewall to block all incoming and outgoing connections to the IPs in CrowdSec's blocklist. That's how i've done it so basically it inspects all the connections from WAN and also from LAN.  There is no performance penalty on modern hardware since CS is not doing any deep packet inspection but only checks if any of the IP's in the connection is included in the blocklist.

[Patrick M. Hausen]

There is no performance penalty on modern hardware since CS is not doing any deep packet inspection but only checks if any of the IP's in the connection is included in the blocklist.

It doesn't even do that. Crowdsec populates a blocklist that is used by the regular high performance packet filter.

[zzup]

There is no performance penalty on modern hardware since CS is not doing any deep packet inspection but only checks if any of the IP's in the connection is included in the blocklist.

It doesn't even do that. Crowdsec populates a blocklist that is used by the regular high performance packet filter.

That makes sense why it works well with other solutions