![]() With pfSense? 1 GB RAM will get you 1 million simultaneous connections. Need a million simultaneous connections with a commercial firewall and you're likely looking at $75K USD per firewall at a minimum, and well up into 6 figures each if you need multi-million connection scalability. Not so much at 20 Mbps, though it's still true at that level, where it really makes a huge difference is where you want a high maximum connections limit. That's where adequately scalable commercial firewalls are extremely expensive, and you'll want HA, so double that cost. We have a lot of users in colo facilities like that. It's a good lesson in choosing the right hardware for a pfSense box, but also a good lesson in why people's experiences with pfSense are so varied. pfSense can be a bit picky with its hardware, and I was using a cheap commodity box with an extra NIC tossed in. I haven't had time to troubleshoot it yet, but I'm fairly certain the issue was caused by one of the NICs I was using. The box also decided to intercept DNS queries and tried to resolve against itself, which was an interesting thing to troubleshoot. ![]() The rest of the data was fine, but, without fail, 2-3 consecutive packets out of every 20 or so would have a massive spike in response times. We started seeing ~4s response times on around 10% of our TCP packets. ![]() Personally, my most recent pfSense build took a giant shit when I dropped it in-line with our existing router as a transparent IPS. I mean, if you're only using it as a router for an office the size of OP's, that's probably not going to be an issue, but if you're relying on its switching capacity at all, that would be a pain.
0 Comments
Leave a Reply. |