Greetings,
We migrated from Checkpoint FW-1 to FreeBSD/pf solution beginning of
this year. Our hardware box has 2 Intel [EMAIL PROTECTED], 2GB RAM and 10 Intel
Pro/1000 network interfaces (2 built-in and 2 quad port cards). There
are 3 Internet lines configured with CBQ queues (2 with somewhat heavy
traffic), 4Mbit, 6Mbit and 18Mbit, and a bunch of local networks
(100Mbit to 1Gbit) with light to medium traffic.
PF has 300 rules with only a few "quick" keywords and load on machine is
barely visible. Last week we had stress tests running on our web
servers, this have put some light load on PF machine, and "current
states" numbers were floating around 60k-70k, you can see the CPU usage
here: http://edqm.pheur.org/icons/pf-cpu.jpg . No CARP setup for the
failover, yet.
Regards,
Evaldas
[EMAIL PROTECTED] wrote:
Hi,
I have some time to come up with a new firewall/router/vpn solution
for our datacentre, and I'm considering a shiny new server with
OpenBSD and pf instead of a costly PIX. On the part of our network
that I'm doing this for we might see maximum 20Mbit/s unencrypted
traffic.
Is anyone using an OpenBSD/pf solution in a production environment
like this? What hardware are you using? How's it holding up? :-)
I'm fascinated to hear about anyone who has put the house on this
combination and succeeded, and whether they've implemented hot
failover etc.
Thanks in advance,
Andrew
