Re: [pfSense] Configs or hardware?

2018-02-19 Thread Eero Volotinen
Maybe. I think that hardware can still do full gigabit nat and firewalling. -- Eero On Mon, Feb 19, 2018 at 7:12 PM, Moshe Katz wrote: > On Mon, Feb 19, 2018 at 10:42 AM, Paul Mather > wrote: > > > On Feb 19, 2018, at 10:10 AM, Eero Volotinen

Re: [pfSense] Configs or hardware?

2018-02-19 Thread Moshe Katz
On Mon, Feb 19, 2018 at 10:42 AM, Paul Mather wrote: > On Feb 19, 2018, at 10:10 AM, Eero Volotinen > wrote: > > > Well. Does it require so much power, that I cannot run it on intel core2 > > quad Q9400, 2.66Ghz processor (4 cores) ? > > > What a

Re: [pfSense] Configs or hardware?

2018-02-19 Thread Paul Mather
On Feb 19, 2018, at 10:10 AM, Eero Volotinen wrote: > Well. Does it require so much power, that I cannot run it on intel core2 > quad Q9400, 2.66Ghz processor (4 cores) ? What a curious question. It does not require "so much power" but it does require a minimum

Re: [pfSense] Configs or hardware?

2018-02-19 Thread Eero Volotinen
ago... > > >>>> > > >>>> How long does a project need to wait before it can require a feature > > found > > >>>> on all major x64 processors? Waiting 8-9 years seems reasonable to > me. > > >>>> > > >>>> Give

Re: [pfSense] Configs or hardware?

2018-02-15 Thread Walter Parker
;>> feature I will not use... > >>>>> > >>>>> I shame Netgate for such an artificial limitation... > >>>>> > >>>>> Thank you for the information. > >>>>> > >>>>> On

Re: [pfSense] Configs or hardware?

2018-02-15 Thread Walter Parker
gt; >>>>> that we see as part of pfSense verison 2.5, pfSense Community Edition > >>>>> version 2.5 will include a requirement that the CPU supports AES-NI. > On > >>>>> ARM-based systems, the additional load from

Re: [pfSense] Configs or hardware?

2018-02-15 Thread Kyle Marek
tml>. ARM v8 CPUs >>>>> include instructions like AES-NI >>>>> <https://www.arm.com/files/downloads/ARMv8_Architecture.pdf> that can be >>>>> used to increase performance of the AES algorith

Re: [pfSense] Configs or hardware?

2018-02-15 Thread Joseph L. Casale
-Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Kyle Marek Sent: Thursday, February 15, 2018 10:38 AM To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org>; Eero Volotinen <eero.voloti...@iki.fi> Subject: Re: [pfSe

Re: [pfSense] Configs or hardware?

2018-02-15 Thread Kyle Marek
x >> will be >>>> a major rewrite >>>> >>>> >>>> -Ed >>>> >>>> -Original Message- >>>> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero >>>> Volotinen >>>>

Re: [pfSense] Configs or hardware?

2018-02-15 Thread Eero Volotinen
gt; > > > >> I believe I read somewhere that the new version that requires aes-ni > > will > > >> be 3.x, and they plan to continue the 2.x line alongside it, as 3.x > > will be > > >> a major rewrite > > >> > > >> > >

Re: [pfSense] Configs or hardware?

2018-02-15 Thread Walter Parker
n to continue the 2.x line alongside it, as 3.x > will be > >> a major rewrite > >> > >> > >> -Ed > >> > >> -Original Message- > >> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero > >> Volotine

Re: [pfSense] Configs or hardware?

2018-02-15 Thread Kyle Marek
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero >> Volotinen >> Sent: Thursday, February 15, 2018 12:14 PM >> To: Kyle Marek <pspps...@gmail.com> >> Cc: pfSense Support and Discussion Mailing List <list@lists.pfsense.org> >> Subject: Re

Re: [pfSense] Configs or hardware?

2018-02-15 Thread Eero Volotinen
o > Volotinen > Sent: Thursday, February 15, 2018 12:14 PM > To: Kyle Marek <pspps...@gmail.com> > Cc: pfSense Support and Discussion Mailing List <list@lists.pfsense.org> > Subject: Re: [pfSense] Configs or hardware? > > Well. Next version of pfsense (2.5

Re: [pfSense] Configs or hardware?

2018-02-15 Thread Edwin Pers
, February 15, 2018 12:14 PM To: Kyle Marek <pspps...@gmail.com> Cc: pfSense Support and Discussion Mailing List <list@lists.pfsense.org> Subject: Re: [pfSense] Configs or hardware? Well. Next version of pfsense (2.5) will not install into hardware that does not support AES-N

Re: [pfSense] Configs or hardware?

2018-02-15 Thread Eero Volotinen
Well. Next version of pfsense (2.5) will not install into hardware that does not support AES-NI, so buying such hardware is not wise ? Eero On Thu, Feb 15, 2018 at 7:01 PM, Kyle Marek wrote: > I have not had such an issue. Using 2.4.2 with System Information widget > saying

Re: [pfSense] Configs or hardware?

2018-02-15 Thread Kyle Marek
I have not had such an issue. Using 2.4.2 with System Information widget saying "AES-NI CPU Crypto: No". On 02/15/2018 11:55 AM, Eero Volotinen wrote: > Please note that next pfsense will not install hardware that is not > supporting aes-ni? > > Eero > > On Thu, Feb 15, 2018 at 6:37 PM, Kyle

Re: [pfSense] Configs or hardware?

2018-02-15 Thread Eero Volotinen
Please note that next pfsense will not install hardware that is not supporting aes-ni? Eero On Thu, Feb 15, 2018 at 6:37 PM, Kyle Marek wrote: > This board does round-up gigabit (something like 976 Mb/s) in both > directions on all 4 interfaces:

Re: [pfSense] Configs or hardware?

2018-02-15 Thread Kyle Marek
This board does round-up gigabit (something like 976 Mb/s) in both directions on all 4 interfaces: https://www.amazon.com/dp/B00XNR4HE2/ The key for me here was the interrupt coalescence of these particular Intel NICs. A very similar board with Broadcom NICs that lacked this feature maxed out the

Re: [pfSense] Configs or hardware?

2018-02-15 Thread Ivo Tonev
Try increasing network buffers via "system tunables". Em 15 de fev de 2018 12:14, "Michael Munger" escreveu: > TL; DR. > > On 1Gbps downloads, our pfSense firewalls are performing poorly with > speed tests of ~400Mbps. It's either pfSense configs (not likely) or the

Re: [pfSense] Configs or hardware?

2018-02-15 Thread Joe Landman
On 02/15/2018 09:14 AM, Michael Munger wrote: TL; DR. On 1Gbps downloads, our pfSense firewalls are performing poorly with speed tests of ~400Mbps. It's either pfSense configs (not likely) or the hardware (more likely). I do not want to buy a commercial box. For our corporate network, we use

Re: [pfSense] Configs or hardware?

2018-02-15 Thread Eric W
Also, this is an incredibly common question on the pfSense forums. (Not trying to be condescending, just stating.) I racked my mind trying to figure something out when, like you said, it’s a solved problem. Basically, get a reasonably powered computer and put some real Intel NICs in it and

Re: [pfSense] Configs or hardware?

2018-02-15 Thread Eric W
I have an optiplex 970 (possibly 980, don’t recall) with 16GB RAM and a quad port Intel NIC that handles gigabit fiber with no issues at all. I managed to order a knockoff NIC (half the thing’s from eBay), so I’m surprised it’s performing this well, but it’s been rock solid. Granted it’s for

Re: [pfSense] Configs or hardware?

2018-02-15 Thread Eero Volotinen
Hi, This hardware can do gigabit (wirespeed) NAT/FW https://www.amazon.com/gp/product/B016VHBA7C (tested on my home, using symmetric gigabit line...) but, I we use NetGate SG-8860 on our main offices:

[pfSense] Configs or hardware?

2018-02-15 Thread Michael Munger
TL; DR. On 1Gbps downloads, our pfSense firewalls are performing poorly with speed tests of ~400Mbps. It's either pfSense configs (not likely) or the hardware (more likely). I do not want to buy a commercial box. For our corporate network, we use HP DL360s, so zero problem there.I need something