Your aren’t going to terminate the ssl connections on The firewall ??? what benefit would ssl accelerators provide.
We are planning something similar at the moment. My present thoughts are to use opteron processors on the vpn servers. And run pfsense on that hardware. And then forget above ssl and ipsec accelerators. Let the core hardware do the work. The stats that I have seen make me seem to think that acceleration is just generally lots of cpu and good throughput Just two cents worth don't know if it will help you but then again your replies might help me. -----Original Message----- From: Vivek Khera [mailto:[EMAIL PROTECTED] Sent: 21 October 2005 13:22 To: [email protected] Subject: Re: [pfSense Support] PFsense as PN server On Oct 20, 2005, at 5:27 PM, Rainer Duffner wrote: >> when i get around to it and buy some cards i'll report back >> here... :-) >> >> > > THX. > I've got no problem buying the Soekris card (with the company > CreditCard, that is <g>) - but at 70 quid (€) - what can I expect? > ;-) > Well, here's what I know. There are basically three chipsets that implement crytpo in hardware. There are three drivers in FreeBSD that work with them: hifn(4), safe(4), and ubsec(4). Of these, the hifn(4) driver seems to register to support many more modes of operation than the other two do, especially if you use the recent chipsets. The current Soekris 1401 card uses the hifn 7955 chip, so one would expect that most IPsec operations are accelerated. However, the man page for the driver says this about the chip: Support for the 7955 and 7956 is incomplete; the asymmetric crypto facil- ities are to be added and the performance is suboptimal. So everything is just confusing beyond belief now. The cards using the ubsec(4) driver support async operations (eg, RSA needed for SSL accelaration). So which card to choose depends on what your use for it will be. Here are the links to the cards I am considering so far: http://www.safenet-inc.com/products/accCards/safeXcel171.asp http://www.gtgi.com/products_powercrypt5x.php http://www.soekris.com/vpn1401.htm I have need for both IPsec use on my pfSense box as well as SSL acceleration on my front-end web servers, so I may end up buying different cards for each purpose. I guess it depends on price, even when using the company card. :-) I suspect the Soekris will be great for IPsec workload. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.12.2/140 - Release Date: 18/10/2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.12.2/140 - Release Date: 18/10/2005
