11/11/2023 0 Comments Sophos xg firewall home edition setupOPNsense (or any of the options listed) is relying 100% on the CPU for all of the NAT and routing, which means it needs a more powerful CPU, but adding more features doesn't suddenly tank performance like it would with an architecture that relies heavily on offload hardware. VPN has to go through the CPU but can use crypto offload, and most consumer grade wifi routers that support VPN certainly can't handle gigabit through the VPN. The Unifi family is notorious for being extremely limited in what you can do and still get gigabit throughput, since the hardware SoC can do NAT / simple firewall rules in hardware, and anything else sends packets through the CPU which is too slow to handle much at all. Most consumer routers use dedicated switch or router SoCs which include some routing functionality in hardware and also likely a crypro offload capability as well. Disk space is not going to be used much, 16Gb should be sufficient there, but going bigger helps reduce SSD wear in the long term. RAM is important for some things, with packages that do IDS/IPS and ntop using a considerable amount, but 4G should be adequate for OPNsense for a home firewall. Power efficiency would be much better on the Celeron though, the whole FW4B draws 16W max. Celeron is based on the Atom architecture families and not the Core ones, so this is Silvermont architecture, 4c/4t, 2.24ghzĤth gen 4 core i5 would be something Haswell? ( ark) It would be roughly 2-3x the CPU performance per core, for the same number of cores. The FW4B I have is a Celeron J3160 (ark). It would struggle to handle that along with VPN crypto load, so if you need high bandwidth VPN you will probably need a more powerful CPU. I bought a Protectli box, which came pre-installed with OPNsense as a free option, had the packages I wanted like ntopng and wireguard, and was easy to setup for me (coming from pfSense).Īs for speed, my Protectli FW4B can handle my 400/25 connection without any issues while running ntopng, which is a fairly heavyweight package. What I did want was Wireguard, which isn't included in the $50/year home subscription and requires the $150/year home protect plus, although OpenVPN is entirely free so I could have continued using that as I did with pfSense. However, you need the $50/year subscription for the good web filtering, and web filtering isn't really something I wanted anyway. Untangle is notably better at integrating web filtering with firewall rules, since they have a single 'rules' setup and you can mix normal policy routing type conditions (such as source/dest IP) with web filtering conditions (such as web site class or specific site) in the same firewall rule. Just after I did all of this, pfSense had a bit of an explosion over their poor quality Wireguard code, lots of bugs in their newest major release, closing the source, and generally pissing off the community, so I wanted to avoid that option even though I'd been using it since 2013. I tried Untangle, pfSense, OPNsense, and tried to install Sophos XG in an VM but it didn't seem to like that and I got mad at it and gave up. I recently switched from pfSense to OPNsense, and re-created my setup in OPNsense, along with much more (since the poor SG-1100 couldn't really do anything before). u/RoweDent created this awesome resource on network theory u/tht1kidd_ has created a suggestion post regarding information everyone needs to provide when asking a question about their network There have been some excellent guides written in this sub, and we're always looking for more! If you wish for your flair to be changed, please message the mods and we'll be happy to change it for you. Proof of at least 6 month's history of posting in this subredditĪs a result of this, users are now no longer able to edit their own flair. Your highest level of industry certification, or highest IT related job title held in the last 5 years to a comment you made in the last 6 months, helping someone in the community To obtain trusted flair for your account please message the mods of /r/HomeNetworking with the following info Trusted user flair has been added as a means of verification that a user has a substantial knowledge of networking. Please flair your posts as Solved, Unsolved, or simply Advice. If you can't find what you're looking for with the search function please feel free to post a new question after reading the posting guidelines Please use the search function to look for keywords related to what you want to ask before posting since most common issues have been answered.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |