|Blog Category: Info||Author: bha28.07.2018|
pfSense is a very popular firewall operating system. pfSense can be downloaded from the official website pfsense.org . We provide tested hardware for pfSense, OPNsense, IPfire, ClearOS, RouterOS, etc. If wished we will install them, e.g. pfSense for only 16 EUR/net.
Today I want to show you how we test the hardware with software, for compatibility and achieved TCP throughput after the default installation.
Compatibility is given when the software can be successfuly installed and the performance is like comparable hardware. That means the device drivers for SATA, USB devices and network adapters must be included. Even if missing drivers can often be installed. Nevertheless, the hardware is not compatible for us because this task is not easily solved even if there are drivers from the manufacturer. We write in such case, e.g.
Onboard network adapter not recognized!See Sylbek-Firewall-Hardware-Appliance.pdf.
TCP Throughput measurement is performed after successful compatibility test without configuration adjustments
In the case of pfSense v2.4.3 and 10Gbit dual network adapter Intel X550-T2, the following additional hardware and software were used, see table.
iPerf Benchmark Utility was used for the measurement.
How to measure with iPerf
With pfSense, iPerf in version 126.96.36.199_3 can be easily installed through /System/Package Manager. Then load iperf Server via the Diagnostics menu.
iPerf for Windows (also in version 2) can be downloaded from here. After unpacking enter in the DOS-Window:
iperf -c SERVER_IP
Firstly, a direct measurement test was performed between Windows7 Mini Computer and pfSense Server. Result 9.75 Gbits/sec. This good result means that the hardware with CPU i5-7500 and Xeon E3-1220v3 is sufficient for 10 Gbit network.
The measurement for 10 parallel connections was made by entering:
iperf -c 192.168.0.1 -P 10
After repeated measurements, an average result of 7.65 Gbits/sec was determined, see section below.
This is a high score for TCP-Throughput, achieved with pfSense 2.4.3.
Under the same conditions throughput values for OPNsense 18.1.6 (7.18 Gbits/sec), IPfire 2.19.20 (5.17 Gbits/sec) or ClearOS 7.5 (6.49 Gbits/sec) were lower. However, with Mikrotik RouterOS 6.40.8 (32bit embedded system) an average value of 8.23 Gbits/sec was achieved.
IPfire and RouterOS were not compatible with Intel X550-T2 (until the time of this test), so X540-T2 was used. Please take this into account when ordering to select the appropriate network adapter.
In conclusion, the network performance of the Intel G4560 (2 cores, 4 threads) is impressive. Apparently there are even reserves, since the CPU usage was at about 92%.
This firewall hardware as in the test (incl. Intel X550-T2 & pfSense Installation) cost far less than 1000 EUR net (3 pieces under 900 €). For current prices with other processors, more memory see: Firewall 19inch 1U Hardware Appliance SBR711-1U-FW.