Thread replies: 11
Thread images: 1
Thread images: 1
Anonymous
Sophos UTM9 or Pfsense 2017-05-18 03:35:30 Post No. 60457100
[Report] Image search: [Google]
Sophos UTM9 or Pfsense 2017-05-18 03:35:30 Post No. 60457100
[Report] Image search: [Google]
File: 2017-05-10 01_54_27-.png (6KB, 305x97px) Image search:
[Google]
6KB, 305x97px
I got a new 1gbps down and up connection and was wanting a decent router to match with it and couldn't really find anything in the consumer space that would allow QoS, IPS, VPN, and firewall all while still maintaining my full 1gbps speeds.
From what I can see, even the higher end $200-300 consumer routers top out at ~500mbps with a VPN service and QoS.
Anyone have any experience with Sophos UTM9 or Pfsense and what sort of hardware would be required to get full ~950mbps of throughput even with pack shaping and threat monitoring?
>>
No network gurus on tonight with first hand experience on either one?
>>
Me raki mx whatever or Sonicwall tz300, I think the low end merakis are cheaper and they'll do everything you want
I don't think you'll find consumer freeware shit with the features, throughput, and stability you want
t. CCNP routing switching
>>
>>60457419
>Sonicwall tz300
Wont even do over 300mbps for VPN traffic.
And forget about DPI, under 50mbps.
The cheapest Meraki MX would be the MX40 at ~$15,000.
Sophos UTM9 with a custom box I build myself would get me 90% of the MX40 at 1/20th the cost.
>>
>>60457464
>MX40
meant MX400
It takes significant hardware to do DPI on 1gbps traffic.
>>
>>60457464
Didnt know the lower end merakis werent gig my bad
Why would you need to do dpi on your home network, why would you need more than 300 mb throughput over a s2s vpn
>>
>>60457561
Why would I need 1gbps for a home connection??
because I can.
>>
Anyway looking online, I can build a box for around $1500 new, or buy some used dell server for around $1000 and throw UTM9 on it.
>>
>>60457573
You can legitimate wants / needs for a gig home Internet line, but even then the need for dpi is still non existent and the chances of you trying to vpn to somewhere else that also has gig is slim. When the majority of Internet connections are gig then hardware will catch up
If you plan on using this to learn and fuck around with then you still don't need any of that at a high throughput
I've heard good things about utm if you can spend the time with it, I've never had to touch unfortunately can't give too much opinion on it. My gut says that it may do what you want feature wise but will end up unstable or sacrifice something else
>>
Also, I've seen worked with some cheap iaas providers that ran on pfsense before with the hardware to back it up obviously. They overall had good experience with it, only huge issue I remember was vpns didn't auto renegotiate
>>
>>60457660
Oh yeah for sure it's mostly just to mess around with, but i'd like to try to get as close to my full speeds through a VPN if possible, DPI would just be for fucking around with more than anything, as getting more than 900mbps for DPI would require some serious compute power, going by the quoted Cisco specs for the Merkai line, and the Sonicwall specs for their NSA hardware, to get something that would do DPI at the speeds I have would be at minimum $10,000.
I could probably put together a similar build in terms of hardware for $3.5-4k through dell, or around 2.5-3k myself. Then load Pfsense or UTM9.
Or I go for cheap used stuff and just cap myself at a more reasonable budget and deal with "only" 300-500mbps for DPI.
Thread posts: 11
Thread images: 1
Thread images: 1