Have a customer with a hard problem. They need to handle very high data rate traffic, VPNs, and all manner of things. Imagine a GbE in (or more).
They asked us to build a firewall that could handle this. Most of the appliance firewalls have some capability, but few will really survive a serious traffic onslaught. Most use very low power processors, on purpose, because most of the time the traffic isn’t intense.
We’ve been looking at such things for a while, and had settled on pfSense as the software stack. I shouldn’t say settled. This isn’t quite right. More correct is “chosen” or “decided upon” after a fairly exhaustive search.
Got it set up on a fairly beefy (for a firewall) box. pfSense took to it, no problems. Spent a bit too long trying to figure out why my NAT rules didn’t quite work (client side config/pilot error).
I had to build/config the driver for 10GbE on a different platform and move it over. I don’t think we are going to saturate this 10GbE port due to the current design, but with a little work, I am sure they could. This said, there is ample processing and memory firepower in this unit, so it wouldn’t surprise me to see it running flat out in a very short period of time.
And the techie/geeky part was that I got to play with FreeBSD for the day job (and get paid for it too …). Everyone say “whoa….”
Viewed 19790 times by 3507 viewers