On Fri, Mar 2, 2012 at 4:00 PM, Nathan Eisenberg <[email protected]>wrote:
> Dual quad core 5420s, 8GB RAM, ~915Mbps. Would have taken more if the > interfaces weren’t full or were lagged.**** > > ** > Gig wire speed is no problem at larger packet sizes (at all 64K packets, not going to happen, but that's true of every security device on the planet). I've seen 3 Gb LACP pushing 3 Gb. ** > > Also seen 200k states on that box, but it was boggy at that point. > Stateful firewalls only go so far (that goes for iptables/conntrack **on** > the servers behind the firewall, too). > 200K states isn't actually that much at all. I see about one box a week at random with that many or more. In much more extreme examples, several security consulting and PCI ASV service providers put their scanners behind pfsense because it's great at handling up to millions of simultaneous connections, which is either impossible or will cost you as much as a house with a commercial firewall.
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
