MrGuvernment
Fully [H]
- Joined
- Aug 3, 2004
- Messages
- 21,912
thats good to know! learnt something new today about BSD!
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Pfsense firewall in Production
- Thread starter nev_neo
- Start date
The most current pf in OpenBSD is multi-treaded. The pfSense guys have said they intend to port it to FreeBSD asap, but I haven't heard a time frame.
Also, you definitely do benefit from a second core in pfSense. The box will be far more responsive when under heavy routing/inspecting workloads. There is a lot more going on than just pf inspecting packets.
Also, you definitely do benefit from a second core in pfSense. The box will be far more responsive when under heavy routing/inspecting workloads. There is a lot more going on than just pf inspecting packets.
OP here,
Just wanted to clarify that I wasn't getting rid of the ASA, just moving it to our main production environment for IPv6 connectivity and also active-passive backup.
BTW.. the pfsense firewall has been running pretty well for the past few weeks. Only issue I seem to have is loading any snort rules on causes snort to bomb out (does not come back up after a restart).
Just wanted to clarify that I wasn't getting rid of the ASA, just moving it to our main production environment for IPv6 connectivity and also active-passive backup.
BTW.. the pfsense firewall has been running pretty well for the past few weeks. Only issue I seem to have is loading any snort rules on causes snort to bomb out (does not come back up after a restart).
Its kind of unfortunate. What it comes down to is you can have a 256 core cpu but you're completely limited in throughput by the clock speed only.
For instance. Clock speeds being equal... and i7 wont out perform an i3 in this use.
