Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
This doesn't make sense. Why would it _keep open_ tens of thousands of connections? And even if, http://www.openbsd.org/faq/pf/perf.html:Zarathustra[H];1038257768 said:Or about one steam PC refreshing server lists...
Zarathustra[H];1038257768 said:Or about one steam PC refreshing server lists...
This doesn't make sense. Why would it _keep open_ tens of thousands of connections? And even if, http://www.openbsd.org/faq/pf/perf.html:
"Huge amounts of RAM are not needed -- 32MB should be plenty for close to 30,000 states, which is a lot of states for a small office or home application. Most users will find a "recycled" computer more than enough for a PF system -- a 300MHz system will move a large number of packets rapidly, at least if backed up with good NICs and a good ruleset. "
If you overkill your router boxes, you're doing it wrong. A web cache doesn't belong on a router anyway.
Edit: state tables actually speed up packet processing because a state entry is actually a shortcut, bypassing ruleset evaluation for that packet.
http://i.imgur.com/l7tzy.png
My state table when opening the steam server browser. 5000 servers found creates 30,000 states. I've seen total servers reach 15k. but you get the point. Like I said i have mine set to 1,000,000. I think at this LAN tomorrow I am going to try to get it as close to 1,000,000 as i possibly can. I'm going to get everyone to open the browser and their torrenting programs at once.
At a smaller LAN we were able to crash a Pentium 3 512MB pfsense box doing this. Made it become completely unresponsive.
This one is a little beefier. As you can see its a C2D with 2GB of ram. I dont think we'll crash this one, but we will try!
Either way.... state table is directly related to your internet performance. Once 1 person opens the steam browser, or starts their torrent program most routers come to a crawl. Its not because of bandwidth. Its because of the state table. Browsing the internet is like watching a slide show as the router can no longer make new connections.
I understand this was never Untangle's purpose but this is whey i cannot use it.
Also nobody answered my question if untangle is behind pfsense in bridge mode will the state table become irrelevant?
What do those states look like? I'd really like to know what Steam is using at least 5 connections per server for.http://i.imgur.com/l7tzy.png
My state table when opening the steam server browser. 5000 servers found creates 30,000 states.
You doing all those with just steam? Or using a benchmark session creating tool like matrix behind the scenes to exaggerate a point you're trying to make?
What do those states look like? I'd really like to know what Steam is using at least 5 connections per server for.
Edit: To say it again, states scale exponentially with processing power. Doubling the amount of states only requires on additional comparison. So a big amount of states - even if there's no traffic flowing concurrently - is unlikely to impact performance much. Finding a state among even hundreds of thousands is _nothing_ even for old CPUs.
Your WAN traffic is at 120Kbps/55Kbps in/out respectively, so those states are not even actively carrying traffic.
If you want to verify this, try the following: Ping a host beyond the pfsense box and as close to it as possible when th state count is low. Then browse your Steam server list multiple times to generate hundreds of thousands of states. Then ping the same host as before again. Post the resulting latencies.
What do those states look like? I'd really like to know what Steam is using at least 5 connections per server for.
That's the definition of over-kill: its never a problem again.
Isn't that the project run by a somewhat belligerent British man?
I run a pfSense + Untangle one-two combo. The Untangle box is in transparent mode behind my pfSense firewall. pfSense also terminates my VPN's since it's free (Untangle can suck me).
That being said, I do like Untangle. I only pay for Policy Manager which is like $50/year. I have kids that need to have their surfing habits tamed and Untangle does a better job than pfSense. Between the firewall, phish blocker & web filter lite modules, I manage to keep them out of anything I want. With Policy manager, I let them hit Facebook and chatting one hour a day.
As much as I like the other modules too, like spyware, intrusion and antivirus, I probably wouldn't run an Untangle box in parallel with pfSense if it weren't for my specific....uh..."kid filter" needs.
(Those free modules are rudimentary at best, but every little bit helps.)
Untangles VPN is free too ? However it doesn't support vlans, so to build more subnets / networks you need multiple network cards in a box.. OR a nice expensive layer3 switch..
IPSEC starts at $270/year. Not quite free unless you're Bill Gates.
IPSEC starts at $270/year. Not quite free unless you're Bill Gates.
You're forgetting that ANY UT subscription comes with support. I've called them twice since I started using it, and I had my problem solved nearly instantly. From dialing, to hanging up, One call was 3 minutes long, the other was around 4 minutes. That's truly epic . They even spoke good english.
The paid options don't really make sense for a home user, but if you're running a larger business, it can be well worth it, especially with that caliber of support.
You're forgetting that ANY UT subscription comes with support. I've called them twice since I started using it, and I had my problem solved nearly instantly. From dialing, to hanging up, One call was 3 minutes long, the other was around 4 minutes. That's truly epic . They even spoke good english.
The paid options don't really make sense for a home user, but if you're running a larger business, it can be well worth it, especially with that caliber of support.
Zarathustra[H];1038265398 said:What would be the best way to get Untangle and pfSense to run on the same box?
I'm thinking pfSense as a firewall and router, and Untangle in line as a pass through.
Can this be done?
PfSense installed on a machine with a virtual machine with BSD as the host and pfSense as the guest?
Untangle is about 1000 times simpler than a real firewall, like Checkpoint or a Cisco ASA, I can't imagine needing much support unless there truly was a bug. (that is both an attack and a praise. It's simple, but it usually just works).
ESXi would be where i'd look first.
Be warned that I had a terrible time getting both to work without jitter. Yes, they technically worked with ESX, but my VoIP quality was erratic and suffered due to the time slicing. Untangle was the bigger culprit. I now use two physical boxes. YMMV.
You should be able to virtualize them fine...just not as dense with other VMs. I run VoIP through Untangle on ESXi and it's fine, but my CPU use is usually very low. Check CPU %READY on your ESXi hosts to get an idea if VMs are having to wait to be scheduled on a core.
You're forgetting that ANY UT subscription comes with support. I've called them twice since I started using it, and I had my problem solved nearly instantly. From dialing, to hanging up, One call was 3 minutes long, the other was around 4 minutes. That's truly epic . They even spoke good english.
The paid options don't really make sense for a home user, but if you're running a larger business, it can be well worth it, especially with that caliber of support.
Untangle is about 1000 times simpler than a real firewall, like Checkpoint or a Cisco ASA, I can't imagine needing much support unless there truly was a bug. (that is both an attack and a praise. It's simple, but it usually just works).
Be warned that I had a terrible time getting both to work without jitter. Yes, they technically worked with ESX, but my VoIP quality was erratic and suffered due to the time slicing. Untangle was the bigger culprit. I now use two physical boxes. YMMV.
Please, don't even. The feature list between Untangle's firewall and something like a Cisco ASA is a mile wide.Implying Untangle is a "fake firewall"?
Yes, that is what I did. My server wasn't too powerful, but was well within the specs to run ESXi 4.0u1 at the time. I even dedicated a CPU to Untangle. It ONLY ran pfSense and Untangle, and my latency and jitter was noticeably erratic. But like I said, YMMV.Zarathustra[H];1038266845 said:1.) Would the configuration look something like this?
Yes, that is what I did. My server wasn't too powerful, but was well within the specs to run ESXi 4.0u1 at the time. I even dedicated a CPU to Untangle. It ONLY ran pfSense and Untangle, and my latency and jitter was noticeably erratic. But like I said, YMMV.
Zarathustra[H];1038267626 said:If you don't mind me asking, what were those specs?
I glanced over both pages and didn't really anyone mention Astaro for a router, it's got a very steep learning curve but once you get the hang of it. It is a breeze to maintain and keep running and it's very stable.
I have mine running on a Core2Duo 2GHz with 4GB of RAM and never have an issue with it, even have a VLAN setup with my 8 port HP switch and a VPN connection as well. All free for everything since it is a home license.
Please, don't even. The feature list between Untangle's firewall and something like a Cisco ASA is a mile wide..
I'm not trying to compare it to other brands...I'm trying to stop myself from laughing at you as to why you're calling it a fake firewall.