My home network will outgrow its 1G bandwidth within the year. And I will need to start looking at upgrading my network to 10G. I have additional equipment I need to add that includes NAS storage. I also want to add a POE camera to the network. I know the switches I will get will be Ubiquiti. But I’m concerned that my pfSense will become a bottleneck issue since it is a Protectli Vault that I’ve installed pfSense on. This is only a 1G firewall. All the rest of my devices will be upgraded and connected to 10G except for my Wifi. My question is, do I need to be concerned that my firewall is 1G?
You should be fine with 1G on the firewall,
The firewall is only used for routing traffic between the different networks, as camera are 100/1000mb this will be fine,
For routing traffic on the same network arp is used and traffic does not hit the firewall.
1 Like
If you are using vlans and have a lot traffic I’d guess it might, though I doubt it in a “normal” situation. I’d keep the Protectli, put them in a LACP LAGG to the switch then inspect the outcome if you really have a lot of traffic from multiple machines then it might mitigate the extra purchase.
2 Likes
Keep in mind that the throughput of your firewall is likely lower than 1G and depends on what security services you might be running. If you are just filtering L4 and down it should be ok, but if you get into deeper inspection of your traffic it will be more of a bottleneck.
Also, although LACP is good to have in place, don’t expect an increase in traffic throughput. Your firewall processing traffic and the nature of the LACP algo will still have limitations.
1 Like
Keep in mind that if you’re planning to do VLANS you need 10 gig networking on pfsense otherwise it will slow the network down. If 1 gig is all you care about then it’ll be fine.
That’s the thing I’m trying to figure out. Right now, my VLANs are all on my pfSense. But the 10G switches I can get with Ubiquiti are L3. I assume; I would have to move all my VLANs to the L3 switch. So, would I need a 10G pfSense? And if I do, that would be expensive since I would need to move to the TSNR for the fast routing.
I bought few used mellanox connectx 4-lx dual NIC off of Ebay really cheap. Usually under $50. Those work really well in pfsense. I bought the 10 gig fiber transceivers coded for mellanox from fs.com for $20 each. You can get copper 10 gig transceivers if you want. Also on fs.com.
I am using pfsense plus which handles 10 gig networking just fine. Not sure if you really need to load TSNR as it’s designed for 10 gig and above. TSNR is pure command line.
Oh, that’s interesting. I’ve read elsewhere that unless you’re using the TSNR. pfSense wouldn’t be able to handle the 10G very well. But thanks for the information. I’ll look into it. Also, what hardware are you using for your pfSense? Is it custom?
2.5 GBE switches and cards is a great approach from my experience. Really cheap to step up to and you will get the 2.5 performance whereas 10GB is not acheivable and costs about 4 times more for the upgrade to your infrastructure.
I know this from doing it!