Netgate hardware specs and selecting a firewall

I am trying to size a firewall for a particular client and due to the basic nature of the reuqreiments, a pfsense would do well here. The problem I am having is that the Netgate website doesn’t provide any good context surrounding their products.
So being in the enterprise space, if I want to see how to select a firewall I focus on CPS, Throughput (total). And what does throughput look like with certain features enabled such as IDPS or ClamAV running (all threat prevention perhaps), Max sessions, etc.

Im happy that netgate includes IMIX traffic as a data point but telling me it can push 1.2Gbps for example is useless to me. There is no context around the IPERF or IMIX data they give me for each hardware.

To compare both Opnsense (Deisco) and Palo Alto for example, post these performance metrics for each hardware that they sell. This , IMO, is the correct way of creating a baseline in your head as to which model would fit a location.

Any advice on how I select a NetGate firewall is welcome.


If it is used just for edge traffic (north/south) I would think a 2100 or 4100 is fine. If it will service internal traffic (east/west) than I would go no smaller than a 6100 or find a different hardware platform.

Mainly I am looking at the IMIX firewall numbers. If the customers internet connection is 250Mbps or less than the 2100 should be good. If it is greater, than I would go with the 4100.

I tend to focus more on the IMIX as well as (imo) that’s the relevant metric not iPerf.
Regardless the numbers don’t provide context like - total firewall throughput. Are we measuring North South and East West traffic flows at the same time?

In most cases, east/west traffic is the larger number so I would just look at that when sizing.