My apologies for another post about firewall appliances. I did a review of hardware posts and didn’t see hardware rec’s for lots of multiwan connections.
I’m hoping to build a 1U or 2U appliance for at or under $1kUSD.
I have 3x 1Gb synchronous fiber WAN + 4x Starlink WAN for failover. I’d like to install all 2.5Gb ethernet ports and 10Gb SFPs. Why not Netgate- well I don’t see any Netgate hardware that even has that many ports (7WAN + LAN).
I need to be able to support 40-70k sessions/min with IPS (pfblocker et al) and around 20 OpenVPN connections.
I’ve used Protectli devices for years without issue, but I can’t find a router appliance that has at least 6x 2.5gb ethernet ports + 2x 10Gb SFP with an i7 processor (I’m not against using Xeon) and at least 16Gb of RAM. With internet speeds increasing and demand also increasing (or at least client expectations), I don’t want any potential bottlenecks for the next couple of years due to hardware.
First thing to check is if every service you want to run will operate multithreaded, once upon a time Suricata did and Snort didn’t, they might have fixed that by now.
I would build this on at least a 2u chassis, maybe 4u to be able to use any cards available. 2u will limit you to half height cards or only two cards on a riser. I/O is going to be the big question too, you are going to need a pair of four port 2.5gb cards, plus two port 10gb card. I might be wrong, but I think each of these will want a PCIe 3.x 8x slot to work at full speed.
I’d also think about increasing ram up to 32 or 64gb, that seems like a lot of traffic. Add in the OpenVPN and I think you will want the extra RAM.
You might also want to look at the Netgate TNSR product which they say is higher performance, but check hardware needs. TNSR Overview