05-15-2013 02:17 AM
I've read the user manual and some of the wikipages, but I still have a few questions.
We're seeing performance issues with our current virtual PfSense firewall (CPU maxed at times) and thinking about trying out the EdgeMax Lite as a replacement, as we've been reasonably satisfied our recent Unifi rollout.
Is the following scenario plausible in terms of throughput / features in EdgeMax Lite? I guess one of the more advanced EdgeMax models would be more suitable for our needs, but since they're not out yet, I was wondering if we could get at least some performance boost out of using the Lite, or whether we have to look at other hardware options.
* Network1: 100/100 mbit internet connection (upgraded to 1/1 Gbps shortly).
* Network2: IPv4 NAT LAN with 400 clients (~35000 open connections)
* Network3: DMZ (e.g. briding the remaining static ips in our public IPv4 block for our internet facing services)
* DHCP disabled on the Edgemax. LAN clients get DHCP from by seperate box.
* QoS equivalent or better than our current port based rules in PfSense.
I'm mostly just interested finding in a drop-in replacement that can alleviate the performance issues we're having right now, but after that I guess we should slowly begin thinking about IPv6 and instead just continuing to do NAT (our carrier is IPv6 capable)?
Our current PfSense VM is at 100% utilization using one (out of four) 2.0GHz (2006) XEON cores and using 250mb RAM at 90/30 MBps load. I'm about to add another core which will hopefully help, but I don't see our setup scaling to higher speeds without some form of hardware upgrade.
Finally does anyone know if the syslog feature is detailed enough, that I can use it to log DHCP assignments (MAC/IP)?
Thanks in advance for any insights you might help us with,