F5F Stay Refreshed Power Users Networks High-performance router compatible with gigabit ISP and security solutions

High-performance router compatible with gigabit ISP and security solutions

High-performance router compatible with gigabit ISP and security solutions

Pages (2): Previous 1 2
M
Melchio
Junior Member
Find
22
03-07-2016, 06:33 PM
#11
We received a proposal for a Fortigate 900D model. It seems capable of packet inspection and IPSEC at high capacity, priced around $30,000. As a Fortinet partner with a 15% discount, the 5 Gbps version was nearly six figures. At about 300 Mbps for $2,000 it’s quite affordable, especially since some features are active that could boost performance. Fine-tuning DPI and rules can further enhance throughput.
Reply
Reply
M
Melchio
03-07-2016, 06:33 PM #11

We received a proposal for a Fortigate 900D model. It seems capable of packet inspection and IPSEC at high capacity, priced around $30,000. As a Fortinet partner with a 15% discount, the 5 Gbps version was nearly six figures. At about 300 Mbps for $2,000 it’s quite affordable, especially since some features are active that could boost performance. Fine-tuning DPI and rules can further enhance throughput.

Reply
Reply
M
MrGasth
Member
Find
226
03-12-2016, 10:38 AM
#12
It's not very dependable. While it might work under ideal circumstances, the method of load balancing tends to change frequently.
Reply
Reply
M
MrGasth
03-12-2016, 10:38 AM #12

It's not very dependable. While it might work under ideal circumstances, the method of load balancing tends to change frequently.

Reply
Reply
M
mrdouble13
Junior Member
Find
16
03-12-2016, 12:04 PM
#13
It seems the USG performance drops significantly—around 85 Mb/s when IPS/IDS is enabled. The USG Pro offers up to 250 Mb/s, while only USG models with gigabit capability are truly capable of that speed. The most affordable choice might be using pfSense or other compatible software.
Reply
Reply
M
mrdouble13
03-12-2016, 12:04 PM #13

It seems the USG performance drops significantly—around 85 Mb/s when IPS/IDS is enabled. The USG Pro offers up to 250 Mb/s, while only USG models with gigabit capability are truly capable of that speed. The most affordable choice might be using pfSense or other compatible software.

Reply
Reply
S
SiphonicVirus
Member
Find
201
03-12-2016, 04:04 PM
#14
Unless you're running something reachable beyond your local network, I don't think an IDS/IPS is necessary right now. Most of your outbound traffic is already secured. If you need access from outside the network, you can install a tool like Suricata between that service and your router. This avoids dealing with complex double NAT configurations.
Reply
Reply
S
SiphonicVirus
03-12-2016, 04:04 PM #14

Unless you're running something reachable beyond your local network, I don't think an IDS/IPS is necessary right now. Most of your outbound traffic is already secured. If you need access from outside the network, you can install a tool like Suricata between that service and your router. This avoids dealing with complex double NAT configurations.

Reply
Reply
X
xoxo_sambo56
Member
Find
89
03-12-2016, 09:10 PM
#15
When setting up a PC for your needs, Sophos provides a complimentary home edition of their UTM, featuring IPS capabilities. The main constraint is the number of internal IP addresses protected, which is limited to 50. It could be useful to check their forums to assess whether your system can manage the required data flow. https://www.sophos.com/en/products/free-...ition.aspx Additionally, keep in mind that when security products mention throughput, they often refer to sustained traffic levels rather than instantaneous rates. For instance, a 1GB connection might suggest a device with 500MB capacity—though actual performance varies. Generally, such devices perform adequately for typical 1GB links. Moreover, if the appliance runs tasks like SSL inspection, it can be quite demanding on the CPU and may significantly impact throughput based on encryption strength. Organizations with high bandwidth usage usually benefit from dedicated hardware that offloads SSL processing to specialized solutions.
Reply
Reply
X
xoxo_sambo56
03-12-2016, 09:10 PM #15

When setting up a PC for your needs, Sophos provides a complimentary home edition of their UTM, featuring IPS capabilities. The main constraint is the number of internal IP addresses protected, which is limited to 50. It could be useful to check their forums to assess whether your system can manage the required data flow. https://www.sophos.com/en/products/free-...ition.aspx Additionally, keep in mind that when security products mention throughput, they often refer to sustained traffic levels rather than instantaneous rates. For instance, a 1GB connection might suggest a device with 500MB capacity—though actual performance varies. Generally, such devices perform adequately for typical 1GB links. Moreover, if the appliance runs tasks like SSL inspection, it can be quite demanding on the CPU and may significantly impact throughput based on encryption strength. Organizations with high bandwidth usage usually benefit from dedicated hardware that offloads SSL processing to specialized solutions.

Reply
Reply
I
IMayBeDead
Senior Member
Find
696
03-13-2016, 03:55 AM
#16
I ended up installing a Pfsense system using the hardware I bought from RE-PC in Seattle. It was a $60 Dell Opteron i3 with a TP-Link card added for around $14. The device handles everything efficiently, achieving only 3% utilization during full-speed downloads. This setup works well for me since I need QoS features to manage the ~60 devices we run together.
Reply
Reply
I
IMayBeDead
03-13-2016, 03:55 AM #16

I ended up installing a Pfsense system using the hardware I bought from RE-PC in Seattle. It was a $60 Dell Opteron i3 with a TP-Link card added for around $14. The device handles everything efficiently, achieving only 3% utilization during full-speed downloads. This setup works well for me since I need QoS features to manage the ~60 devices we run together.

Reply
Reply
Pages (2): Previous 1 2