Products Firewalla Gold SE Firewalla Gold Pro Firewalla Gold Plus Firewalla Purple Firewalla Purple SE Firewalla Wi-Fi SD Product Comparison Product Reviews

Comments

3 comments

Sort by Date Votes
  • Avatar
    Firewalla

    Hard to say, it really depends on the IP address, or the domain, or size (fragmentation) of the region block.  We quote 1000 for the Red, 10000 for the Blue ... and 40000 for the Gold.  

    As the number of blocks grows, there will be a hit in the data path as well.  And that again will depend on the diversity of the IP addresses blocked.  For example, we have seen people blocking >20 countries on the Gold, which does slow down the WAN side.   (And there are people who blocked 30 countries ... have no issue at all)

    0
    Comment actions Permalink
  • Avatar
    Chris Lezny

    Just a follow up on this - 

    So, if I block - 51.75.55.0/24, I am blocking 256 IPs (254 actually usable).

    I put this rule in to block VPN.

    I found out that OVH SAS hosts a larger network of VPN proxy host servers...

    so I want to block 51.75.0.0/16, that is 65,536 IPs! - and I have a bunch I want to add like this...

    will I have a problem??

    Is this 'safer' to do than a region?

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    It is not a problem of the CPU, it is more you may accidentally block things and it becomes a problem.  So please be careful when you block IP sets.   

    These days, IP addresses are segmented, a /16 may be used by many different companies. 

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post