Firewalla Gold concurrent limits
Hey folks,
I like the throughput and the features of the Firewalla Gold, but before I pull the trigger there are a couple of metrics I'm looking for that I've been burned with other companies in the past. Can someone share the following:
- What's the maximum number of DHCP clients that can be practically used?
- Is there an ability to provide seperate DHCP ranges for different network segments?
- What's the maximum number of devices that can be used on the LAN side of the device (via switches)?
I've ran into issues before where the number of DHCP clients was artificially capped to a number lower than the number of devices I would run on a single segment, and then I've sadly bought lower end equipment that struggled when it came to handling 100+ devices. The bandwidth wasn't an issue, more to do with ability to handle the number of devices being managed.
Thanks!
-
1. DHCP client usually is used on the WAN side ... There really isn't a limit, but the system does limit you to 2 WAN interfaces. (as of the time of this message)
2. DHCP Server network ranges are already there for network segments. (LAN Port, or VLAN) ... you can define pretty much anything you want.
3. The device limit is hard to calculate; since it depends on what your device does. But in the real world, we've seen people with around 200 devices running. (some maybe more) this is on the gold platform. The artificial limit is the subnet size, I think it is /18 in the Gold. (which is pretty large ...)
-
Thanks for the response, with respect to #1, I was asking about the number of clients that the Firewalla Gold can provide DHCP to as a DHCP server to on the LAN side. Previous devices I've used have had an arbitrary device limit that was well below what the number of LAN devices I needed to support.
-
I think what the author of this thread is trying to ask...and I would also like to know...is how many clients can the FWG handle with all features enabled? This would include multiple VLANs, multiple firewall rules both blocking and allowing certain traffic between VLANs, and IDS/IPS features. This may be more accurately measured by maximum "real world" throughput rather than user count simply because you may have a network with 1000 clients that are generally low traffic or you may have a network with 50 clients who are heavy users. Whatever the format, how much can the FWG handle?
-
Firewalla - Can we get answers to Abrauda questions? With all/most of these features enabled... concurrent connections? is there a place to view cpu or memory usage?
I have the 2.5gb gold version (5gbps internal processing) running over 600 devices (3 vlans) on 14 access points (limiting bandwidth at AP level). I currently have a 1gb up/down WAN (soon to be 2gb) and will implement dual wan with another 1gb pipe.
How can I find how much the FWG can handle?
-
The problem with getting the "client" number, really depends on what the client is. For example, 10k thermostats are a lot different than 10 teens messing with the internet. If we quote a large number, people will think we are cheating, and if we quote the 10 teens number, it is not fair on us.
Since we have been around for a while, we do see some of the upper limits. For example, we have a few schools running gigabit networks through the Gold Plus, and with around 500 (yes 500) students and teachers, the box runs near or close to 100% CPU. (I do not have the details of devices ... or the flows generated)
If you all like the examples from above, I can ask the support team to gather some.
memory + CPU, you will have to login the ssh and see it there.
Please sign in to leave a comment.
Comments
7 comments