Protectli vs. Netgate

  • SpinRite v6.1 Release #3
    Guest:
    The 3rd release of SpinRite v6.1 is published and may be obtained by all SpinRite v6.0 owners at the SpinRite v6.1 Pre-Release page. (SpinRite will shortly be officially updated to v6.1 so this page will be renamed.) The primary new feature, and the reason for this release, was the discovery of memory problems in some systems that were affecting SpinRite's operation. So SpinRite now incorporates a built-in test of the system's memory. For the full story, please see this page in the "Pre-Release Announcements & Feedback" forum.
    /Steve.
  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in please checkout the “Tips & Tricks” page for some very handy tips!

    /Steve.
  • BootAble – FreeDOS boot testing freeware

    To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.

    GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.

    The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.

    You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.

    (You may permanently close this reminder with the 'X' in the upper right.)

laxbobber

New member
Sep 30, 2020
1
1
I'm running Sophos XG Firewall Home Edition on an old PC and I'm thinking about swapping out my config so I was quite interested to see the Protectli info pop up in Steve's Utilities thread. For home (I work from home) I have the Charter/Spectrum GIG package with 940Mbps down and 40 Mbps up but with the IPS or any additional features turned on I can only push about 300 Mbps through my current hardware/software combo.

I'm curious if anyone has real-world info on throughput in the areas approaching 1Gbps down with Protectli. I'm assuming packing a Protectli with the top-end CPU and a healthy amount of RAM will get me as close as I can get while still being on the consumer end of the business/industrial line of products.

I mainly have that bandwidth package for upload speed (my brother and I VPN and backup our Synology NAS to each other) but not being able to get even 50% of my download speed is no fun.
 
Last edited:
  • Like
Reactions: Fennec
I'll be interested to learn about this, too. I also have a 300 Mbps download link and I'm able to get that through the lower-speed Protectli that I purchased before the "B" was available. But I have no clear idea how fast it will go. (It does go as fast as my cable modem link.)
 
  • Like
Reactions: Fennec
How does one go about testing your actual bandwidth with true accuracy? I have a 400 Mbps down/20 Mbps up cable internet connection (well that is what they claim). I also recently purchased a Protectli FW4B, just because y'all got me so curious. Speed tests vary quite wildly between testing sites and between my computers. I like the results I get on my newest computer, using speedtest.net the best ;)

1603303724715.png
 
  • Like
Reactions: Fennec
I looked at the Protectli 'B' model earlier after seeing it in the 'blog' forum. I have 1Gbps symmetric fiber and am very interested in whether a device can run full speed. According to the Protectli site, OpenVPN can only operate about 1/3 that speed on the 'B' device.

Back when I was evaluating these micro-devices, none seemed to support the full gigabit speed, so I ended-up buying an old Xeon 1240v2 w/AES and a cheap mobo/ram to run pfSense. It's a bit more $$ and definitely larger, but not too expensive and it's a full blown computer with 8GB of RAM, quad cores, etc. and should chug along for quite a while in a router role.
 
Are any of these devices capable of answering for multiple WAN IP addresses?

My SonicWall can do a "Transparent Zone" where the WAN port answers for multiple public IP addresses, filters/firewalls and passes the traffic to the appropriate public IP address behind the SonicWall. Time to replace it as the yearly license fees are super pricey.
 
When I first got 1Gig down at home via Comcast about a year ago I could never approach that download speed. Turned out that my EdgeRouter X couldn't handle the throughput, so I updated to an EdgeRouter 4 which could. Don't confuse 1GB ports to 1GB of actual throughput.
 
  • Like
Reactions: GregM
Right now I'm looking for something that supports transparent zone functionality but with 10GB ethernet (future proofing and switching my in-house switches to 10GB)
 
Are any of these devices capable of answering for multiple WAN IP addresses?

My SonicWall can do a "Transparent Zone" where the WAN port answers for multiple public IP addresses, filters/firewalls and passes the traffic to the appropriate public IP address behind the SonicWall. Time to replace it as the yearly license fees are super pricey.

I have multiple clients running pfSense, mostly on Netgate hardware. The support for multiple WAN IPs is supported by the software and really doesn't care if it is a VM, running on a beige box, Procteli, or Netgate hardware.. You can have a block of public IPs from one provider or multiple providers. You just need to be able to put any ISP modems into bridge mode. Comcast I think calls it pseudo bridge mode, but it puts the public IPs on the pfSense device.

Rick
 
Right now I'm looking for something that supports transparent zone functionality but with 10GB ethernet (future proofing and switching my in-house switches to 10GB)

So, you are really looking for something that supports 10gig on the LAN side right? I haven't seen any 10gig residential connections and only a few 10gig an one data center I use (not my rack).

I have 2 of the XG-7100s at clients and use the 10gig SFP+ ports to connect to my distribution switch running layer 3. Those clients both have 1gig symmetric and one of them has two ISPs with 1gig symmetric fiber for each.
 
So, you are really looking for something that supports 10gig on the LAN side right? I haven't seen any 10gig residential connections and only a few 10gig an one data center I use (not my rack).

I have 2 of the XG-7100s at clients and use the 10gig SFP+ ports to connect to my distribution switch running layer 3. Those clients both have 1gig symmetric and one of them has two ISPs with 1gig symmetric fiber for each.
LAN and WAN side for the 10Gig as I'm also targeting replacing the SonicWall TZ400 at work which tops out at 1Gig on all the ports. Looking at the Netgate hardware I might skip them and just repurpose a 1U server as a pfSense appliance and install an Intel X540-T2 PCIe network card in it.
 
  • Like
Reactions: Ditchdoctor
Are any of these devices capable of answering for multiple WAN IP addresses?

My SonicWall can do a "Transparent Zone" where the WAN port answers for multiple public IP addresses, filters/firewalls and passes the traffic to the appropriate public IP address behind the SonicWall. Time to replace it as the yearly license fees are super pricey.

I run pfSense on Netgate hardware as well as in VMs under both Hyper-V and vmware with no problems handling multiple WAN connections either in load balancing or fail over.
 
I run pfSense on Netgate hardware as well as in VMs under both Hyper-V and vmware with no problems handling multiple WAN connections either in load balancing or fail over.
Hey Ditchdoctor, I'm curious as to how you are running pfSense under Hyper-V and vmware.

Are you doing this in a home, or small office environment?

Have you run it with Virtualbox?
 
I'm going to be getting a 1GB connection in the next couple months and I am quite interesed in this as well.

My daughter just picked up the UDM Pro https://store.ui.com/collections/unifi-network-routing-switching/products/udm-pro

. . . and there is not a single hic-up. She is getting the full blast of the 1Gig connection.

cpuguru said:
When I first got 1Gig down at home via Comcast about a year ago I could never approach that download speed. Turned out that my EdgeRouter X couldn't handle the throughput, so I updated to an EdgeRouter 4 which could. Don't confuse 1GB ports to 1GB of actual throughput.
. . . not sure if you could expand on the "Don't confuse 1GB ports to 1GB of actual throughput." I'm not sure what you mean by that.

I've been eyeing up the EdgeRouter 4 as well, but would like to hear more on the Protectli offerings - in particular the FW4B.
https://protectli.com/product/fw4b/

UDM Pro
EdgeRouter 4
Protectli FW4B
Netgate (Probably the SG-3100)

Those are what's rolling around in my mind.

Looking forward to some more dialogue on this.