Hi!
I want to use large block-lists with >1000 objects in firewall policies.
Can you tell me something about the performance impact?
Which device do I need, for a bridging firewall with 1 GB/s throughput and some firewall-rules that do filter on that lists? RB1100X4? CCR1009? CCR2004?
Thank you for your help!
Stril
My Blacklists cover over 615 million IP addresses contained within ipsets typically between 35,000 and 60,000 entries for Tik Routers like any CCR models … when the lists load every 8 hours the CPU never goes over 25% … after load is done CPU never goes above 20% in a very active network with thousands of users.
The number of Firewall filter Rules in total is typically 25 …
So from a performance perspective the hit on throughput [bandwidth] on the CCR is close to 3% based on reports from my clients.