Anyone know of a good firewall that doesn't increase latency. I am having trouble finding a firewall that doesnt slow down the packets to and from thru my trading software. I dont want a firewall inspecting every packet(order/message) I send. It slows my orders down by nearly a second. Im left with having to turn off my firewall while trading. Anyone have any ideas?
Ok, first - EVERY firewall HAS to inspect traffic. Because otherwise it wold not be able to decide what to pass through or not. Simple. You can not have a vegetarian kobe steak. Want to have one router that can do minimal firewall without slowing down? Extreme networks, starting around 10k USD... they do rules processing in hardware. Ok, they are a little large (we talk of routers with 48+ ports full speed), but that is what you want. And you better kno what you talk about when you set them up Alternative: NO firewall, put your hosting appliance into a dedicated data center, no internet access, you go in via VPN. Pricing starts around 400 USD per month per rack unit height, Chicago. BUT: Throw the shit out and get something decent. My own firewall is in the sub 1 ms range, including some routing and putting encrypted traffic on a VPN and doing quality of service. 1 second is NOT a normal operating firewall - it is either hogwash (you know knowing what you talk about), or a broken hardware, or a TERRIBLY overloaded device or a stupid setup. 1 second is AGES for inspecting some small packets. Anyhow, if you need a decent router / firewall combo. Mikrotik has decent hardware for a low cost. A 450G runs my main office (3 uplinks, oad balancing, ALL traffic VPN's over 3 links), a 1100x2 my data center and I use 750G's when travelling. And virtual RouterOS on Hyper-V may hook my new trading system (tool delivery friday) into this fabric. THe 450G would likely be what you want. BAD news: you better know what you d, that is not an end user device, it is a provider level device.
You have two choices... You can run "raw" or without a firewall... Or use a firewall. Try PfSense on a Dell Optiplex 755 SFF chassis. 2GB of RAM and an E8400 or E8600 will be plenty. Get Intel Pro MT and PT low profile dual or quad NICS and there you go - you have a firewall. PM me if you have questions. If you just want a router combo on the cheap then try a Linksys RV042 or RV082 router and run a Dell PowerConnect 2708 or 2716 switch with a Linksys WRT54GS for a wireless router. What are you using now that could possibly be slowing you down by a second? I don't believe that is possible unless you are trying to run a 10G Ethernet connection through a really old 10mb/sec firewall/router and everything is being queued. PF Sense will do what you need and be able to give you wifi + LAN and do it safe & secure with minimal to no latency addition.
Winston, have a look at Mikrotik The hardware. Seriously - likely the only element that is comparable in price to your dells is my data center 12 port router and that has integrated switches. My office is run - capable of filling u a 1000mbit ocnnection - on a 5 port (switch chip integrated) 450g that costs less than 100 USD and uses nearly no power and is passive Mikrotik is a littl problematic on Hyper-V (no drivers, closed system) but their hardware is ROCK cheap and their routers are fully capable of running BGP 4 etc. When I move into the new house, I plan to distribute some of their access points in the house to make a high speed good coverage WAN
For the home trader what I am suggesting can be had for around $350 with a "no expense spared" attitude. The Optiplex 755 is cheap with only 2GB of ram and a dual core cpu over 2.5GHz. If you wanted to go crazy you could spend the cash on a low profile Intel Pro PT card but that would run you about $200... And allow 5 ports on the machine The cisco wireless cards are great and PCI. With a dual port pci-e card you end up with three interfaces and wifi all for under $350... But even PFSense is going to be way over the head of the basic user/trader. I will look at your suggestion! I am always willing to try something new. I am running a block of 30 static IP's on pfsense with tripple WAN's and will be implimenting about 15 VPNs this month. So far so good... The biggest use has been low 20% CPu and only 17% ram use... On a dual core with 2GB of ram... Running on ESXi 5.0...
> what I am suggesting can be had for around $350 with Expensive, you know. a Mikrotik 1100 AHx2 costs 434, a 1200 costs 303 USD. Both likely kill your part - and have integrated significant switch ports (which are hardware switched). The 420GL costs about 52 USD and has 4 or 5 ports And enough horsepower as a ROUTER to route 100mbit - gets worse with a LOT of firewall rules (which you do not have) and VPN (due to encryption). The 450G is a little below 100 USD ; + enclosure (damn, can not find a price in the USA for the integrated part - they do sell that from MIkrotik, though). It has a 680mhz processor, integrated switch for 4 ports and is full passive. That is why I mean your stuff is expensive. They really kill the price side. On the upper end there is a nice 12 port gigabit router coming capable of handling FULL SPEED ON ALL PORTS with significant logic behind, thanks to a 36 core special processor Price for that is around the 1500 to 1800 USD level, but then - that really hits large setups with a 1gbit uplink Cloud backbone style for smaller clouds
I (mostly) have no idea what NetTecture and Winston are talking about but am glad they are around. Learned alot from you gents. Thanks.
Are you sure it's the firewall? What type of firewall are you using? How much data are you pushing through it? Honestly, I have never heard of any properly configured firewall adding a measurable amount of latency unless you're saturating a multi-gigabit link or something.
For what you get I don't think that my suggestion is expensive I just think that it is far more advanced for most users. In the Hardware section users are concerned with building their own computers - never mind turning an older computer into a firewall. I think this is a perfect suggestion for the forum - for $80 they can get an amazing quality Linksys RV series router with much better capacity than their existing hardware. For $150-$300 you can get what seems to be really awesome firewall/router solutions that are "off the shelf". For $300-$500 you can get an enterprise setup that will rival any $5k-$25k firewall - but you also need to know what you are doing to set it up. Hope you got a few ideas OP.