"Good enough" is a highly subjective term when you're talking an all-in-one security appliance because what you ask the box to do makes a difference on performance, especially on a weaker box. If all you're looking for is to replace a consumer router with something that doesn't fail all the time and might be a little bit more secure, then sure it will be fine. If you're looking to really make use of having a security appliance, the question becomes murkier.
https://forums.anandtech.com/thread...performance-bottleneck.2485531/#post-38811152
I posted some benchmarks in there of my Sophos box which also uses Snort. I have no trouble saturating my WAN connection (150Mb) with Firewall, Web Filtering, IPS, and IDS all enabled. Mine is a VM, originally running on a host with 2.26Ghz processors, now 2.5Ghz. I specifically single out Snort because you often see people say "my CPU is never above 25%" or such as proof their box isn't being over taxed. Since Snort is single threaded and most of these boxes are quad cores, what are you going to see if Snort is pegging one core? 25% CPU usage which means your CPU is still the bottleneck. What I recommend as a good starting point is this:
https://www.sophos.com/en-us/products/unified-threat-management/tech-specs.aspx
Take a look at their model breakdown as they break out firewall throughput, IPS throughput, etc. However, those number are individually. That does not mean you can turn everything on and get those numbers. Once you decide where your needs fit in the model line, find out what CPU is in the box that meets your goal. For example the SG 125 is an Atom C2358 SoC. The SG 210 is a Celeron G1820. I used pfSense before Sophos. pfSense is slightly lighter on the resource usage on a base/bare install, but Sophos's UI is worlds better.
Also: Intel NIC's or go home.
Facebook
Twitter