I'm seeking advice on replacing our current Cisco RV345 router, which struggles in a high-traffic office with about 50 users. We have a dual WAN setup with two 1 Gbps connections. Due to heavy usage, especially from machine learning computations and video production, our internet speed drops significantly during multi-threaded downloads, often falling to 5-30 Mbps for everyone else. We've configured QoS to prioritize video calls, but it's not enough. The RV345 is outdated, has reached its end of support, and doesn't manage high NAT sessions effectively. I'm heavily considering switching to pfSense on a Netgate 6100, as I've had good experience with it at a secondary location. My main concern is whether it's a reliable choice for our primary office given the high demands and also if having a second unit ready as a spare is worth it. I'd love feedback from anyone with experience using Netgate and pfSense in similar environments. Does this plan make sense?
4 Answers
If your current setup is struggling, it might be worth changing one or both of your NATted uplinks to a non-NATted one. This can really help reduce the load on your NAT state table. Disabling any unnecessary traffic features could also improve performance, although it sounds like you've optimized things pretty well. Sticking to a single vendor like Cisco can lead to lock-in, so don't hesitate to explore other options if they meet your needs better.
Just make sure to get the MAX model with NVMe storage. I've run into problems with the cheaper versions that use eMMC due to its limited write cycles. Go for something more robust to avoid future headaches!
It's a big shift from the old Cisco, but don't overlook other options like Sophos and Fortinet. A new commercial firewall could alleviate the bottleneck you're experiencing, give you more translation space, and provide better tools for future issues.
I think pfSense is a solid choice! I'd definitely recommend getting redundant units for each office instead of just having a spare sit around. That way, you can ensure continuous service without risking downtime.
Totally agree! eMMC is fine for storing configurations, but you don’t want to kill your logs too quickly—it'll wear out fast.