¶ Deploying CGW on HUNSN 1U Firewall Appliance
HUNSN 1U RJ16 Firewall Appliance costs around $1,000 and is equipped with intel core i7 9700 processor, 6 x 2.5GbE, and 2 x sfp+ (10Gb/s) links.
The 2 x sfp+ (10Gb/s) links are typically used for the WAN interfaces. When you have a single WAN ISP, you have the freedom to use one of the 2 x sfp+ links for your LAN network.
¶ Common Deployment Architecture
A common deployment scenario for deploying Cyber Gateway on HUNSN 1U Firewall Hardware is to replace the Firewall as well as address the WAN Aggregation and Failover use case as shown below. However, you can also use it with a single WAN. In this case, plug in the WAN cable into one of the 2 x sfp+ (10Gb/s) ports and use the the second sfp+ (10Gb/s) port for the LAN network.
¶ Hardware Checklist
You will require the following hardware for Installing Ubuntu and deploying Exium Cyber Gateway on the HUNSN 1U Firewall Hardware.
|
Item |
Quantity |
Remarks |
|---|---|---|
|
HUNSN RJ16 1U Firewall Appliance 32G RAM 512G SSD |
1(2) |
Quantity 2 is required for High Availability (HA) deployments. |
| VGA to HDMI Adapter |
1 |
You need this adapter to connect the box to an HDMI monitor when installing Ubuntu OS. Note the direction VGA→ HDMI to avoid products that are HDMI to VGA converters. |
| 10GBase-SR SFP+ Transceivers |
2 (4) |
Each box requires a set of two if you like to use both 2x10 G/s ports on the box |
|
6 (12) |
6 (12) if you like to use all the 6 LAN ports (6x2.5Gb/s) |
¶ Deploying CGW on HUNSN 1U Firewall Box
Please follow the instructions below:
- Create a bootable stick, on your computer, download Cyber Gateway ISO image on a USB.
- Make sure your HUNSN 1U Box is powered off.
- Connect the Hunsn box to a monitor using the VGA to HDMI Adapter
- Plug in a keyboard into one of the USB ports on the HUNSN box
- Plug in the USB with the Ubuntu image on it in one of the USB ports on the HUNSN box
- Power on the box, boot the device while pressing F7 and select the USB stick
- Select Install ubuntu and follow the typical ubuntu server installation steps. If you do not see “Install or Try Ubuntu” but rather enter a boot mode, quit. The box comes with Pfsense preinstalled, if you enter into Pfsense mode, you need to restart from the previous step 6.
- After the ubuntu server installation is complete, login with username and password you entered during the above installation steps
- You can continue with the next steps in console using Monitor or note the IP address of the device by typing the command
IP aand SSH into the device from another machine on the same network. - Follow the instructions for Multiple interface CGW deployment
¶ What Performance to expect on the Hunsn 1U box?
In the Multiple Interface cyber gateway, security controls such as Firewall and Web security is provided locally in the CGW. Therefore, we recommend that only the private network traffic goes to the Mesh while the Internet bound Web and SaaS. traffic that has already gone through advanced security controls in the CGW itself can exit locally.
¶ WAN Throughput
HUNSN 1U Box supports up to 2x 10 Gb/s WAN links. We performed a Bidirectional iperf3 Test on the cyber gateway running on the HUNSN 1U Box. With the bidirectional iperf3 option “--bidir” client opens two TCP connections with the server: one is used for the forward test and one for the reverse test.
We can see the bidirectional throughput over 9.0 Gb/s on each of the two 10 Gb/s WAN links.
iperf3 -c 10.137.0.35 --bidir -i 10
Connecting to host 10.137.0.35, port 5201
[ 5] local 10.137.0.34 port 55478 connected to 10.137.0.35 port 5201
[ 7] local 10.137.0.34 port 55494 connected to 10.137.0.35 port 5201
[ ID][Role] Interval Transfer Bitrate Retr Cwnd
[ 5][TX-C] 0.00-10.00 sec 10.6 GBytes 9.13 Gbits/sec 3770 2.28 MBytes
[ 7][RX-C] 0.00-10.00 sec 10.8 GBytes 9.24 Gbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID][Role] Interval Transfer Bitrate Retr
[ 5][TX-C] 0.00-10.00 sec 10.6 GBytes 9.13 Gbits/sec 3770 sender
[ 5][TX-C] 0.00-10.04 sec 10.6 GBytes 9.09 Gbits/sec receiver
[ 7][RX-C] 0.00-10.00 sec 10.8 GBytes 9.25 Gbits/sec 4328 sender
[ 7][RX-C] 0.00-10.04 sec 10.8 GBytes 9.21 Gbits/sec receiver
iperf Done.At the end of the test, the server sends what it measured back to the client. The client reports 9.13 Gbits/sec transmitted TX-C bandwidth, as measured from its perspective (sender) and 9.09 Gbits/sec TX-C from the server’s perspective (received). Then it reports 9.25 Gbits/sec received RX-C bandwidth, as measured from its perspective (received) and 9.21 Gbits/sec from the server’s perspective (sender).
¶ LAN Throughput
The total network interface capacity of the HUNSN 1U Box is 35 Gb/s (6x 2.5 Gb/s + 2x 10 Gb/s). You can divide this total throughput between LAN and WAN network based on your use case. We provide two examples in the Table below with two scenarios of LAN and WAN maximum achievable network capacity.
|
LAN Configuration |
WAN Configuration |
LAN Throughput |
WAN Throughput |
|---|---|---|---|
| 6x 2.5 Gb/s | 2x 10 Gb/s | 15 Gb/s | 20 Gb/s |
| 6x 2.5 Gb/s + 1x 10 Gb/s | 1x 10 Gb/s | 25 Gb/s | 10 Gb/s |
We tested capacity on each of the LAN interface and typically achieve 2.45 Gb/s TCP throughput on a 2.5 Gb/s link as shown by the iperf3 tests below.
hunsn@hunsn:~$ iperf3 -c 192.168.13.251
Connecting to host 192.168.13.251, port 5201
[ 5] local 192.168.13.2 port 60984 connected to 192.168.13.251 port 5201
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 284 MBytes 2.38 Gbits/sec 0 696 KBytes
[ 5] 1.00-2.00 sec 279 MBytes 2.34 Gbits/sec 0 807 KBytes
[ 5] 2.00-3.00 sec 280 MBytes 2.35 Gbits/sec 0 807 KBytes
[ 5] 3.00-4.00 sec 281 MBytes 2.36 Gbits/sec 0 807 KBytes
[ 5] 4.00-5.00 sec 280 MBytes 2.35 Gbits/sec 0 807 KBytes
[ 5] 5.00-6.00 sec 281 MBytes 2.36 Gbits/sec 0 851 KBytes
[ 5] 6.00-7.00 sec 280 MBytes 2.35 Gbits/sec 0 851 KBytes
[ 5] 7.00-8.00 sec 281 MBytes 2.36 Gbits/sec 0 851 KBytes
[ 5] 8.00-9.00 sec 280 MBytes 2.35 Gbits/sec 0 851 KBytes
[ 5] 9.00-10.00 sec 280 MBytes 2.35 Gbits/sec 0 935 KBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 2.74 GBytes 2.35 Gbits/sec 0 sender
[ 5] 0.00-10.04 sec 2.74 GBytes 2.34 Gbits/sec receiver
TBC