hi, former untangle user here, have a few questions regarding DynFi Firewall.
DynFi Firewall is designed to be deployed on a virtualized platform like Proxmox
I'm looking to switch off baremetal and install proxmox > dynfi, is there some kind of performance hit or is it so negligible it doesn't matter?
secondly, does DynFi have any sort of SQM such as fq_codel or cake or something similar?
Performance hit when using DynFi Firewall as a virtualized solution is negligible.
It will mostly depend on the quality of your interfaces and the network driver you are using (virtio is a good candidate).
There is no SQM or fq_codel in DynFi Firewall, but there is the possibility to use some QoS mechanism and probably do some tuning on the interfaces settings (not sure it will add a lot of benefit though)…
Important thing to remember is to use a "raw" disk and NOT "qcow2".
After successful install you can enable the qemu-guest-agent in DynFi Firewall in order to get a better communication between hypervisor and VM (will need to be started manually for the time being)
In order for qemu-guest-agent to auto-start you will need to edit (or create) the file /etc/rc.conf.d/qemu_guest_agent and add the following into it:
Code: Select all
qemu_guest_agent_enable="YES"
qemu_guest_agent_flags="-d -v -l /var/log/qemu-ga.log"
You might also need to "touch /var/log/qemu-ga.log"
This should allow you to auto-start qemu-guest-agent on your DynFi Firewall.
Of course on the PVE, you need to enable the qemu-guest-agent also.
Hope this helps.