few questions

This forum is intended to provide straightforward answers for people trying to use DynFi Firewall Open Source firewalls.
We might also try to answer questions related to competitors firewall such as pfSense® and OPNsense® systems.

Moderator: gregober

Post Reply
tidehunter
Posts: 1
Joined: 17 Jun 2023, 12:59

few questions

Post by tidehunter » 21 Jun 2023, 14:57

hi, former untangle user here, have a few questions regarding DynFi Firewall.
DynFi Firewall is designed to be deployed on a virtualized platform like Proxmox
I'm looking to switch off baremetal and install proxmox > dynfi, is there some kind of performance hit or is it so negligible it doesn't matter?

secondly, does DynFi have any sort of SQM such as fq_codel or cake or something similar?
User avatar
gregober
Posts: 244
Joined: 26 Mar 2019, 15:06

Re: few questions

Post by gregober » 21 Jun 2023, 15:19

hi, former untangle user here, have a few questions regarding DynFi Firewall.

DynFi Firewall is designed to be deployed on a virtualized platform like Proxmox

I'm looking to switch off baremetal and install proxmox > dynfi, is there some kind of performance hit or is it so negligible it doesn't matter?

secondly, does DynFi have any sort of SQM such as fq_codel or cake or something similar?
Performance hit when using DynFi Firewall as a virtualized solution is negligible.
It will mostly depend on the quality of your interfaces and the network driver you are using (virtio is a good candidate).

There is no SQM or fq_codel in DynFi Firewall, but there is the possibility to use some QoS mechanism and probably do some tuning on the interfaces settings (not sure it will add a lot of benefit though)… 

Important thing to remember is to use a "raw" disk and NOT "qcow2".
After successful install you can enable the qemu-guest-agent in DynFi Firewall in order to get a better communication between hypervisor and VM (will need to be started manually for the time being)

In order for qemu-guest-agent to auto-start you will need to edit (or create) the file /etc/rc.conf.d/qemu_guest_agent and add the following into it:

Code: Select all

qemu_guest_agent_enable="YES"
qemu_guest_agent_flags="-d -v -l /var/log/qemu-ga.log"
You might also need to "touch /var/log/qemu-ga.log"

This should allow you to auto-start qemu-guest-agent on your DynFi Firewall.
Of course on the PVE, you need to enable the qemu-guest-agent also.

Hope this helps.
Post Reply