Due to the nature of deep packet analysis and detailed drill-down reporting functionality, Zenarmor requires more hardware resources than a standard L3-L4 firewall.
info
You can offload your reporting database to an external system. This allows you to be able to run Zenarmor on systems with a constrained amount of RAM.
If you are using a OPNsense system, it is advised that you verify that your Ethernet adapter is compatible with netmap.
CPU & Memory
Because the analytics module relies on Elasticsearch to process large amounts of data, the amount of the memory available in the system is crucial for the overall performance of Zenarmor.
warning
If the number of active devices are more than 500 and the sustained WAN bandwidth is higher than 500 Mbps, we do not recommend deploying Zenarmor as a virtual guest since resources in virtual environments are generally shared between guest systems.
Below is the recommended minimum hardware requirements for Zenarmor based on the number of devices and the amount of sustained bandwidth.
We recommend at least dual core (preferable 4 core if you also host database on the firewall) cpu system.
info
Single core cpu score is more important than having lots of cpu cores; for that, a Quad Core i7 PC system is more likely to perform better than a 12-core intel xeon server system.
| Active Devices | Maximum WAN Bandwidth | Minimum Memory | Minimum CPU |
|---|---|---|---|
| 0 - 50 | 300 Mbps | 1 GB | A Dual-Core CPU (x86_64 compatible, single core PassMark score of 200) Note: Deciso A10s and AMD G-SERIES SOC GX Series, Protectli/Qotom Celeron J Series are compatible |
| 50-100 | 500 Mbps 10 Kpps | 4 GB | Intel Dual-Core i3 2.0 GHz (2 Cores, 4 Threads) or equivalent |
| 100-250 | 1 Gbps 20 Kpps | 8 GB | Intel Dual-Core i5 2.2 GHz (2 Cores, 4 Threads) or equivalent |
| 250-1000 | 1-2 Gbps 40 Kpps | 16 GB | Intel Dual-Core i5 3.20 GHz (2 Cores, 4 Threads) or equivalent |
| 1000-2000 | 1-2 Gbps | 32 GB | Intel Quad-Core i7 3.40 GHz (4 Cores, 8 Threads) or equivalent |
| 2000+ | 2-4.5 Gbps | 64GB | Intel Quad-Core i9 3.0 GHz (24 Cores, 48 Threads) or equivalent |
warning
The specifications in the table are given for platforms that only run Zenarmor without any other resource-intensive applications. These hardware specs might be insufficient if you are running other resource-intensive applications, such as Suricata or Maltrail on your firewall. If you are using Zenarmor solely on your device, these specifications will suffice.
Zenarmor requires at least 1 GB of memory. Installer will not continue if you have less than 1 GB of RAM. We recommend 8 GB memory to have an exceptional reporting experience with elasticsearch database.
info
Multicore support is under development and will be available in the first quarter of 2024.
Ethernet Adapter
Zenarmor uses a FreeBSD subsystem called netmap(4) to access raw Ethernet frames. With FreeBSD 11 this software can be very particular in terms of proper driver compatibility.
Intel based adapters, particularly em(4) and igb(4), are observed to perform well in terms of stability and performance.
Zenarmor is sponsoring developments on this project so you can expect netmap(4) will better support a wide range of Ethernet drivers.
Reporting & Disk Space
Zenarmor uses Elasticsearch or MongoDB as its backend to store large data sets. Please allow at least 5 MB of disk space per hour per megabit/second throughput.
If you're running a 100 Mbps link (about 100 devices) which is quite active during the daytime and idle rest of the day, you may calculate the space needed as follows:
- 5 MB x 12 hours x 100 Mbps = 6 GB per day.
- 6 GB x 7 days a week = 42 GB per week.
- 42 GB x 4 weeks a month = 168 GB per month.
tip
According to the reports we receive from Zenarmor users; Elasticsearch seems to be a better alternative as the backend database. If you're using MongoDB backend and experiencing problems, it might be wise to switch to the Elasticsearch backend. You'll need at least 8GB of RAM to be able run ES along with Zenarmor.Also, SSD disk is recommended for better performance.
info
You can keep reporting data for the default number of days with the advised hardware specifications.
