Firewall Capabilities
Number of Supported Firewall Rules
There is no software-defined limit to the number of rules that may be created. A safe upper limit, due to potential hardware constraints, would be 25,000 lines.
Encrypted Throughput Capacity
AES-128 was used for testing encrypted throughput on Accelerated LTE routers, yielding the following results:
Download | Upload | |
---|---|---|
CX Series | 150 Mbps | 50 Mbps |
SR Series | 100 Mbps | 50 Mbps |
Concurrent Sessions
Default settings allow 8,192 concurrent sessions though this value can be adjusted via custom configuration.
The maximum is 65,536 -- though this assumes sessions are short lived and/ or low-bandwidth -- a good upper limit is 10,000.
New Sessions per Second
No limit exists in the software, though a safe upper limit would be 150 sessions.
Wildcard IP Support
Wildcard IPs are supported via custom firewall rules (iptables), which leverage CIDR networking to set up a range of IPs (e.g. 192.168.0.1/24).
FQDN Support
FQDN is supported via custom firewall rules (iptables).
However, the FQDN is resolved at the time of process/applying the firewall rule, not with each packet inspected. Meaning, if the IP of a domain changes, the firewall rule will not apply to the new IP address. You would have to reload the firewall for the device to resolve the domain to the new IP. It is better to stick with IP addresses in firewall rules instead of FQDNs.