Summary
NEXCOM and Enea jointly validated an open-source software stack combining flexiWAN SD-WAN and pfSense firewall capabilities for universal customer premises equipment (uCPE) deployments. Comprehensive testing on NEXCOM's DTA 1160 (Intel Atom) and TCA 5170B (Intel Xeon D) platforms demonstrated throughput reaching 200 Mbps WAN speeds suitable for small-to-medium office branch connectivity. Automated deployment scripts and extensive technical documentation significantly reduce commissioning timelines compared to custom appliance builds.
Problem / Requirements
Branch office deployments traditionally rely on proprietary CPE appliances with vendor lock-in, inflexible feature sets, and extended procurement cycles. Organizations require open-source alternatives that provide:
- SD-WAN functionality for intelligent branch-to-headquarters traffic routing
- Integrated firewall capabilities for perimeter defense at remote sites
- Deployment support across heterogeneous hardware platforms (low-power Atom to high-performance Xeon)
- Rapid provisioning through automation rather than manual configuration
- Transparent performance validation demonstrating production readiness
Technical Approach
The validated stack combines two mature open-source projects into a cohesive CPE solution. flexiWAN provides SD-WAN orchestration including traffic steering, multi-path forwarding, and link redundancy management. pfSense contributes firewall rulesets, stateful packet filtering, and network address translation.
Both components operate on standard Linux kernels, enabling deployment across NEXCOM's diverse platform portfolio. The DTA 1160 (Intel Atom, lower throughput) and TCA 5170B (Intel Xeon D, higher performance) represent opposite performance boundaries for SMB deployments—validating the stack spans small office and medium office scales within single software codebase.
Integration points between flexiWAN and pfSense control planes were optimized for performance, and an automation framework emerged to streamline deployment. The testing methodology emphasized real-world branch office connectivity patterns rather than synthetic benchmarks.
Implementation Notes
Comprehensive field testing at branch office equivalent scales established baseline performance expectations. The 200 Mbps WAN throughput target reflects typical SMB internet circuit capacities in 2021, ensuring tested configurations remain relevant for target customer segments. This performance level sustains encrypted traffic flows, multiple branch locations, and integrated security inspection simultaneously.
Deployment automation scripts encoded operational knowledge, eliminating ad-hoc manual configuration. Extensive documentation captured hardware-specific integration details, platform-specific kernel parameters, and troubleshooting procedures. The result is a repeatable deployment process suitable for managed service providers or enterprise IT teams with limited appliance-specific expertise.
Both software projects maintain active upstream communities, ensuring long-term support and vulnerability response independent of NEXCOM lifecycle commitments. Organizations deploying the stack inherit community-driven security updates and feature enhancements.
Challenge-Solution Mapping
/table
Challenge | Solution
Proprietary CPE appliances create vendor lock-in | Open-source flexiWAN + pfSense enable multi-vendor competition
Limited branch office connectivity options | Combined SD-WAN + firewall addresses comprehensive CPE requirements
Long appliance procurement cycles | Validated software stack accelerates deployment to existing hardware
Hardware heterogeneity requires custom ports | Single software codebase supports Atom and Xeon D simultaneously
Unknown performance characteristics of open-source stacks | Independent testing validates 200 Mbps throughput for SMB scale
Complex manual deployment in remote locations | Automation scripts reduce branch office commissioning effort
Limited vendor documentation for integrated solutions | Comprehensive documentation addresses integration points
/endtable
Specifications Snapshot
/table
Specification | Detail
SD-WAN Component | flexiWAN (open-source)
Firewall Component | pfSense (open-source)
Hardware Tested | DTA 1160 (Intel Atom), TCA 5170B (Intel Xeon D)
Validated Throughput | Up to 200 Mbps WAN
Target Deployments | Small-to-medium office branches
Kernel Support | Linux 2.6+, mainstream distributions
Deployment Automation | Scripts included, extensive documentation
Community Support | Upstream projects (flexiWAN, pfSense)
/endtable
Key Takeaways
1. Open-source SD-WAN + firewall integration eliminates proprietary appliance dependency – Organizations gain multi-vendor flexibility and avoid single-vendor lock-in for branch office deployments.
2. Validated performance on heterogeneous hardware extends platform longevity – DTA 1160 (entry-level) through TCA 5170B (mid-range) validation ensures software compatibility across hardware generations.
3. Comprehensive automation documentation reduces branch office deployment friction – Scripts and procedures transform manual configurations into repeatable, low-error-rate processes suitable for distributed deployments.
4. Community-driven projects ensure continuous security and feature updates – Organizations inherit ongoing maintenance from upstream flexiWAN and pfSense communities without appliance-specific vendor dependency.
5. Throughput validation at SMB scale builds deployment confidence – 200 Mbps sustained performance on Atom-class processors demonstrates achievable real-world performance rather than synthetic benchmarks.
Contact NEXCOM
For specifications, availability, and technical inquiries, contact NEXCOM via the official website.
