I recently heard that Intel ditched QuickAssist in Atoms chips in favor of the Xeon D chips. Both is a absolutely failing information, either from where you get your info´s out. Intel Atom C2x58 (Rangeley) SoCs came with Intel QuickAssist support but not the other Intel Atom C2x50 (Avoton) series that comes there for with TurboBoost instead of QuickAssist, not more and not less. The Intel Xeon D-1500 SoCs are existing since the Q1/2015 and now Intel is only upgrading them till Q1/2016 with new SKUs (boards), so that now not one board must be fitting all needs and there are more then only the Intel Xeon D platform, the Intel Pentium D platform comes on top of this or beside it. There are 3 main fields this platforms are acting in now: Link1 Link 2 Link 3 Cloud Storage Edge Network (D-1518, D-1528 & D-1548) And the networking accelerated Intel Xeon Boards from SuperMicro (D-15x8) are for 4 main fields, Switches & Routers, Security Appliances and Wireless access and Wireless base stations as you will be able to read here under this links Link 1 Link 2 Link 3 They all comes with the following things enabled: (D-1518, D-1528 & D-1548) AES-NI cryptographic speed up Intel QuickAssist cryptographic and compression/decompression speed up DPDK (enabled software) massive Layer3 packet forwarding speed up Intel Turbo Boost Technology 2.0 At workload peaks the CPU frequency will be pushed scaled up Intel (HT) Hyper-Threading (vers. 9) Real CPU cores would be double being existing virtually This are the core or edge points from the new network accelerated SKUs SuperMicro will launching in the Q1/2016. And the Intel QuickAssist will be one of the core features on both SoCs, Intel C2x58 and D-15x8 platforms. And that the pfSense team is actual working on netmap until the other Intel D-15x8 SKUs from SuperMicro will be launched in Q1/2016 might be only tend to the point that netmap matches now all platforms and when the other D-15x8 SKUs are launched the QAT will also fit to all on the market being boards and SoC´s. In former days Intel was promoting the Intel QuickAssist technology for speeding up the following tasks DPI (canceled) IDS/IPS (canceled) cryptographic operations (actual able to use) decompression & compression (actual able to use) And from this all features only the last two points are actual in the game, could it be that you perhaps mean this with your thread? That they (Intel) were canceling only some features here? That being said, I haven't heard of any progress being made in pfsense towards adding support. You can´t they are still working on this, and not code was entering in pfSense code that will be able to use by Intel QuickAssist. This will be perhaps owed to the circumstance that many devices are coming together with Intel QuickAssist technology as Intel Core i3, i5 i7 CPUs, Intel C2x58 SoC and D-1500 SoCs and on top of this some accelerator cards like shown under this links in the next line from ADI and Netgate. Intel QAT accelerator card without LAN ports (Netgate) Intel QAT accelerator cards with 4 GB LAN ports (ADI Engineering) Would they offer those cards if QAT was canceled or will be canceled in the near future? Are they still working on adding QuickAssist, or is it vaporware at this point? If they are still working on it, has there been an established timeline? No timeline but I would guess the SG-xx units from the pfSense store and the Netgate RCC-VE units could be the first ones that get their hands on this feature, as a goody and supporting the project as I would imagine it. I ask because I'm trying to figure out whether its worth even getting any of the Atom chips since they seem to be getting phased out by Xeon D. It is more to see likes an add on or gain and not as a phase out in my eyes. So pfSense, Netgate and ADI are able to enrich there product line for us or there customers. Intel Atom C2x58 based products as entry level product line for home and SOHO Intel Xeon D-1500 based pro product line Intel Xeon E3-1200v3 & Intel QAT card enterprise line Intel single or dual Xeon E5-2600v3 & Intel QAT card enterprise line Would it make sense to go with a c2750 over the c2758? The big difference is that you get MUCH better performance on the c2750 because turbo can push each core an additional 200MHz (2.4GHz -> 2.6GHz). The con is that it doesnt support QuickAssist, which isnt really a con if nothing is utilizing it. The Rangeley platform is more for network devices such as a firewall, a router or an another network appliance pending on the AES-NI and QuickAssist and the Avoton platform is more for servers likes Samba or Apache or any kind of file server, building a SAN or a NAS whatever more in this direction, where a peak can be easily wiped away by TuboBoost, to be future proof related to pfSense I would prefer to go with the Rangeley C2x58 platform or SoC that is also used by the pfSense store, Netgate store and ADI Engineering.

Hi, thks for your reply! My modem is a mPCIe so it's inside the case; not a stick. In GUI configuration i've four device, dev/cuaU0, dev/cuaU1, dev/cuaU0.0, dev/cuaU0.1. What's the correct device to select?

That bandwidth graph is useful when trying to correlate throughput and latency. If you configure PFSense correctly, you can dramatically reduce ping spikes.

There wasn't an internet connection involved in the tests shown. The tests were local ethernet only only. The LAN connection involved a switch, but the pfSense to DMZ host latency is literally just over a cross connect. No bridging was involved in the graphs I posted, but for what it's worth, I've also tested in a bridged LAN setup and it appears to have no impact, positive or negative. The distro of Linux is Gentoo. Over the course of several weeks other tests were run to individually check latency of the various components involved, switch, mulitple hosts, etc. The sawtooth with pfSense was consistent throughout.

and you ran out of crayons and a napkin? DRAW IT DUDE!!! Use gliffy if you want - its free.. if you have your router in front of pfsense, and its routing other vlans… Why do you have all those rules on pfsense lan interface??  POINTLESS... When would traffic come into pfsense lan interface from those networks?? DRAW IT!!! So your vlans off your cisco that is is connected to the internet can not get to the internet?  How does that have anything in the world to do with pfsense?  And how is pfsense being your firewall if your routing traffic off your cisco?  So you have pfsense in front of your cisco???  Then you need to connect cisco to pfsense with transit.. Create routes on pfsense to the downstream networks. your cisco has ip route 0.0.0.0 0.0.0.0 192.168.80.1 Where is that connected to pfsense???  Is that your pfsense lan which you want to use as transit?  Is there anything else on this lan?  Create routes on pfsense to all the downstream networks, also if pfsense connected to internet your going to have to have it nat all those downstream networks to its wan IP.. Since all your network are 192.168 would be easier to just summarize it use say 172.16.0.0/30 as your transit on pfsense lan.  Then you only need one route and one outbound nat rule. Normally downstream would be done with a transit network see attached.  Create a gateway on pfsense pointing to router interface on the transit for all your network or summarize.  Set your outbound nat to nat those networks as well.  And sure create allow on that transit interface for the downstream networks..  Any Any would be easiest.  Vs adding all of them individual [image: downstream.png] [image: downstream.png_thumb]

Hi, Yes indeed this is not the correct parameter. :-( I can't figure out which parameter to use. But this is a freebsd question. Thanks a lot. At least I have the confirmation where this parameter should be added on a pfsense box. Cheers.

How can I use squid as a transparent proxy ?  one of the groups use console applications that require internet access and there is no option to configure proxy for them

Not sure if this will apply.  If you are running 2012 server and desktops are 8.1 or newer, and last but not least your domain controller is across a VPN tunnel you can now use a feature in which even though the printer share is setup on the remote machine,  printing is done directly to the printer. Also maybe I missed it but is the printer USB or network capable?

With the ISP router which is doing NAT (1) and the pfSense is doing also NAT (2) and on top the other firewall is doing also NAT (3) you were creating a triple NAT situation and related to this this your problems exists. You have two choices to get rid of this issue. Set the ISP router to the so called "bridge mode" that the router is only acting as a pure modem if this able to realize, it would be the fastest and most stable way. Or buy a plain and pure modem. Cons: no Pros: You have then only created a double NAT situation with which you can live. Or you should bridge the LAN port from the ISP router to the WAN port from the pfSense firewall as suggest from @viragomann, that pfSense is acting as a fully transparent firewall then. Cons: Port flapping, packet loss or packet drops Pros: fully transparent firewall which is invisible

https://forum.pfsense.org/index.php?topic=107947.0 I had a TOPIC there and thanks to johnpoz  he found the problem wich is from the ISP dns

I agree about using ubiquiti unifi.  You can't beat the price point!  If you are in US you can get best price from Amazon.

Yeah I missed that in your screenshot. Sorry. Glad you found it.

You only have TCP traffic enabled.  What about UDP?  You can get rid of rules 1 and rule 2, unless you run IP6 traffic on your network.  Edit rule 3 so that it's using wildcard for everything and any for protocol.  You say you can ping websites but not access them.  Can you resolve any hostnames?  Is DNS working properly?

pfSense is based on FreeBSD (10.x and climbing now) so that's where your hardware requirements will come from. Usually they imply some kind of x86 processor and NIC interfaces, not sure if your device fits that bill. What are you hoping to do with pfSense?