The SG-2220 will probably be a good fit there. I assume you have a Gigabit switch in there on the LAN side? If you needed, for example, VLANs for different hosts and were routing between them via the 2220 you would see some restriction. But if your only traffic through the firewall is to/from the internet there would be no problems. Are you going to be running any VPNs? Packages? Steve

It seems that FreeBSD's tftp and tftp-hpa don't get on too well…. https://lists.freebsd.org/pipermail/freebsd-questions/2011-April/229210.html Well they didn't in 2011... maybe they still don't. How do I get around the problem?

I should start by saying that I only now realize this post probably should have gone in the Hardware section. Sorry Admins. Thanks everyone for your input. After a budget talk I think I like these. For the first location needing the 8 port: Netgear GS108PE-300NAS For the second location needing the 16 port: Netgear GS716T-300NAS I looked at the Ubiquiti gear and it looks great but cost was (always is) the factor.

If this is just for testing purposes set WAN to DHCP and your LAN to whatever you want and then configure your virtual network as you please.

@Steve_B: "These kinds of attacks are possible when a local web server lacks robust CSRF." pfSense has a robust CSRF system. I don't get to use that word enough.  Robust.

The ACB server has been having issues for many months now. Getting really annoying.

@johnkeates: @kpa: Faster boot time != better overall performance. It's possible to cheat during the boot time quite a bit and that's what many Linuses do to achieve on the surface great looking performance. However, the real performance of a firewall/router has nothing to do with boot time but with the performance of the packet filter and the network stack. And seriously, are you going to be rebooting your router/firewall so often that the boot times actually have some significance?  :o I think it's more an issue of scale for his case. 100 routers using 1GB RAM and 2 CPU cores is quite expensive. Yes, we will be booting the firewalls so often that the boot times are very significant, and John's right, it's absolutely about scale for us. We're evaluating this for use where we launch thousands of VMs daily, with individual VMs or small collections of VMs connected to a pfSense VM that is serving as their NAT gateway. Faster boot performance at that scale definitely counts, perhaps moreso than the performance of the packet filter and network stack (although we don't want to ignore the performance of those either).

@Presbuteros: Are you timing out on Interfaces>Assignments only or with the webConfigurator/GUI completely? Does it respond to ping? Can you access the shell? Does ping from shell to 1 of 120 vlan subnets respond to ping? (you may not have this configured yet) The issue is only with timing out on https://pfsense/interfaces_assign.php Other areas of the webConfigurator are working as expected. I can access the shell with no issues but have not got my head around how to manage interfaces from there as yet. NAT to the 120 subnets on 120 VLANs is working great. @johnpoz: So 120 vlans sharing 1 physical interface - seems efficient ;) So users are at 10mbps and this is a 10ge interface? This is a very specific lab / testing environment where NAT to the 120 subnets on vlans on the single interface makes absolute sense in the context of the outcomes we are looking to achieve. Traffic over vlans is less than 1KBps, so not a concern.

Definitely provide more details, I'd chime in if I could. But I personally feel that it is worth helping out a potential pfSense customer on the forums. If someone can let him know if pfSense works for his needs then he buys 1+ official pfSense product, and the project is supported. To me this is different than some home user like myself chiming in with "hey my ddWRT router VPN is slow, can pfSense a VPN make on my laptop"?

The state table (Diagnostics -> States) will also show the assocations between the WAN interface states and the LAN interface states.

Thanks

Thanks arnoldo0945 but i already read those article and I've not get answers to my question. Anyway thanks for spending time helping me.. :)

All those things do is make an IPsec tunnel to the mother ship. There is generally nothing that needs to be done in the firewall. Get the IP address out of the DHCP leases page and filter states on it. From that you should be able to tell what it is doing and if there is bidirectional traffic. If there is, be patient. Start from a reset. They can take a LONG time to start working. Put it in a window if not outside as has been mentioned. The last one I dealt with had a GPS antenna that looked like a little mouse. We put that in the window. It eventually came up.