Hardware

• 

  Official pfSense hardware board
  • ivor  

  1
  0
  Votes
  1
  Posts
  12137
  Views

  No one has replied

• 1

  pfSense box advice
  • 1druid1  

  1
  0
  Votes
  1
  Posts
  9
  Views

  No one has replied

• D

  PFS on a checkpoint 2200
  • Dr3K0  

  23
  0
  Votes
  23
  Posts
  3763
  Views

  

  It's really old at this point. It would have to be very cheap or something that you are doing for the experience in my opinion. But you probably can install to it. Checkpoints other devices were not locked to prevent it on those I have seen. You may well need to swap out the boot media, I have no idea what that boots from but Nano no longer exists since this thread was started. Steve
• B

  Returning user needs a new pfSense box!
  • bluepr0  

  16
  0
  Votes
  16
  Posts
  663
  Views

  B

  Hello! I thought I should update this thread on what I've finally settled after trying a few different routes. First I tried to go the official way, which ended up being super expensive if you live in Spain. There's some more accesible options on Germany through Voleatech but still quite a bit with the power you get. Don't get me wrong, this would be the perfect option if this was a mission critical equipment, but this is just for my home network. Then I tried going the virtualisation route but I found some problems and/or limitations with KVM when trying to route gigabit speeds. I'm currently on 500/500 but pretty sure in a few years from now we will have 1000/1000 as my ISP has been almost duplicating speed between 2-3 years. Not so future-proof. Also was a bit of a pain in the ass if I had to do stuff on the server that my internet will be also off. And finally arrived to what I think it will be the perfect solution, yes you guessed it: bare-metal installation. I had lying around a cheap PC I built last year for my crypto miner project: Asus prime z270-p + Intel G4400 + 4gb RAM (that was around 160€ new). I'm going to add a SF450 PSU, SSD next week but already got the Intel i350-t4. Power consumption currently is around 28w on idle and 35 when routing gigabit with ntop, suricata, pfBlockerNG and a few more). Should be a bit less when I receive the SSD, currently is on HDD. Hope this could be helpful for someone else looking at build its own pfSense box. I will update with final numbers once I've all in place. Maybe even some pics! Thanks :)
• F

  Pfsense won't recognize network card
  • firefox  

  39
  0
  Votes
  39
  Posts
  4777
  Views

  P

  Are you still facing this issue?
• M

  Limited Options in GUI, No SSH, Box died
  • MoTheMighty  

  3
  0
  Votes
  3
  Posts
  44
  Views

  M

  Stephen, I appreciate you taking the time to reach out. I will have to check this out in the morning as I seem to have accidentally migrated the giant box of USB cables to my business' storage unit. However, in the event that the drive is bad, I wonder if Netgate has access to a replacement module that I can re-solder to the board. All-in-all, I'm quite impressed with the quality of the PCB that Netgate uses. Thank you, ~Morgan
• D

  PC Engines apu2 experiences
  • dugeem  

  263
  0
  Votes
  263
  Posts
  70420
  Views

  

  @Veldkornet said in PC Engines apu2 experiences: Is anyone using the CoDel / FQ_CoDel Traffic Shaping on the APU2? Working well? Any problems? I have an APU2 box at work to provide a separate network for personal devices. It is setup with the FQ_CoDel limiter / floating rules method described towards the end of the Playing with FQ-CoDel Thread. It has been rock solid and seems to provide equal bandwidth sharing for the 30 - 50 devices connected each day and 16 - 20 GB of traffic that is passed on our 150/150 FiOS link.
• J

  cd0: Attempt to query device size failed :NO READY. Pfsense 2.4.4 no boot ini disk.
  • j.sejo1  

  6
  0
  Votes
  6
  Posts
  52
  Views

  

  Need to see the boot log then at least. I can't think of any reason an empty optical drive would do that. Steve
• H

  New PfSense Build
  • homerjay84  

  8
  0
  Votes
  8
  Posts
  245
  Views

  

  Read through the whole thread to get the full low-down https://forum.netgate.com/topic/39639/watchguard-xtm-5-series Steve
• I

  good PCI Express 1.0 x1 NIC for an older motherboard
  • imthenachoman  

  3
  0
  Votes
  3
  Posts
  60
  Views

  I

  Thanks! Will order one right away.
• F

  Help with pfsense + zyxel gs1920 VLAN configuration
  • fozters  

  3
  0
  Votes
  3
  Posts
  930
  Views

  D

  Late to the party here, but thanks for talking through the problem you were having. It helped me with a Zyxel. Appreciate it!!
• C

  Rack Mount pfSense Router Build
  • Commander  

  8
  0
  Votes
  8
  Posts
  1153
  Views

  T

  Hi @Commander - I think you'll be quite happy with your choice. I have been running pfSense on this exact system for about two years now without any major issues -- this little box offers great performance. Let me know if you have any further questions regarding configuration or performance tweaking once you have got things setup. Hope this helps.
• P

  Support for USB wifi adapters
  • pachi  

  9
  0
  Votes
  9
  Posts
  52
  Views

  

  Do they even make 32 bit hardware any more for PC? Has to be YEARS and YEARS.. Is your PC like 10 some years old? Even the PI 3 for $35 is 64 bit cpu..
• T

  Official Realtek Driver Binary 1.95 For 2.4.4 Release
  • TheNarc  

  34
  4
  Votes
  34
  Posts
  2985
  Views

  

  I would guess no. Not much activity in the FreeBSD repo: https://github.com/pfsense/FreeBSD-src/commits/RELENG_2_5/sys/dev/re
• I

  mini ITX motherboard with multiple NICs supporting newer Intel chips with AES
  • imthenachoman  

  2
  0
  Votes
  2
  Posts
  108
  Views

  T

  Hi @imthenachoman - I'm sure you'll get a lot of different suggestions, but here's one possibility - I put something similar together recently (although it was not for pfSense): CPU - Intel i3-8100: https://www.amazon.com/Intel-8th-Core-i3-8100-Processor/dp/B0759FTRZL/ Motherboard - ASUS Prime H310I-PLUS CSM: https://www.amazon.com/dp/B07KKNLYQH NIC - Intel i340-T4 https://www.amazon.com/Intel-Ethernet-Server-Adapter-system/dp/B003M772KE/ Case: https://www.amazon.com/Silverstone-Mini-ITX-Center-Computer-Aluminum/dp/B00HJOK6F4/ This includes a pretty speedy (high clock speed) quad core CPU and mini-ITX board combined with a fairly recent Intel quad port NIC. This should have no problem passing 1Gbit (though not over OpenVPN). Of course don't have to use this particular case, was just an example of what's out there for mini-ITX. Hope this helps.
• I

  Will this hardware run pfSense and support 300 Mbps with IDS/IPS, DNS over TLS and pbBlockerNG
  • imthenachoman  

  8
  0
  Votes
  8
  Posts
  134
  Views

  I

  @stephenw10 Agreed. Plan is to install pfSense just to get a feel for the OS/experience. My networking knowledge is not great so if I can't figure it out then I want to know before I buy a new LAN card. I've seen some videos online with screenshots and those screenshots had many terms I don't know so I'm a little worried. Just created the USB installer so I'll see how it goes.
• S

  VLAN getting IP but no internet (pfSense, EdgeSwitch8XP, UniFi AC LR) with screenshots
  • sethelyon  

  30
  0
  Votes
  30
  Posts
  83
  Views

  

  Do you see blocked traffic in the pfSense firewall log? It seems like your client has the wrong default route or no default route. It looks to have the right gateway though. Hmm...
• A

  Zotac CI323 Installation - Controller Failures
  • ac0hen  

  14
  0
  Votes
  14
  Posts
  5678
  Views

  

  @ac0hen said in Zotac CI323 Installation - Controller Failures: bsdlabel -B -r -w ada0s1 auto" command, it stops at 77% (every time).  Then a "ahcich1" Timeout on slot 21 port 0" and "(ada0:ahcich1:0:0:0):  CAM status: Command timeout With that same error?
• I

  LCDproc to work with Checkpoint LCD
  • ibysmalls  

  4
  0
  Votes
  4
  Posts
  49
  Views

  

  The port placement and LCD look like a Lanner box in which case I would expect the SDEC driver to work. That's connected via the parallel port. However almost all Checkpoints other stuff is Portwell/Caswell. That's not the EZIO LCD though. But yeah it will only run the now obsolete 2.3.5. Steve
• T

  Official Realtek Driver v1.95 Binary
  • TheNarc  

  22
  4
  Votes
  22
  Posts
  1726
  Views

  F

  I have made FreeBSD 12 package. https://drive.google.com/file/d/1Ch4Z_w7gpbrpavQ4KhPUXUzYhRyzqnye/view?usp=sharing I dont consider it my work - I have just packed it in one archive. It is stable for me on 12.0 p3 more than "sed -i -e 's/TAILQ_FOREACH/CK_STAILQ_FOREACH/g' if_re.c"
• D

  Single board computer support
  • dibun  

  9
  0
  Votes
  9
  Posts
  155
  Views

  

  And throughput? VPNs? Packages?
• T

  PSA -- Realtek Network Drivers (RTL8111) in BSD/Pfsense are Problematic
  • tcarlisle  

  1
  0
  Votes
  1
  Posts
  92
  Views

  No one has replied

• Y

  Supermicro 5018D-FN8T Tweaks
  • yorke  

  9
  0
  Votes
  9
  Posts
  254
  Views

  T

  I have been using this system for a couple years now with a symmetric 1Gbit fiber connection and it is definitely capable of passing gigabit speeds even with IDS/IPS enabled (in my case I run Snort). Here a couple more suggestions: Networking tweaks - put these four lines below in your loader.conf.local file (if you're using the SFP+ ports replace igb with ix): hw.igb.rx_process_limit="-1" hw.igb.tx_process_limit="-1" hw.igb.txd="2048" hw.igb.rxd="2048" I'd also recommend disabling flow control and energy efficient ethernet, unless you have a specific need/use for them. Another good thread with tuning tips: https://forum.netgate.com/topic/101391/loader-conf-local-tuning-for-modern-hardware/ Finally, if you disable Suricata temporarily, do you get full speed with a client behind pfSense, or does it not make a difference? Hope this helps.
• M

  pfsense on rasppery PI
  • mehdi92  

  13
  0
  Votes
  13
  Posts
  361
  Views

  M

  @stephenw10 said in pfsense on rasppery PI: You can do that with Radius accounting in pfSense but it's quite a complex setup. It also doesn't scale well to a large number of users if you have individual accounts in Freeradius. The GUI is not setup for that. Better to use a separate Radius server if you need that. It would not run well on an SG-1000, if you go that route it should be installed on larger hardware. Thanks!
• S

  Does pfSense support StarTech PCIe Gigabit Multimode SC Fiber Card?
  • Seeking Sense  

  10
  0
  Votes
  10
  Posts
  203
  Views

  

  Ah, nice so it probably was a multimode/singlemode mismatch. Good result! Steve
• M

  Incredibly Poor Performance - AMD K10 & Intel i350-T4 (igb driver)
  • menisk  

  3
  0
  Votes
  3
  Posts
  167
  Views

  M

  So I managed to solve this with a BIOS update in the end. Part of the update process was clearing the CMOS so I had to change a bunch of settings back. The only setting I know was different that I chose to leave default this time was the ACPI HPET Table option. Previously it was enabled, now it's disabled. I don't really see how this would affect performance to the extent I was seeing, so I suspect it was something in the BIOS updates that solved the issue. Also MSI interrupts are definitely slower than MSI-X, they took me down to 50mbit. For the next sod that goes googling this, the Motherboard was an ASRock N68-S3 UCC. Initial BIOS version was 1.4, updated to 1.6. I'm now running all defaults except that I've restricted my queues to 1 per NIC with the following in /boot/loader.conf.local hw.igb.num_queues=1 I'm doing this because I have a dual core CPU and 4 NICs, so I'm trying to reduce the amount of context switching. It may work fine as a default, but after the nightmare of getting it to this point I'm just going to leave it be.
• M

  4g modem info
  • mouitido  

  10
  0
  Votes
  10
  Posts
  2899
  Views

  A

  @johnminaa said in 4g modem info: I will also recommend Huawei E398 LTE USB Modem. I never owned, used or recommended it. Personally I would recommend Huawei E3372H as a replacement. Fortunately some people already posted here some receipts on using it in the different modes.
• C

  Crashes on APU2
  • Cypher100  

  10
  0
  Votes
  10
  Posts
  317
  Views

  

  Hmm, very different crash: db:0:kdb.enter.default> bt Tracing pid 0 tid 100250 td 0xfffff8001d5f0000 lz4_compress() at lz4_compress+0x761/frame 0xfffffe01205358d0 zio_compress_data() at zio_compress_data+0x8c/frame 0xfffffe0120535910 zio_write_compress() at zio_write_compress+0x21f/frame 0xfffffe0120535990 zio_execute() at zio_execute+0xac/frame 0xfffffe01205359e0 taskqueue_run_locked() at taskqueue_run_locked+0x154/frame 0xfffffe0120535a40 taskqueue_thread_loop() at taskqueue_thread_loop+0x98/frame 0xfffffe0120535a70 fork_exit() at fork_exit+0x83/frame 0xfffffe0120535ab0 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0120535ab0 --- trap 0, rip = 0, rsp = 0, rbp = 0 --- db:0:kdb.enter.default> ps Fatal trap 12: page fault while in kernel mode cpuid = 2; apic id = 02 fault virtual address = 0x1 fault code = supervisor read data, page not present instruction pointer = 0x20:0xffffffff8300ab51 stack pointer = 0x28:0xfffffe0120535860 frame pointer = 0x28:0xfffffe01205358d0 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 0 (zio_write_issue_2) More like a hardware issue with different crashes like that. Steve
• S

  Lightning Protection w/PCIe Gigabit Multimode SC Fiber Network Card???
  • Seeking Sense  

  4
  0
  Votes
  4
  Posts
  133
  Views

  S

  @mats thanks for the reply and please forgive the long delay in responding. Thanks for the advice regarding the electrical side. Have a APC UPS powering the cable modem. The coax feeding the cable modem is run thru a surge suppressor . The pfSense box is powered by a separate APC UPS. Anything else I should consider?
• F

  Better option for $$$ than Protectcli FW6C with 16GB ram & 512GB M2?
  • fabrizior  

  11
  0
  Votes
  11
  Posts
  470
  Views

  F

  Thank you gentlemen. I appreciate your time and feedback.
• U

  Can pfsense support 5 x Intel X710-T4 quad 10gigabit RJ-45 port adapters?
  • uberwebguru  

  14
  0
  Votes
  14
  Posts
  415
  Views

  

  Good decision!
• U

  Alternatives to Netgear 10G smart managed pro switches
  • uberwebguru  

  11
  0
  Votes
  11
  Posts
  253
  Views

  U

  @stephenw10 around 24 x 10G ports
• T

  Intel X552 Onboard SFP+ No Carrier Issues
  • tman222  

  4
  0
  Votes
  4
  Posts
  106
  Views

  

  Ah, interesting. I have seen that with an incompatible SFP module but never with just the connection like that. But yes in that case simply removing the module and rebooting was not sufficient to clear the state in the NIC. It had to be completely powered down to see the correct module again. Steve
• N

  pfSense on Watchguard M370
  • networkBob  

  7
  0
  Votes
  7
  Posts
  364
  Views

  

  mSATA, they finally moved off CF then. Nice. There are some big differences to the NCA-4210 which I assume it's based on. Interesting.
• P

  Installing the Realtek PCI-e Module in PfSense / FreeBSD [Help]
  • prickly_porcupine  

  5
  0
  Votes
  5
  Posts
  132
  Views

  P

  Thanks @stephenw10 for the insight, I really appreciate it. I won't waste any more time on this.
• A

  Intel quad port NIC recomm.
  • aljames  

  5
  0
  Votes
  5
  Posts
  284
  Views

  B

  I've recently bought an Intel Pro/1000 too to test pfSense on virtual machine (Proxmox)
• R

  Watchguard Firebox M400
  • revsie  

  172
  0
  Votes
  172
  Posts
  16159
  Views

  

  Then any relatively cheap i3 like the 4130 will work. That will give you a faster CPU with hyperthreading and AES-NI. I think someone fitted one earlier in this thread. (edit: several people in fact) Steve
• L

  Issue with mobile broadband dongle
  • landman16  

  11
  0
  Votes
  11
  Posts
  247
  Views

  

  Ok, you will need to change it's mode. For example: http://www.draisberghof.de/usb_modeswitch/bb/viewtopic.php?t=1226 It would be better to permanently switch it which might be possible from it's interface in Windows or Mac. Otherwise if you can switch it to device ID 1C05 it should be detected: https://github.com/pfsense/FreeBSD-src/blob/ff7d4801f1b88de656e028209818ff005e8a1353/sys/dev/usb/usbdevs#L2437 Steve
• 5

  Watchguard xtm 5 issue
  • 5310  

  4
  0
  Votes
  4
  Posts
  142
  Views

  

  If you boot an image that does not use a serial console by default you won't see anything unless you have the VGA header hooked up. The XTM5 does not have a UEFI bios. It you try to boot an image that requires UEFI it won't boot. Are you trying to boot USB? Do you know the pfSense installed boots USB, you've made the required BIOS changes? Steve
• S

  Unable to hit 1Gbps connection through Bell PPPOE. Can't figure out bottleneck.
  • Slither13  

  10
  0
  Votes
  10
  Posts
  405
  Views

  

  You might have more luck with a Broadcom NIC and patched FreeBSD driver: http://www.dslreports.com/forum/r32230041-Internet-Bypassing-the-HH3K-up-to-2-5Gbps-using-a-BCM57810S-NIC I have no way of testing that myself.... Steve