Hardware

• 

  Official pfSense hardware board
  • ivor  

  1
  0
  Votes
  1
  Posts
  12299
  Views

  No one has replied

• M

  Front LCD panel that looks like Ubiquiti USG-XG-8 ?
  • madmontero  

  2
  0
  Votes
  2
  Posts
  35
  Views

  

  I'm not aware of anything that could do that via lcdproc. Maybe something via Grafana from an external log aggregator? Easier to display it externally at that point I would guess... Something like this?: https://www.balena.io/blog/building-a-monitoring-dashboard-with-resin-io/ https://www.reddit.com/r/PFSENSE/comments/beqekj/my_first_venture_into_grafana_just_a_simple/ Steve
• F

  SSD (Solid State Drive) and pfSense (Important)
  • FJSchrankJr  

  141
  0
  Votes
  141
  Posts
  125568
  Views

  C

  Some data for this topic. 64 gig KINGSTON SMS200S360G This drive is not dramless, and is MLC. Clearly over spec'd in size but that extends useable cells. I did 10% manual over provisioning. I have ram disks enabled, so logs, rrd etc goto ramdisk. With 1 hour persistent backups. The write stats are much higher then I would expect, but even with the high amount of data written the drive has not even moved down 1% on its predicted life. 230 Life_Curve_Status 0x0013 100 100 000 Pre-fail Always - 100 231 SSD_Life_Left 0x0000 100 100 011 Old_age Offline - 0 233 SandForce_Internal 0x0032 000 000 000 Old_age Always - 1428 234 SandForce_Internal 0x0032 000 000 000 Old_age Always - 817 241 Lifetime_Writes_GiB 0x0032 000 000 000 Old_age Always - 817 242 Lifetime_Reads_GiB 0x0032 000 000 000 Old_age Always - 27 So basically 1.4tb written uncompressed, this is about 2 years usage. The sandforce controller has reduced it to 817gb of writes. Predicted life is still sub 1% used. I honestly dont know what has been written to cause those high write stats but regardless, the SSD has plenty of life left after 2 years of usage. Care should be taken tho when buying SSD's in this price bracket, kingston e.g. are kinda bait and switching, a lot of their newer models are TLC replacing MLC models, some I think might even be dramless, all their competitors are unknown chinese brands, as samsung and co dont want to compete in this price bracket. You can find their better drives typically second hand, but I would rather buy a second hand MLC with dram drive than a dramless TLC drive. But thought I would provide these figures anyway to help others. Finally there is 18 power cuts logged in the SMART stats which is probably right as the unit has suffered a fair bit from power cuts and is now on a UPS to prevent even more.
• M

  Cores VS Clock Speed
  • MarkPla7z  

  8
  0
  Votes
  8
  Posts
  84
  Views

  

  Not sure I understand the question... 8 cores will likely be sufficient, in terms of number of cores, for whatever you might do. Either of those will be more than enough for firewall/NAT at 1Gbps. OpenVPN will be by far your largest user of CPU cycles if you're using that. Steve
• K

  Watchguard XTM 5 Series
  • kmeyntz  

  868
  0
  Votes
  868
  Posts
  230163
  Views

  T

  @dlucas46 said in Watchguard XTM 5 Series: Hi all, For those of you with Xeons that would like coretemp to report the correct temp, you can try this recompiled coretemp module. I have set the TJMax value to 70c Remove the png extension and upload to /boot/coretemp2.ko Chmod 755 coretemp2.ko In your /boot/loader.conf.local add the following: coretemp2_load="YES" Reboot. You should now have a correct temperature reading.  I did this several months ago and its been working fine. If your CPU is in the same family as L5420 this should also work for you. coretemp2.ko.png Is it possible to re-upload this file or is there another way I can get it? Thank you!
• M

  10gbit pfsense
  • marcvb  

  11
  0
  Votes
  11
  Posts
  259
  Views

  

  Ah, fun! Thanks for coming back with that. Steve
• P

  D-Link DWM-157 USB Stock not recognized
  • peoples  

  39
  0
  Votes
  39
  Posts
  3366
  Views

  

  I personally have a Sierra em7305. It's an internal m.2 card but usb connected. That provides serial ports. I get 20-30Mbps over it. The newer em7455 also works fine. Hard to recommend anything I don't actually use myself. Other than that external Ethernet connected modems are generally much easier to deal with like the Netgear lb1120. Steve
• C

  Intel IX only using single queue
  • ChrisPSD  

  11
  0
  Votes
  11
  Posts
  63
  Views

  C

  Yes, it's now showing correctly as MSI-X. dmesg output below for completeness: ix0: <Intel(R) PRO/10GbE PCI-Express Network Driver, Version - 3.2.12-k> port 0x4000-0x401f mem 0xfd300000-0xfd3fffff,0xfd4fc000-0xfd4fffff irq 19 at device 0.0 on pci3 ix0: Using MSI-X interrupts with 9 vectors ix0: Ethernet address: 48:df:37:01:b8:e4 ix0: PCI Express Bus: Speed 5.0GT/s Unknown ix0: netmap queues/slots: TX 8/2048, RX 8/2048 Thanks again for your help.
• T

  Does the intel management engine make any firewall less effective?
  • tman904  

  3
  0
  Votes
  3
  Posts
  50
  Views

  T

  Sure makes sense, but what about a box made with off the shelf hardware server grade even? Rather if you can't disable is it a huge security hole?
• C

  Dell poweredge 1950 and AES-NI
  poweredge aes-n aes-ni • • Calvin_baank  

  3
  0
  Votes
  3
  Posts
  82
  Views

  

  Yeah, it will run fine but also consume a lot of power and make a lot of noise. Steve
• I

  What to do with a second drive (HDD)?
  • imthenachoman  

  6
  0
  Votes
  6
  Posts
  107
  Views

  I

  Got it. Thanks guys. I think I'll just leave it be then.
• V

  pfSense & Xeon D-2100
  • vokys  

  5
  0
  Votes
  5
  Posts
  203
  Views

  V

  @JeGr 1Gbps at both sites. 500Mbps on the C3558 is relativley higher than I've seen reported elsewhere.
• C

  What is this board??? Help!
  • ChrisMontrose  

  6
  0
  Votes
  6
  Posts
  165
  Views

  

  @ChrisMontrose said in What is this board??? Help!: How awesome of a pfsense router would this be?? Not that much really. Any C2xxx Atom or even better the newer C3000 Denverton Atoms would be far more "awesome" than that - especially if they somehow modified the PHY part so they won't work as igb or ix style interfaces. ;)
• R

  Watchguard Firebox M400
  • revsie  

  175
  0
  Votes
  175
  Posts
  16375
  Views

  

  Yes, sorry, that worked fine after going through it initialization routine because the cmos was cleared. Steve
• M

  pfsense on Turris Omnia
  • MacGyves  

  4
  0
  Votes
  4
  Posts
  139
  Views

  

  I doubt it unfortunately. Now that we have ported to our own ARM hardware there is a lot less reason to carry another device along with all the additional coding and testing that implies. If FreeBSD was already running on it that is reduced but it still adds a lot of work for us to maintain. Steve
• R

  APU2 Crashing
  • rustydusty1717  

  32
  0
  Votes
  32
  Posts
  245
  Views

  R

  @Gertjan said in APU2 Crashing: @rustydusty1717 said in APU2 Crashing: Just an update: Got a replacement board sent, put in another new mSATA drive, updated firmware to 4.0.25 and install pfsense 2.4.4p1 and so far knock on wood I have 10 hours of up-time. Is it normal for the board itself to beep every time I log into the webGUI? According to the doc Docs » pfSense » Hardware » Disabling Sounds/Beeps , yes ... ;) It's actually a user setting, enabled by default. But the beep is fine, it confirms you login was successfully. When it starts to beep with you doing something else, well .... that's when things become interesting. Yes, the last one was beeping continually which I kind of figured was never a good thing.
• T

  pfSense and AMD EPYC Based Systems
  • tman222  

  3
  0
  Votes
  3
  Posts
  101
  Views

  

  I would start by checking the FreeBSD forums and mailing lists for reports. Steve
• R

  Run A1SRi-2558F Headless?
  • roroeow7  

  4
  0
  Votes
  4
  Posts
  75
  Views

  B

  Have you tried loading default settings in bios? Got a Supermicro A1SAi-2550f which i use as a NAS but i have been using it with pfsense at one point without problems with no monitor.
• C

  bandwidth shaping on multiple Chelsio cards helpful?
  • CuteBoi  

  3
  0
  Votes
  3
  Posts
  60
  Views

  C

  @tman222 Use case? +9k active users(pipes2) on 28k devices (macs2). But I can only shape about 3k devices(macs*2) actively under 1.5gbps before I hit bottlenecks. I divide the residents depending on usage patterns on all the APs, and then centralize them via vlans to different pfSense servers acting as bridges. I monitor them. each resident has a pair of pipes, and it's shared between his devices that hit at least each pfSense gateway. I'm trying to centralize it further, but I don't know if adding more NICs and processors would help alleviate the interrupts. The logic says yes. After reading this, it seems like if I add more cores and more NICs, it should work, but papers don't normally guarantee that current OS's work the same as detailed. I guess I have to try: https://www.net.in.tum.de/fileadmin/bibtex/publications/papers/MMBnet15-2.pdf
• M

  Are These Specs Good Enough and Does CPU clock Speed Matter
  • MarkPla7z  

  10
  0
  Votes
  10
  Posts
  166
  Views

  C

  Just an FYI. IF the NAS and your PC are on the same network segment, they will never touch the pfSense interfaces. Only if the NAS and PC are using the Router as a gateway will you need that interface speed. It's nice to have a 10gbps in case you have different networks needing it. But typically folks keep their storage on a dedicated network not crossing their gateways.
• A

  pfSense on dual cpu server (Dell Poweredge)
  • az  

  17
  0
  Votes
  17
  Posts
  125
  Views

  A

  This has been an awesome first experience with forums. Just wanted to thank all of you for an awesome introduction into the community.
• P

  Can I use a PCI-e v2.0 network card in a PCI-e v1.1 slot?
  • provels  

  5
  0
  Votes
  5
  Posts
  83
  Views

  P

  @tman222 Thanks. I ended up ordering the IBM version from Ebay. Using virtualization now, but should be good if I end up going back to a physical box, too.
• 

  No love for PC Engines anymore?
  • valnar  

  31
  0
  Votes
  31
  Posts
  9540
  Views

  

  Hello, my name is Danail Lazarov from Bulgaria, Varna and I am a chief networking specialist at Rodnilb company, which has been working since 2000 to build networks and supply Internet services on the territory of Varna and the region. Since 2005, our company has been working with the wireless networking equipment of the Swiss company "PC Engines" as well as with the equipment of the Latvian company "Mikrotik" and the equipment of the American company "Ubiquiti", as we have built our communications networks (5GHz), and what I would like to share here with you are our personal observations regarding the quality of both the hardware produced and offered by these three leading companies as well as their support, fidelity and honesty to their clients. What made me extremely impressed was the incredible operational endurance of "PC Engines" products, their high-quality craftsmanship and impeccable loyalty to their customers who have already chosen to work with the company's products in their business. Their devices from the "WRAP" series last for almost 14 years almost continuous work, without giving any defects! It's just amazing and really worthy of praise and recommendation! These devices do not inflate an electrolytic capacitor! They are simply iron, designed and calculated perfectly for decades of operation. We have dozens of them installed on the roofs of different buildings in Varna and for years we do not go to service them because they just work flawlessly! The same applies to the newer models of the "ALIX" series that we have been using since 2010, and so far they have performed well as their predecessors in the "WRAP" series. And when something happens to some of the products of "PC Engines", its clients can be calm because they will get full assistance in solving the problem, but this action is unfortunately not the case with "Mikrotik" which leaves its customers to deal with the problems of their products. With "Ubiquiti", the situation is the same as in the case of "Mikrotik", but slightly better, but in the first place, honesty, quality and durability are "PC Engines". Prominent Swiss precision, accuracy and loyalty are fully applied in the company policy of "PC Engines"! The Company "PC Engines" deserve this praise and this comment because they are just unique! For so many years I've never met such a company!
• 1

  pfSense box advice
  • 1druid1  

  17
  0
  Votes
  17
  Posts
  493
  Views

  

  @rebi said in pfSense box advice: BTW since pfSense now supports ARM, it might be possible to be installed on a Raspberry PI (never dug into the topic, it's just an idea) No it isn't. The two devices with ARM have custom images. There is no "generic ARM" image for pfSense. Sorry. Besides, a RasPi is a really bad choice for routing.
• T

  Official Realtek Driver Binary 1.95 For 2.4.4 Release
  • TheNarc  

  40
  4
  Votes
  40
  Posts
  3393
  Views

  T

  @TheNarc said in Official Realtek Driver Binary 1.95 For 2.4.4 Release: CI323 What I experienced, using the driver built into pfsense on Cl323, is that there will be watchdog timeouts frequently; but eventually the LAN interface will quite working completely until someone reboots the box. After installing the realtek driver 1.95 as described in this thread, those issues are no more and the box is stable. If you are deploying pfsense on CI323, I'd strongly reccommend this driver and that stress testing the network is part of your checklist.
• F

  Broadcom NIC fails to connect -Dell 210 ii
  • fin1000  

  4
  0
  Votes
  4
  Posts
  72
  Views

  

  If the client gets an IP address via dhcp but can't make any connections otherwise it's almost always because there's no firewall rule on the interface to allow it. So either there simply are no rules (the default) or the rules haven't been applied or less likely they cannot be applied for some reason. If you rebooted and it started working they probably just hadn't been applied. Steve
• R

  SFP network cards?
  • roroeow7  

  4
  0
  Votes
  4
  Posts
  129
  Views

  T

  SFP modules should generally work on SFP+ cards (and just operate at 1Gbit speeds), but I'm sure there are some exceptions out there (e.g. SFP+ cards that only support 10Gbit and not 1/10Gbit). I'd take a look around first and see if you can find a good SFP card (though there is a decent chance it will be used, e.g. check out Ebay). If not, consider just getting a SFP+ card and using SFP modules (there should be more availability and ability to buy new if you want). As @stephenw10 already mentioned, both Intel and Chelsio cards work very well with FreeBSD (and hence pfSense). Hope this helps.
• L

  Swapping network card
  • lovingHDTV  

  5
  0
  Votes
  5
  Posts
  83
  Views

  L

  Bought one of these off ebay. Seems to work perfectly. Dell 0HM9JY david
• I

  mini ITX motherboard with multiple NICs supporting newer Intel chips with AES
  • imthenachoman  

  3
  0
  Votes
  3
  Posts
  364
  Views

  I

  This is great. Thank you so much!
• D

  PFS on a checkpoint 2200
  • Dr3K0  

  23
  0
  Votes
  23
  Posts
  3894
  Views

  

  It's really old at this point. It would have to be very cheap or something that you are doing for the experience in my opinion. But you probably can install to it. Checkpoints other devices were not locked to prevent it on those I have seen. You may well need to swap out the boot media, I have no idea what that boots from but Nano no longer exists since this thread was started. Steve
• B

  Returning user needs a new pfSense box!
  • bluepr0  

  16
  0
  Votes
  16
  Posts
  855
  Views

  B

  Hello! I thought I should update this thread on what I've finally settled after trying a few different routes. First I tried to go the official way, which ended up being super expensive if you live in Spain. There's some more accesible options on Germany through Voleatech but still quite a bit with the power you get. Don't get me wrong, this would be the perfect option if this was a mission critical equipment, but this is just for my home network. Then I tried going the virtualisation route but I found some problems and/or limitations with KVM when trying to route gigabit speeds. I'm currently on 500/500 but pretty sure in a few years from now we will have 1000/1000 as my ISP has been almost duplicating speed between 2-3 years. Not so future-proof. Also was a bit of a pain in the ass if I had to do stuff on the server that my internet will be also off. And finally arrived to what I think it will be the perfect solution, yes you guessed it: bare-metal installation. I had lying around a cheap PC I built last year for my crypto miner project: Asus prime z270-p + Intel G4400 + 4gb RAM (that was around 160€ new). I'm going to add a SF450 PSU, SSD next week but already got the Intel i350-t4. Power consumption currently is around 28w on idle and 35 when routing gigabit with ntop, suricata, pfBlockerNG and a few more). Should be a bit less when I receive the SSD, currently is on HDD. Hope this could be helpful for someone else looking at build its own pfSense box. I will update with final numbers once I've all in place. Maybe even some pics! Thanks :)
• F

  Pfsense won't recognize network card
  • firefox  

  39
  0
  Votes
  39
  Posts
  5044
  Views

  P

  Are you still facing this issue? Try fake credit card numbers that work for online shopping. It might help you.
• M

  Limited Options in GUI, No SSH, Box died
  • MoTheMighty  

  3
  0
  Votes
  3
  Posts
  55
  Views

  M

  Stephen, I appreciate you taking the time to reach out. I will have to check this out in the morning as I seem to have accidentally migrated the giant box of USB cables to my business' storage unit. However, in the event that the drive is bad, I wonder if Netgate has access to a replacement module that I can re-solder to the board. All-in-all, I'm quite impressed with the quality of the PCB that Netgate uses. Thank you, ~Morgan
• D

  PC Engines apu2 experiences
  • dugeem  

  263
  0
  Votes
  263
  Posts
  70888
  Views

  

  @Veldkornet said in PC Engines apu2 experiences: Is anyone using the CoDel / FQ_CoDel Traffic Shaping on the APU2? Working well? Any problems? I have an APU2 box at work to provide a separate network for personal devices. It is setup with the FQ_CoDel limiter / floating rules method described towards the end of the Playing with FQ-CoDel Thread. It has been rock solid and seems to provide equal bandwidth sharing for the 30 - 50 devices connected each day and 16 - 20 GB of traffic that is passed on our 150/150 FiOS link.
• J

  cd0: Attempt to query device size failed :NO READY. Pfsense 2.4.4 no boot ini disk.
  • j.sejo1  

  6
  0
  Votes
  6
  Posts
  56
  Views

  

  Need to see the boot log then at least. I can't think of any reason an empty optical drive would do that. Steve
• H

  New PfSense Build
  • homerjay84  

  8
  0
  Votes
  8
  Posts
  363
  Views

  

  Read through the whole thread to get the full low-down https://forum.netgate.com/topic/39639/watchguard-xtm-5-series Steve
• I

  good PCI Express 1.0 x1 NIC for an older motherboard
  • imthenachoman  

  3
  0
  Votes
  3
  Posts
  78
  Views

  I

  Thanks! Will order one right away.
• F

  Help with pfsense + zyxel gs1920 VLAN configuration
  • fozters  

  3
  0
  Votes
  3
  Posts
  987
  Views

  D

  Late to the party here, but thanks for talking through the problem you were having. It helped me with a Zyxel. Appreciate it!!
• C

  Rack Mount pfSense Router Build
  • Commander  

  8
  0
  Votes
  8
  Posts
  1419
  Views

  T

  Hi @Commander - I think you'll be quite happy with your choice. I have been running pfSense on this exact system for about two years now without any major issues -- this little box offers great performance. Let me know if you have any further questions regarding configuration or performance tweaking once you have got things setup. Hope this helps.
• P

  Support for USB wifi adapters
  • pachi  

  9
  0
  Votes
  9
  Posts
  64
  Views

  

  Do they even make 32 bit hardware any more for PC? Has to be YEARS and YEARS.. Is your PC like 10 some years old? Even the PI 3 for $35 is 64 bit cpu..