@copcopcopcop: @Inxsible: @copcopcopcop: I am finalizing my new router build and I am stuck on which NIC to buy. I'm trying to avoid buying an intel NIC on ebay since the secondhand marketplace is just flooded with counterfeits. I know this doesn't answer your question, but read the many posts on this forum which confirm that even the $15-$20 used intel NIC cards work just fine. They might be made by certain Chinese companies but most do use the Intel chipset. If you still want to buy a brand new server NIC card, then more power to ya ! Yes, the cheap $20 Chinese counterfeit NIC's do work, but i think we can all agree that knowingly buying those comes with some very significant durability concerns. I'd rather pay the additional upfront cost to not worry about when my routers cheap NIC's are finally going to crap out. then buy 2 or 3 cheap ones so you can replace them in case of something going wrong with the years.. still much cheaper then the 200$+

The SD card slot is (currebtly) only for recovering the firmware in the event that the USB recovery fails. It would probably be possible to use it for caching but would require some hackery and the speed of SD cards is such that it might prove…. disappointing! However, if you want to use Squid to cache content to reduce load on your narrow WAN I would probably not choose the SG-1000. It will run Squid but with the limited RAM and storage available it won't provide the greatest experience. Steve

Xeon E3's are great processors to have. A bit of overkill for a home network but might serve you well for IDS/IPS.

I agree it reads like you're looking for an answer that doesn't exist here. If you want the highest OpenVPN speeds you can have, get the fastest single thread performance CPU you can afford. Though as said above spending twice as much will probably not result in twice the throughput. Steve

No. The Realtek NIC on the 'modem' card is connected to the host via PCIe just as a separate NIC would be. Steve

I don't anticipate any of those components failing anytime soon. Nothing moves or gets particularly hot. If you have to replace anything it will probably be from a bad component that will fail in the first few months and that's a crapshoot. Just keep a thumbdrive loaded with the installer of the same basic version (i.e., 2.4.x, 2.3.x) of pfSense that you use and keep your config.xml's saved somewhere and you should be fine for many many years to come. Old desktop workstations often work for well over a decade and they have moving parts, deal with on/off cycles, etc. Your box will likely last at least that long and probably longer. The first thing to go will probably be capacitors, and you could even replace those for a few bucks and keep marching on if you wanted.

J3355B

@tdale: Thanks! I'm out getting lunch right now when I get back I'll try that. I'm taking it down to the datacenter tonight I'm trying to figure this out before then haha. If you can't figure it out in time, just take a ton of pictures. If needed, take the whole display unit out and disassemble it and take pictures of everything.

USB Ethernet adapters are bad, don't use them. If you must: get a supported one but don't expect high reliability or speed. Desktop users often don't notice problems because the way they use it often doesn't show much problems. Firewalls/gateways have a different usage pattern and different needs, so the same hardware might not work as well as you think. On top of that, the drivers are often lacking and have firmwares missing (which is what you currently might be experiencing – the chip [ not made by microsoft ] probable is functioning in a basic 100Mbit mode because the driver in FreeBSD can't or won't load the chip firmware via USB into the adapter to enable the extra functions).

@cyberlocc: there is a pretty big diffrence from a core 2 quad at 3.5ghz and a kaby lake Xeon at 3.5ghz. No kidding.  That guide is ancient.  ~150 users/nodes shouldn't be a problem even with the most basic of hardware (that otherwise meets your 1Gbps requirements).  I'm serving that many nodes with virtual machines that have 1GB of RAM.

@Waqar.UK: @iormangund: True, it is a lot, but I have yet to find a decent small fanless equivalent other than a shuttle ds77u. At least that has intel nic and aes passmark score over 1k. Thanks to advice from this forum you can build an i5 for cheaper. The part that's causing me the issue though with building one is the motherboard, all ones I have found that would be perfect for the job would need a bios update for kabylake, and I don't have a skylake chip to do a bios update with. Emailed some manufacturers asking if the boards in question will post with a kabylake for an update but no response yet. (I know I could just get a standard board, but if i'm building my own I want ipmi and at least 2 intel nics, ie Jetway NF592-Q170. No kabylake compatible boards that don't need a bios update that fit that afaik)

I have a XTM 535 and interested in it as well. Now that XTM 53X are dropping in price as network engineers are upgrading to newer hardware, a good opportunity to revisit the new generation of XTM 5 series of routers. XTM 515, 525, 535, 545.

Thanks for suggestions guys. I will contact netgate also for models and support. Thank you.

^That. When 2.4 is released the Core-e will essentially be obsolete though there will be security updates for 2.3.X for some time should it be required. Even if that were not the case all of those boxes are now very old with likely many many thousands of hours on them and the component failure rates to match. As much fun as I had with those boxes I could not recommend anyone does so now if they have another choice.  ;) Steve

Jus got new record IPSec AES-256-CGM - 326 Mbit/s  

Update for anyone interested, the EVGA SuperNOVA 750 G3 PSU did not arrive on time Saturday by 8 PM as promised and paid for, so I called FedEx and asked that they return the package before delivery.  Got confirmation that Amazon would provide a full refund so I ordered what I hope is a correctly sized power supply. Remove EVGA SuperNOVA 750 G3 PSU -$140.85 Add FSP Group 700W PMBus V1.2 $179.99 New Total:  $930.84 I will probably continue my search for a cheaper alternative that supports AES and use this particular system for something that can actually use the horse power.  Right now the Watchguard XTM is working great! Y-ASK

@Routerb: Can this be done? In short: No. All-in-one with internal VDSL2 Modem is not easily possible and Wifi is, as you already pointed out, better served from an external AP. @Routerb: Internal Wifi or am I better off just adding UBIQUITI ACCESS POINT external AP. @Routerb: Failover 3G/4G checked. Use an external 3G/4G modem, aka stick. @Routerb: VDSL2 support nope, not in a single box. Unless you find a working VDSL2 modem that fits into an internal PCI-what-have-you slot. @Routerb: OS PFsense checked. @Routerb: All build into a minipc fanless device dreamer. @Routerb: VOIP port define your needs, this is usually just another ethernet port. If you're talking POTS then no.

This has been discussed several times before on other threads. My experience with a cheap ebay i350-T4 has been very positive since I bought it. Stable as a rock and appropriately fast - and as far as I can tell it's using genuine SoC's. https://forum.pfsense.org/index.php?topic=74158.msg569894#msg569894

"i agree and i already do this…. unfortunately only wireless n" Does this support guest??  Ie vlans?  What are you currently running for your external AP?  How many do you have? If what you want is guest or multiple wifi networks that you can segment then yes get a external AP that supports vlans is what your after.. Why not take the opportunity to update your current external AP that only does N to something that does AC, shoot for that matter AC wave 2 ;)

OK, thank you.