Thanks for the clarification!

The APU units get recommended a lot on here because they are relatively cheap, very low power and can handle the load of most home users not interested in heavy duty packages. Derelict has a great point about them being obsolete though. The SG units also come with support and a year of Gold, the APU4 does not.

Did you try to boot the pfsense cd with a usb cdrom?

I have a Bigip 6400 and it boots off the disc, trying with a nanobsd serial console version now… will update.

This may be more easily available.
http://www.jetwayipc.com/content/?ADMPEIDLA_220.html

I used one in a couple of small build and so long as there's some airflow it won't overheat or lock-up

Congratulations! Please let us know how it all works out for you and feel free to ask any questions you may have setting it all up.

Oh no not a chance.

OpenVPN will not achieve gigabit speeds on a single thread. At least not with any hardware that I'm aware of.

IDS/IPS is also a huge CPU hog.

If you want gigabit with IDS/IPS and really fast VPN, then you need something like a modern i7 with high clock speeds, and you still won't get gigabit VPN.

Unless money is no object to you, then getting an i7 or high clock xeon for a home use firewall is probably not worthwhile.

That's why I recommend the Pentium. You will get very good performance out of it and it will be reasonably priced. You could get the i3 for more money but it will probably not have any meaningful impact on performance. So you can keep spending money on increasingly diminishing returns or buy compromise, the choice is yours.

SG-1000 seems perfect for you.

the Gold Membership will be extremely valuable to you for learning pfSense!

Even if you decide on something DIY I recommend you budget for a Gold Membership.

SG-1000 combined with a VLAN capable switch will be great for you to learn!
https://www.newegg.com/Product/Product.aspx?Item=N82E16833704203&ignorebbr=1&nm_mc=KNC-GoogleAdwords-PC&cm_mmc=KNC-GoogleAdwords-PC--pla--Network+-+Switches-_-N82E16833704203&gclid=CPuBhrv_iNMCFZFffgodGO0L5A&gclsrc=aw.ds

Depending on your use case you may not need TRIM at all. Just about any SSD nowadays works just fine with only the built-in garbabe collector assuming you leave enough unused space on the disk. If you don't let the filesystem get too full the enough unused space condition is easily satisfied. The other way is to leave part of the disk unpartitioned and the unpartitioned space will be naturally unused as well.

Not so much about power savings, but having a dedicated box at the edge instead of a shared VM box sitting on the LAN.  If I go this route and keep using the VM box, I'll likely get a dedicated 2x or 4x Intel based NIC and do away with the VLANS.  Physical separation on the network side.

would go kaby lake pentium chip, 8gb ram, pick a board with sufficient pcie slots, and add ebay pcie intel nics

My own P4 based system could push ~350Mbps and that was a single core bog standard CPU.

If you exhaust the RAM and start swapping performance is destroyed though especially with whatever ancient slow disk is probably in that. It's easy to eat RAM with Snort and Squid if you just enable everything.

I might still be running that box were it not for that fact that all the capacitors died on the motherboard and it failed to post. That alone is good reason to upgrade.

Steve

@Harvy66:

The importance of ECC is directly related to the importance to prevent or detect corruption. My home router does not need ECC. PFSense is an appliance, if it goes down, I can replace it. My file server is a different thing. If ZFS gets corrupted in the wrong place, assuming I have no backups, I can lose everything.

If you use PFSense in a HA setup, you may need ECC. If the master sustains corruption, that corruption could negatively affect the slave. Or even worse, the master limps along doing some really crazy stuff.

I've been working with computers for nearly 30 years now, since a weeee child. I've seen what bad memory can do. The oddest things. Maybe it makes your cursor look funny, maybe it makes your audio have periodic distortions, maybe it just makes the close button on all of your windows disappear. If you're lucky, your system crashes. If you're not lucky, some really strange pathological failure could occur, causing all kinds of havoc.

I completely agree with this.

My VM and NAS server definitely has ECC.

My little pfSense box?  Not worth the hassle.

Back to Kaby Lake.

I just built a nice little Kaby Lake i3-7100  pfSense box based on this thread.

I am very happy with the results.  No OpenVPN benchmarking yet.  ahvent even installed pfSense yet, but I am already seriously impressed.

Idles at 6.2W at the wall, and maxes out at 46W with all threads (2C/4T@3.9Ghz) loaded in mprime.

Just stay away from the USB3 ports.  pfSense doesn't seem to like those at all, and the installers will fail unless booted from one of the USB2 ports.

@Jailer:

I believe you are correct. I save a copy of my config to my desktop any time I make any changes.

Always good practice.  I take it a step further and use a simple cron job with scp to copy /conf nightly.  But the auto config backup included in the Gold subscription (I verified, and it does come, for a year anyway, with any official hardware purchase from the store) makes it trivial.  Definite bonus, and since OP has the hardware newly purchased, one to take advantage of.

@Dazdigo:

Super micro did the same to me. They did clear the cmos but the IPMI hostname I set was the same so they are sending the same board back.

Cool. You just have to cover shipping costs to them? All you have send back is board itself, right?

Thanks Heper,
I forgot option 99 and was working off the live cd.  Still working on other things but I should be okay for now. Thanks again for the reply.

That barebones is pretty nice, but seems virtually no news on it… so I guess vaporware?

Powerline doesn't like certain things with it on the circuit.

Are you able to troubleshoot isolating it?

You don't happen to have a microwave or laser printer on the same circuit do you?

It is sufficient but is way too expensive for what you need.

Yeah I remember reading somewhere a list of which rebrands shut off features to i340 & i350, do you remember which? Or is there a way to check?

@VAMike:

@jimp:

@VAMike:

pfsense FreeBSD doesn't have good realtek drivers~~, and has not incentive to fix them because the netgate hardware uses intel cards~~. if that's a deal-breaker, you need a different operating system.

FTFY.

The cards are dodgy, the drivers don't help. If the drivers are bad, get them fixed in FreeBSD.

Sorry, it's getting hard to tell when to refer to pfsense as a special snowflake, and when to refer to it as freebsd plus some stuff.

What?