What do you think?

You even get what you pay for!

Go to amazon.com and have a look to used or refurbished Intel dual or Quad port NICs
that are originals and well supported under pfSense. They are starting at ~$40 - ~$150.

But then you get often original spare parts and you have something like a RMA policy from
amazon.com and often in the reviews something about pfSense will be written.

1. mission critical end points and areas:
The best solution is a Cradlepoint  device in my eyes, for sure not cheap but even working well.
As an example Cradlepoint 1400 would be nice working.

2. "self" made modem:
Get a RaspBerry PI2 with Raspian or Ubuntu Linux on it, stitch in any USB LTE modem that works with verizon
and you will be able to plug it in the pfSense box over the RJ45 GB LAN Port of the RAPI 2.0 to the pfsense WAN
port and now you will be able to set up to Gateway groups and fail over rules and/or load balancing rules.

Linux often comes with more driver support for those devices and might be using not more power
as an ordinary external modem will do and the modem should be changed against a newer one
according to new channels, more throughput or what ever and nothing must be changed in pfSense.

3. External and internal adapter solution:
According to your hardware basis you could use this adapter for internal usage.
Or you will be able to get your hands on this external adapter where you will be
able to insert any kind of miniPCIe modem but connect it then external over the USB
port to your pfSense firewall.

4. search options for the forum here or google:
SierraWireless MC7710, MC7750, MC7770 and MC8470
Sierra Wireless AirPrime Mini Cards MC73xx

5. success stories about well known working modems:
Known working modems 3G/4G
Verizon - Sierra Wireless press release

Sierra Wireless u330 USB LTE modem
Verizon 4G rural Internet (pfSense)
Verizon UML290
another UML290

anyone know where I can find a driver to work with the Hystou machines

What kind of Hystou machines you are owning or are you using?
If this is a x86 or x86_64 based PC in any kind of factor pfSense should run on it.

…...and the broadcom wifi chips they ship with?

This is really thin ice you are standing on, or? Would you please provide some more information
about this pice of hardware, that we are able to tell you more about? Is this a changeable miniPCI,
miniPCIe, PCI, PCIe card or an USB module in form of a USB stick or USB adapter?

If you will not be able to get your cards working, you could have a look on this two miniPCIe cards
I had have seen many success stories about them.

Compex wle200nx Ubiquiti (UBNT) SR71-E

What is the best wireless card to use
Supported wireless cards
Wireless interfaces

@GruensFroeschli:

Good luck.
I'm sure your charming way with word will get you the answer you want to hear ;)

Good luck.
I'm sure your charming way with word will get you the answer you *need to hear ;)

I see BlueKobold replied before I posted my comment; it seems that the Cisco router on ebay could be a hit or miss.

Could be even, what should I tell you now if the CPU and some other things are supported but the NICs
aren´t supported by pfSense? And then? Spending $199 + $48 shipping fee and you came on something
like nearly $250 and if you are outside of the USA once more on top ~$57!!! And then it is nearly ~$310

Jetway N2930 would be more my favorite.
This item:Jetway NF9HG-2930 Thin mini-ITX Network Motherboard $204.00
Sabrent AD-LCD12 LCD Monitors 12V 6A 72W AC Adapter Power Supply $8.80
Premier Pro SP310 SATA 6Gb/s mSATA Solid State Drive ASP310S3-32GM-C $28.99
Crucial 8GB Kit (4GBx2) DDR3 1600 MT/s (PC3 - 12800) CL11 SODIMM $37.98
M350 Universal Mini-ITX PC enclosure PicoPSU compatible; $38.95
Total = ~$330

100% pfSense compatible, fan less, well supported Intel Ports, 64Bit and ready to build a full UTM device.

Read above as to why I need all the ports on the Intel NIC to work. The Link Aggregation/server section.
I need all the ports to be active so that they can give IPs to all the devices plugged into each port.
Unless there's another method to do so? I'm still learning so anything is helpful.

A proper fast Switch that will support VLANs could solve the situation.

I want to be able to use all the ports on the back of the Intel NIC as if they were a switch.

Use them as a single or combined (LAG) port(s) o you will be able to use routing instead of bridging.

Is a bridge the incorrect thing to be using?

Yes, in 99,9% it is the case! In some really spare cases and by very experienced admins that know what
they are doing it could be a hint or work around or the solution, but for the entire rest of all networking
peoples it should be forbidden or should not be used.

I read 2 or 3 guides I found through Google that say bridging is the way to do this.

This can be really nice for peoples to know how Micheal Schumacher is pimping or tuning his F1 racing
car, but for the rest of us this might be not interesting or matching well, driving a normal car in the town!

One of which is an ESXI 6.0 host while the other is a FreeNAS box.
I was also going to use link aggregation with the FreeNAS box to increase it's throughput.

A strong and fast switch and Intel based NICs it will be enough and if not, it is better to use a cheap
solution with 10 GbE or SFP+ because the LAG is not really nice for smaller networks, it was made to
solve problems where many devices or users are connecting to one device.

Intel Quad Port NICs
I would recommend to go perhaps if money or the budget is low, with 2 x Intel Quad Port NIC for
~$50 - $70 so you will get 8 Ports for ~$120 - ~$140! But why? A smaller Switch would be really
nice tranporting all packets nearly "wire speed" so if you connect your pfSense firewall and all other
devices to the Switch and you only own one IP address range or network the packets will not be needed
to push through the pfSense box! An LAG (LACP) is only making sense if many users or device are taking
from one device and LACP is working like this:

It will be using the first cable line until it is rendered and then it will be starting to use the next one
So you need really some applications that are rendering permanently the first cable line! And this is often
not really practicable and use able or to realize for a home network with 5 devices.

So a good suited switch will be the delivering the best effort and benefit to you.

All in all I would deactivate all the other NICs in the system and start using only the Intel NIC.
The Intel NIC is supported ok, but then do a config backup and do a fresh and full install of pfSense
only with the Intel NIC inside. If ports are rare, please buy a greater switch with more ports or get
a second Intel NIC with two or four ports. Thats it.

Thanks for the reply - that sort of confirms what I'd suspected.

The ConnectX-2 is supported but you will need to add a driver as I see it right.
Please do a forum search about this there was one very useful thread that was showing how to enable this cards.

Oh ok. But how about the APU series, are they not also overheating because of their small form factor?

With a mSATA, a modem and a WiFi mini PCIe card they will going warm for sure but without any problems
as I am informed right, there are no issues that the case or board will overheating. And the new APU2 is not
so long on the market that we will be able to have any kind of threads about that, so all in all the PC Engines
APU will be able to run pfSense without any heating problems. As I told before if VPN is not really the point
or main the need the APU or APU2 will be more tending to be a entry level device. But for some coin more
you will be able to get your hands on this device
and with RAM, PSU, case and a mSATA you will be more placed in the mid ranged level, also without AES-NI, but
powerful enough to route 1 GBit/s at the WAN port and built nearly a fully UTM device running for many years.

So it is not really easy to decide what to do, then you might be mostly have more and more a look over all
devices and your budget for sure also. You can buy cheap and be lucky or and vice versa.

If VPN will be actual or in the near future a really urgent point I would have to think about something
with AES-NI or if OpenVPN will be more coming on top of all needs you might be thinking it over and
decide to go with a INtel Atom C2x58 based SuperMicro board. But there fore we don´t know to less
about your concern and needs and situation.

What is the budget How fast is the Internet connection? How many users must be sorted with this pfSense firewall? What kind of spare parts are there? Or must you all part buying new? Is VPN or any packets really actual urgent to install or to use together with pfSense?

Status of Realtek NIC support and the importance of AES-NI?

Realtek NICs are also supported likes the Intel or Broadwell ones, but often the Intel ones
are coming with a better driver support and are often giving more throughput like the
cheaper RT NICs but the Intel NICs are often a little bit higher in the price.

The SG-2220 looks interesting, but doesn't appear to be sold in Europe making hardware support a little tricky. Supermicro is another option, but they are quite pricey. So I'm looking at stuff from Aliexpress which falls into the territory of "if it breaks, it's cheap enough to throw away".

Hm, you are asking for something from Alixexpress and then you ask also for a SG-xxxx unit from
the pfSense store? This are two really different worlds in my eyes, but the Sg-xx unit is more reliable
for you and more future proof in my eyes. They can be bought at the following stores here in Europe:

Volatech (Germany) Varia-store (Germany) Amica (U.K.) viatitude (France)

A full list of all resellers in Europe you will be able to see here under choosing "Europe" as your area.
Partner & Reseller list

What I would like to know is the status of support for Realtek NIC's like the RTL8111 and RTL8168, and how well they work for a typical SOHO setup. I know Intel is better, but I'm not going to be doing hugely intensive routing.

If you are able to get your hands on a device with Intel NICs I would suggest it, if not and the Realtek
chip sets are on the supported list (FreeBSD) you also can go with them with ease.

Also, other than accelerating AES VPN's, would AES-NI be useful for anything?

It would be only used for VPN, nothing else, and then at this time only IPSec over AES-GCM will be
getting a benefit or profit from AES-NI, but then something around x4 or x5 speeding up the entire
throughput. So in an ideal case the throughput increases from 100 MBit/s to 450 MBIt/s - 500 MBit/s
which is in my eyes really cool!

My ideal setup would be a Braswell ITX board with a i340 T4 card, but I can't seem to find a Braswell ITX with a x4 slot yet.

Did you ever thought about a Intel Atom C2x58 (Rangeley) based board? It will be able to get in three
different versions and it is really powerful. Also the new APU2 board will be a really good choice, perhaps
not really in this moment because the board is in the Beta stadium (B) and not in the consumer or distributor
stadium (C or D in the name of the board), but with 4 CPU cores, AES-NI and Intel NICs it will be really fine
for pfSense and enough for a home set up.

I have looked at the APU2, as I own an ALIX 2D3 which is still running without issue. I would use this for PFsense (in the short term) but the GUI is too slow to be used. It's currently running Halon Security Router without issue.

The APU2 is coming for nearly the same price or for a little bit more, but it comes on top sorted with;

AES-NI support Quad core CPU 4 GB ECC RAM Intel NICs

The main reason I'm not as tempted by the APU2 is the CPU might not be enough for Snort, based on what I've seen so far. So I think I would be better placed to wait until the recently announced Braswell desktop CPU's make their way into ITX boards with dual Intel NIC's.

It all depends on the Internet connection speed or the needed throughput, it will be able to run snort and
pfBlocker-NG without any issue, but the throughput you get then out is the point in my eyes.

How is the J1900 for PFsense? I've seen a number of fanless ITX boards with 4-6 Intel NIC's for about £100 on Aliexpress.

Again, you get what you pay for! And Alixexpress is not well known for quality parts, but more for cheap parts.
Here are two well known things that would be matching your criteria and will fitting your needs for sure, but
not cheap as cheap can sell! The Intel J1900 is from 2013 and the N2930 is the follower from 2014.
IntelN2930:

Best Board in my eyes
It can be used together with normal mini ITX and thin mini ITX cases and the PSU will be sticked directly
on the board nothing else is needed
Intel J1900: Axiomtek NA342 Axiomtek NA342R

It's over $400 in the EU,  which puts it into the range of a C2758 ITX system. It's a nice system but at that price other options look more cost effective for SOHO.

A C2758 Supermicro Board is at ~399 € here

RAM Case PSU SSD
You might be fast running into the ~600 € - 700 € and a Jetway board and spare parts is only landing
at ~400 € in total here in Germany. N2930 ~200 € case 50 € RAM 80 € mSATA 60 €

I can spool up a VM to build a ko file for it from 10.1rp25… Just get concerned about it getting smoked in an upgrade and losing access to it for whatever reason (like 2.2.7, etc) where it doesn't have it and wipes out the loader.conf.  I will have this box in a remote location so it's not trivial as WebConf is my only access.

Please take 2.2.6 and then install native the corresponding FreeBSD version and compile your driver right
and then copy only the xx.ko file over to your pfSense installation. Why should anybody from the pfSense
team do this for you?

2.3 is based on FreeBSD 10.3 so I would get a feature request in real soon to have the driver implemented if someone hasn't already.

This can be, but if there are other things under the roof that are not fine at the moment it´ll be perhaps not
really running or causing then more problems or the driver will not be floating in this version.

I'm kinda new around these parts.  Be more than willing to point the PFSense boys to it.  Seems Phabricator has closed this one…
https://reviews.freebsd.org/D3162

You ask for compiling it in the pfSense version and then you are to new for realizing it under FreeBSD?
Hm ok  then you might be waiting until it goes into the FreeBSD code pfSense is based on.

I'm just not to sure where it goes (in terms of next release for FreeBSD.)

We all don´t know where it goes and what comes at next, but better to ask in the FreeBSD list
or in the driver section to get this driver fast in.

Maybe the PFSense boys load it in the meantime until 10.3?

I would not say it is undroppable but you might be have more luck by compiling it for your own and
put it then inside of your pfSense version.

Ok, it looks like changing the SATA mode from AHCI to IDE solved the issue.

Thank you good to know.

pfSense is a software firewall based on x86 hardware. So any x86 hardware could be used to run it.
Sometimes perhaps some hardware is not really or 100% supported likes and well known by many
other operating systems also.

It's an ARM chip inside just FYI.

Again, pfSense is a software firewall based on x86 and x86_64 hardware, but there is no ARM port or fork.

Yes.

I have the Q1900M with 1x HP NC364T at the x16 slot,
and 2 PCI-e Gigabit adapters at the x4 slots.
These 2 Gigabit adapters are my WAN and LAN, the HP NC364T is for 3 separate LAN's and 1 DMZ,
this DMZ is bridged with my WAN interface.
At this DMZ port i can reach the maximum speed what my ISP offer me. (200Mbps down / 12Mbps up).

Grtz
DeLorean

That was it. I'm a dum.

Not at all, you're like many of us here: learning in the real world by doing  ;)

One little thing that can help others: update the title in your first post to include "[Solved]"

Glad you got it working…..

Travla T1220 1U Rackmount Dual Mini-ITX Case with 2x Removable SATA HDD Bays
All Ports at the back side.
19" DualRack System for PC Engines APU and others
The front panel can be customized!
Travla T2240 2U Rackmount Dual Mini-ITX Case
All ports at the back side

I mean all the ports should be able to be patched from the front.

If not it would be better or a workaround to connect them to a Switch and there the ports could be patched
better to other devices or ports.

@tirsojrp:

Even a modern Atom could do better with ~90% less power.

Thanks!, I went with that 6 port motherboard thingy in the vendors list.