Thanks BlueKobold! Running full filtering with Snort and Clam-AV we are pushing 320Mbps with this box on PfSense 2.2.4. Very happy with it indeed!
The idea behind the dual SD/SSD is to have an SD that rarely, if ever, gets written to it so that the system's life could be extended. The SSD would be to hold the logfiles and DB files. If it ever failed the unit would still run just fine until the SSD was replaced. Stepping up to a larger SSD isn't an issue as it would certainly extend its life but I'm not sure if it's overkill. I would think that the logfiles wouldn't be that much, though. Right now /var is only 2.9G and it has lightsquid files going back to last October.
We aren't very happy with the reporting in lightsquid, especially compared to the big guys like Sophos. You mention using a RaspBerry PI2 as a logfile server. What did you have in mind? What package would you suggest it run?
We go back and forth on the wifi card. It's not a necessity, but if there was an 802.11n class card that worked for us it might be nice to have in there to remove the access point we have now.
I appreciate the feedback. Any other ideas?