"Selection of network cards (NICs) is often the single most important performance factor in your setup. Inexpensive NICs can saturate your CPU with interrupt handling, causing missed packets and your CPU to be the bottleneck. A quality NIC can substantially increase system throughput. When using pfSense software to protect your wireless network or segment multiple LAN segments, throughput between interfaces becomes more important than throughput to the WAN interface(s).

NICs based on Intel chipsets tend to be the best performing and most reliable when used with pfSense software. We therefore strongly recommend purchasing Intel cards, or systems with built-in Intel NICs up to 1Gbps. Above 1Gbps, other factors, and other NIC vendors dominate performance."

That didnt came form my authory, it was extracted from:

https://www.pfsense.org/hardware/index.html#sizing

So be carefull with NIC selection  :o

a modem that is supported by Linux and the German Telekom and then you install Linux on a
RaspBerry PI 2.0

I have used this approach. I have used OpenWRT for a modem OS and any simple SBC or supported old router with USB stick and OpenWRT as a WAN provider.

I was replicating the Sierra GX440 the cheapest way possible. I used an older Atom SBC.

@aGeekHere

hmm only getting half of that

With Squid installed it would narrow down the entire speed for sure, you should be
able to measuring the throughput like Panja was doing, plain install and then from port to port
between two PCs with iPerf.

I am awake.  Laptops/Notebooks are PC's.  So are NUC's, and other NUC style devices.  And in many cases make good pfSense appliances for far less than 70w.

You can't typically change the driver for a card. The driver is detected and attaches automatically.

The interfaces are named after the driver used, e.g. igb, em, re, bce, and so on. Checking the "ifconfig -a" output and the boot log (cat /var/log/dmesg.boot) can provide some additional info.

We're running pfSense on Linux KVM, Citrix XenServer and VMware ESXi environments quite well up to 100/100Mbit speeds.
More requires more CPU/RAM and some tweaking.
Generalny KVM is better for most cases unless You need VLANs.

Problem Solved:

I got a new wifi card (it got a AR5B125 chip) and everything works perfect now, however it still doesn't work in the PCI slot with the SIM card (same issue as the original card, no errors, just no wifi singal).

I guess the other card is defective.

For this CPUs inside Cisco is writing their own Code and Firmware called Cisco IOS.
So I am really sure that you wouldn´t be able to run pfSense on this machine.

I'm posting this just anybody else comes looking for it. I was able to get pfsense 2.2.4 working on a Liva X. First, I had to install an mSATA SSD in order to utilize the "Legacy" boot option. To enable the legacy boot option, you tell it that you want to boot Windows 7. Then I just installed pfsense to the SSD using a thumb drive and everything works great. I was even able to get a VLAN setup with an old DD-WRT router so that I only need the one ethernet connection.

Will check that. Thx. It's 600 Ina huge number don't know exactly but probably 0.1 percent but I would still like to know why when wan has zero and lan out is zero. Only on in

Ok so your setup has some physical layout issues.

Can you describe where your pfSense box and each of the two switches resides?
I'm guessing here until you can provide more information.

The VLAN's you've very briefly described look like they might be used to allow for external (WAN) IP's and internal (LAN) IP's on the same switches.
Is some of this setup yours and some part of the building's equipment or is this all put in place by you?
Can you describe what the VLAN's are trying to accomplish?

You've also mentioned "APU's" as in plural - more than one - yet your diagram only shows one unit.

The actual physical and logical layout of your network is important in order for us to help you out with your problem.

Generally speaking is my build with the 5150 am1 sufficient for pfsense or will it require more cpu headroom?

Generally it would run for sure on it, pending on the support for the mainboard.
But related to the CPU and RAM it would be really nic running. But don´t expect to much
from this device owed to the throughput.

About the only option you have to seriously increase the throughput on the APU is to fit Intel miniPCIe NICs. I've not tried that myself (or even seen it) but one user here reported ~600Mbps. Of course his testing may have have different to yours. They aren't that cheap though and require modifying the case or re-casing etc.
300Mbps does seem low, I've seen reports of 350-450Mbps in real world conditions. Again the testing methods could have been very different.

Steve

I was wondering what max throughput rates everyone was seeing with their build?

This purely depends only on the used hardware, as I see it right.  ::)

I have a brand new intel nuc Celeron with a 2820 processor and 8gb of ram.  With suricata enabled on the wan I'm maxing out at 85 to 90 mb/s.

And without IDS/IPS (Suricata)? What get you then?
I mean with pure firewall enabled.

Normally this would be pretty good, but  my time warner internet is 300 down/20 up so I need to rethink sizing.  Only 7 watts though :o).

Nothing from the time warner streaming must be inspected or AV scanned by ClamAV or cached over the
Squid proxy. Disable all but not the firewall doing SPI and NAT and see what you get as throughput.

I have experience with x520-da2 adapters in my nas systems. With freebsd 9 i had to load external intel drivers and tweak ringbuffer settings to get it working.
When i upgraded to freebsd 10.1 this was all working with included drivers, and needed no manual tweaks.

Saw close to line speed with mtu 1500 and iperf, and copy speeds from spinning disk of 828MiB for 25TB volume with zfs send/receive using mbuffer. I saw no need to go to larger MTU, it did not make it faster for me. Only CPU load was little lower (Xeon e3-1220 in the nas units)

I'm pretty sure any Intel Pentium M will work. There are two types: Banias and Dothans.
https://en.wikipedia.org/wiki/List_of_Intel_Pentium_M_microprocessors

The Banias are earlier (slower) CPU. Dothans are newer, and is able to reach fsb of 533MHz vs the other fsb: 400MHz. The stock Watchguard x550 cpu is Banias.  If you want to upgrade to Dothans just put your processor in and change the dip switches.  If you have the wrong setting nothing will happen, it wont boot.

I think the Pentium M 770 (2.13GHz) is the best choice for upgrade. Probably find it on ebay for $5. The fastest Pentium M 780 (2.27GHz) is overprice. About 4x to 5x more in price for 100MHz of speed is not worth it.

The motherboard has specify dip switches to move to position for either type. There are two sets of dip switches, one by the north bridge and the other by cpu. Looking at the switch, the settings are listed next to the switch.

I have gigabit fiber coming into my place, and then pfSense running on an APU 1D4 board, and I get a maximum of 330mbps throughput.  I think the APU is the bottleneck.  I have a high-speed gigabit switch and I'm using CAT6 everywhere in the house.

So I'm guessing 1D4 WON'T cut it as previously suggested.  But now I'm wondering what I should replace my pfSense box with… cheaply and silently. :)

I'm very late in on this, I only started with pfSense a couple of days ago, but I too had the same problem as the OP.

It's a permissions issue. You need to set the permissions on the following 2 files to 0755:-

/usr/local/sbin/fanctrld.sh
/usr/local/etc/rc.d/fanctrld.sh