• WGXepc Automatic Fan Control on Firebox X750e

    6
    0 Votes
    6 Posts
    2k Views
    R

    I'm very late in on this, I only started with pfSense a couple of days ago, but I too had the same problem as the OP.

    It's a permissions issue. You need to set the permissions on the following 2 files to 0755:-

    /usr/local/sbin/fanctrld.sh
    /usr/local/etc/rc.d/fanctrld.sh

  • New USB LAN device

    6
    0 Votes
    6 Posts
    1k Views
    I

    Hi,

    thanks for this hint. Unfortunately my Adapter has also a AX 88772b chipset.

    Anybody else?

    KR
    Itchy2

  • Cheep hardware for 1gb/s symmetrical

    2
    0 Votes
    2 Posts
    697 Views
    ?

    I have a optiplex 745 slimline

    GHz ?
    CPU?
    RAM?
    HDD/SSD?

    How many services, features or options will be installed, offered or used?
    To come closer a Intel Celeron G3260T @3,2GHz is able to route a 1 GBit/s connection and Snort on top
    but then nothing more should be coming on top of this because this will be then all slowing down the
    CPU and also the entire performance of the pfSense box.

  • A1SRi-2758f - no beep?

    7
    0 Votes
    7 Posts
    2k Views
    R

    This is NOT about POST beeps, but the sound pfSense plays through the speaker after it finishes booting up, and before halting/restarting when issued by the administrator. This tune is not played by Supermicro boards for some reason.
    It's also not played by the HP t5730 Thin Clients I also have running pfSense on, but strangely I was not able to get Linux to make any sound using the "beep" command either.

  • PfSense Appliance with 4GB Storage - Squid + SquidGuard?

    6
    0 Votes
    6 Posts
    3k Views
    M

    Hmm interesting. I will see if my management will go for the SG2440 + 30GB option.

    Although most of my traffic will be https (which I understand cannot be proxied?), I'm unsure how much Squid would end up storing in its RAM- or HDD-cache.

    Thanks for the assistance and approach, BlueKobold!

  • MOVED: pfsense auf Barracuda Phion sintegra s

    Locked
    1
    0 Votes
    1 Posts
    493 Views
    No one has replied
  • SuperMicro 2758 IGB questions

    4
    0 Votes
    4 Posts
    899 Views
    D

    Thanks for help guys..all up and running and working great…time to install some packages :)

  • New home pfsense build questions

    2
    0 Votes
    2 Posts
    1k Views
    ?

    -web content filtering

    Squid & SquidGuard can do  this well.

    filter out facebook, adult sites, etc
    Is it possible to force "safe search" on google searches and also content filter youtube?  I don't mind to allow kid friendly video's but filter out PG-13+.

    Better to open an OpenDNS family Account for this.

    layer 7 filtering.  How robust is this?

    Works good but it is "eating" much pwer and narrow down the performance from the
    entire pfSense box! A really power hungry service!!!
    An Intel dual core or quad core i3 or i5 would be sufficient to do that job right and
    delivers also much throughout to your network.

    VPN - I have an IP camera that would be nice to access from the outside through VPN.  (only one or two max vpn sessions at a time)

    IPSec or OpenVPN would be no problem. A CPU with AES-NI support is pushing those action much.

    dynamic dns - have an dyndns account, would like to use this to access the VPN

    Ok

    Run wifi access point , probably with captive portal. Is it better to use wifi-card attached to the firewall or use ethernet to a linksys router/AP.

    If you have fancy new devices or you will need ac support you should better go with an external WiFi AP
    that can be then using the Captive Portal from pfSense also.

    Hardware I have:
    AMD socket 939 opteron 148 (single core @ 2.5ghz)
    2GB RAM
    128GB SSD
    currently only onboard NIC but plan to add Intel PCI-E dual nic.

    Pending on the named services and wishes I would be really looking to an Intel Core i3 or i5 CPU
    with quad cores or an Intel Atom C2x58 SoC.

    Since pfSense 2.2.x and above it is a better multi core support that makes it better for us all
    to profit from that feature. So why not going with a multi core CPU?

    Older hardware can be really running pfSense as a firewall with SPI/NAT and perhaps VPN jobs
    but then on top with Squid & SquidGuard & DPI & Snort there will be also mire need of power
    to get a good throughput out of the box.

  • Pfsense hardware lacking important info

    11
    0 Votes
    11 Posts
    2k Views
    K

    Bottom line is there should be estimated calculations on performance.  Netgate even had it for the ALIX and it was pretty accurate to what I got for VPN between 2 alix boxes.  But those were machines that I built and installed the OS.  When buying a system that has been purpose built just like Cisco, Juniper etc..  a company should give statistics on what the box is capable of.  Again everyone states these are estimates but generally those estimates are pretty accurate.

    Say what you want but the bottom line is I cannot risk my business on a solution that when it comes to the systems performance has a bunch of ??????.

    Don't misunderstand where I am coming from.  I have been using both m0n0wall and pfsense for over 10 years now.  I have been building them for customers for this entire time and have more than 50 units in production environments.  I want to support the pfSense project buy buying their products rather than building my own which building my own is much more profitable.  But if I am going to do that then I need a complete solution and it should include what the machine is capable of.

  • Problem with interfaces

    5
    0 Votes
    5 Posts
    850 Views
    ?

    There is anything in BIOS… There is another solution to use that port as a normally NIC?

    In the BIOS or the Firmware of the ILO Port must be something to let this port work likes a normal LAN
    port, otherwise it is not able to set it up to use as a normal LAN port as I see it right.

  • Intel X540-T2 10GBe link problems

    3
    0 Votes
    3 Posts
    2k Views
    H

    Got from eBay? I couldn't imagine ever soldering a device under warranty.

  • Gigabit Service with Supermicro A1SRi-2758f

    6
    0 Votes
    6 Posts
    2k Views
    ?

    Between tests, the speed will vary between 45-200Mbps. Are the HTML5 based tests not as accurate?

    They all have one criteria that can not be wiped away, by using this tests for getting a result you
    will even and only get "something around" numbers about your Internet connection:

    The quality of cabling infrastructure of your household and during the city you are living in How many peoples are using this test server at the same time? How long is the distance from yours to the test server? Is this test server owner paid by some or more ISPs for good throughput numbers shown to their customers? How many customers of your ISP are sharing together one router on the ISP side? How much is going in the entire internet during this test? Saturday morning were all a sleeping or car washing,
    or shopping, or cutting the green or…... There will be less traffic on the entire Internet and you will be getting
    probably better numbers as Friday evening, or am I wrong with this?

    Just to clarify, you are speaking about the HTML5 sites or all test sites?

    HTML5 or Ajax based is not the real thing in my eyes, the reaction time is relevant to this
    numbers what does it mean, having on the test side a HTML5 page loading and the freaking
    server is overloaded?

  • Zyxel GS1900 managed switch plus Lenovo Q190 (single NIC) runing pfSense

    4
    0 Votes
    4 Posts
    672 Views
    R

    Good picture!

  • Yet another - Help with hardware - question (but with a hardware list)

    4
    0 Votes
    4 Posts
    871 Views
    L

    Thanks for the reply!

    It´s not a must that the wifi is internal with the motherboard. It just seemed like a good idea to get one of those instead of installing a seperate wifi card on it.
    But maybe it´s a better idea to get a motherboard with 2 ethernet ports and no wifi and then use the old wireless router as a wifi accesspoint/extender (don't know what it´s called). ?

    The specs of the media server is a dual core 2ghz intel core duo with 4gb ram (A 5 year or so old computer). It works fine for HD streaming to chromecast. But I doubt it would be enough power
    to use it for pfsense at the same time. Especially if I want to use VPN.

  • My Pf sense firewall uses 2GB RAM

    4
    0 Votes
    4 Posts
    1k Views
    F

    @shehan31:

    @cmb:

    You'll have to switch to 64 bit to have 4 GB of usable memory. You're nowhere near using the 2 GB you have so not sure there's a pressing need to bump it to 4 GB. Still would be a good idea to switch to 64 bit assuming it's a 64 bit CPU.

    So what will happen if I plug other RAMs.

    You end up with more unused (wasted) memory.

  • New install on HP Compaq 6300 SFF (i3-3220)

    5
    0 Votes
    5 Posts
    2k Views
    S

    Probably 9 - I've already got the back up config saved ;)

  • What impacts performance?

    3
    0 Votes
    3 Posts
    4k Views
    ?

    I know the amount of packages you're using affects the performance (throughput) you can expect, but on a hardware-level, what performance can you expect from what kind of hardware?

    This is owed on so many points that it is really hard for someone to answer this question right now!
    Which packets are you running and what is your config? You have no need of massively DPI usage
    but I am using this and so we both have a 100 MBit/s Internet connection up and running and I am
    running a Intel Xeon E3-1286v3 @3,4GHz and you only an Intel Atom D525 and we both gets around
    ~60 MBit/s - 80 MBit/s throughput, but on my side the DPI is running and on yours not!!!! Thats it.
    Please have a closer look at pfSense hardware

    Overall it's really hard to find any performance numbers on pfSense-boxes, like some kind of sizing-guide…
    I have found http://www.firewallhardware.it/en/pfsense_selection_and_sizing.html which is an interesting read, but there's a big difference between for example their UTM4 (INTEL® Atom Dual-Core Processor D525 (45nm,1.80GHz,1024MB L2 Cache)) and their Power UTM (INTEL® Core™ i7-3740QM Processor (6M Cache, up to 3.70 GHz)): performance numbers are about 50% higher, but the CPU has double the amount of cores running at double the speeds.

    A router is not a firewall and a firewall is not a UTM device!
    Comparing them against is like;

    pfSense only and 1 GBit/s WAN connection = Intel Celeron G3260T is sufficient pfSense SPI/NAT/Firewall only = Intel Atom C2358 is sufficient pfSense & Squid & SquidGuard & Snort = Intel Atom C2758 would be sufficient pfSense & Squid & SquidGuard & Snort & HAVP (ClamAV) = Intel Xeon E3-12xxv3 would be sufficient

    Each firewall rule, each DPI usage, each IDS/IPS usage and HTTP-Proxy or AV Scan on top
    is slowing down the entire pfSense firewall.

    My box has gigabit NICs, but what does affect the attainable speeds? The CPU? The amount of CPU-cache or cores or clockspeed?

    All together want to make it a round thing!

    The RAM: the amount or the clockspeed?

    Unix, BSD and Linux cant have enough RAM, if you install much packets and activating much services
    and then you feed it with multiple GB WAN connections, both is really urgent.
    The best at these days is to go with ECC RAM at 1600MHz or 1866MHz
    2 GB Firewall only
    2 GB - 4 GB Firewall & IDS
    2 GB - 8 GB Firewall & IDS & Proxy
    8 GB - 16 GB Firewall & IDS & AVScan & highing up the mbuf size & using a greater amount for Squid
    16 GB - 32 GB all above and massively VPN connections from road warriors.

    Running from CF vs HDD vs SSD?

    CFCard = read only = more secure
    HDD = cheap + huge storage and fast
    SSD = more storage and super fast

    In my setup, there are two WAN-connections (up to 100mbit) connected to my pfSense box, there will be NATting, port forwarding, WAN loadbalancing and failover and some rules to direct traffic through one or another WAN-link.

    Dual WAN & Load balancing

    service based session based policy based

    An Intel Celeron G3260 @3,2GHz, 1 SSD, Intel Quad Port  server adapter and 2 x 4 GB
    should do the job fine, perhaps snort on top will also running smooth and liquid.

    On the internal side, connected to a gbit switch there are some internal VLANs defined with firewall rules between them. I assume that's nothing exotic. Can I expect to reach that 1gbit speed internally?

    For hwo many and what art of clients this must be running? How many data will be pumped through!?
    Why not buying a Cisco SG300-28/48 switch and let him do it in wire speed? Why all the firewall or
    router must do it? This on top and the Celeron G3260T is not able to do as I see it right!

    What if I want to do IPSec in the future: are VPN-cards still the way to go, or are AES-NI-capable CPU's a better way?

    This is quite and still easy to answer for you and me and the most peoples here in the forum it will be
    the AES-NI solution, at work we were starting setting up VPN servers based on CentOS & SoftEtherVPN
    with de-compression cards and VPN crypto accelerators to get the last bit out of any connection.

    So if I see it right you should go with an
    Intel Xeon E3-1231 or 1241

    with Intel Quad Port Server adapter
    Intel Core i5 but then the greatest you can get your hands on with Intel Quad Port Server adapter
    Intel Atom C2558 or C2758

    The SG-xxxx units from the pfSense store could also something for you!

  • PCI Single-Board-Computer as a NIC?

    5
    0 Votes
    5 Posts
    1k Views
    K

    @BlueKobold:

    If you have a Core i3/5/7 or E3 or E5 CPU system it would be enough to run virtual pfSense
    on Hyper-V or ESXi, today there is no need of this cards for visualization,

    As above - Modern enterprise grade hypervisors are very secure, there is no need for a pci-single board computer these days.

  • Intel Celeron G1610T / Xeon E3 1220L

    3
    0 Votes
    3 Posts
    2k Views
    ?

    I am really fond of the 1220L. A 20W chip with AES-NI…Cost is like 5x more though. So depends on usage. If your using VPN or loads of packages use the 1220L. If just a starter box I would use the G1610T unless you are seeing your cpu usage at high levels..Are you using a headless arrangement?

    20W with good speed.
    http://www.cpubenchmark.net/cpu.php?cpu=Intel+Xeon+E3-1220L+%40+2.20GHz

    35W and slower
    http://www.cpubenchmark.net/cpu.php?cpu=Intel+Celeron+G1610T+%40+2.30GHz

  • All parts ordered..anything I need to know before install

    2
    0 Votes
    2 Posts
    688 Views
    S

    Have you ordered this yet? If yes..Same one I am looking for…Can you please share links where you purchases? ...Thanks

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.