@BlueKobold:

All it takes is taking to units and performing an actual test across a gigabit switch…

This way I don´t love to see, because this is then not really interesting. Better to go by a 1 GB line
and see what between two boxes would be able to handle is a right way in my eyes.

Performance numbers on data sheets are almost always in "ideal scenario" environments. If they're measured the same way as the non-AES-NI numbers, they are a good comparison.

So… since 2.2.4 is released in the mean time: any update when these numbers can be expected?

The http://store.pfsense.org/SG-4860-DUAL/ without the second unit might be a low noise option that is rack mountable.  It still has the power supply external.
They would have to be special ordered.

It might be possible to qualify a "premium" – quieter fan for the chassis, if there was enough interest.  We'd have to stock a second set of fans and run a thermal qualification test.  There might be a minimum order quantity requirement, depending on if there was enough interest. 
The downside I see with this, is that the current 1U offering is designed for maximum thermal performance, most things that can be done to decrease the noise are going to decrease the maximum operating temperature.

When you have a firewall mounted in a cabinet/rack in a closet, that has no air-conditioning it can get very warm.  We've seen units in the field that are reporting 120F/48C,  The "official" rating for the 4860-1U is 50C ambient temperature.  It can probably safely run a fair bit more than that.  The CPU is rated to safe operation up to its thermal shutdown point of 100C, but the CPU is always going to be warmer than the ambient, and the power supplies are not rated to 100C, so things get complicated quickly, designing a system.

Nope, it's more like SG-2220 starts to be available now.
At the Voleatech store you can pre-order them.

Motherboard..

This is the main component of any PC , Server or appliance! The CPU, RAM and drives and all other devices
are connected to this main component. Small means the CPU, RAM, PCIe card, miniPCI(e) card SSD/HDD.

@queens:

Thanks for the help!

I'll be trying it soon.

You should not wait as I see it right, do it now, there is no other trick or tip to surround this situation.

Has anyone benchmarks?

If you use a PC Engines APU 1D4 board you might be enabling the PowerD (high adaptive)
option that might be realizing more throughput by using the CPU in another way.

No issues at all in my main PC.

em0@pci0:4:0:0: class=0x020000 card=0x11bc8086 chip=0x10bc8086 rev=0x06 hdr=0x00     class      = network     subclass  = ethernet     cap 01[c8] = powerspec 2  supports D0 D3  current D0     cap 05[d0] = MSI supports 1 message, 64 bit enabled with 1 message     cap 10[e0] = PCI-Express 1 endpoint max data 128(256) link x4(x4)                 speed 2.5(2.5) ASPM disabled(L0s)     ecap 0001[100] = AER 1 0 fatal 1 non-fatal 0 corrected     ecap 0003[140] = Serial 1 001b21ffff95f5fc   PCI-e errors = Non-Fatal Error Detected                 Unsupported Request Detected     Non-fatal = Unsupported Request

Now that this bit is sorted I guess this is where I go silent and find a way to get it working on the intended hardware. Thank you.  8)

I think you've nailed it. Our setup is:
Internet –- ISP --- Cisco Router --- transparent pfSense --- LAN Switch

Running in transparent mode is perhaps a so called fine thing, but bridging ports together
brings often more then one failure or problem in the game, likes;

port flapping packet loss packet drop

We have a single 100Mb/s link from the Cisco router to pfSense.

This is in my eyes then the bottleneck here in the game.

It's only the link to the LAN switches that had the LAGG, which was 2x 1Gb/s links in LACP.

Try as suggested the round robin method for filling the pipe constantly.

I'm guess it's this mismatch that is throwing things out.
I'll wait for the router to be upgraded first before testing matching LACP LAGG on both sides.

Would be the best in my eyes too! Or go by 10 GBit/s from the router to the pfSense and then with
10 GBit/s from the pfsense to the LAN Switch, it would be better in my eyes.

I'm going to remove the LAGG group from our LAN to go down to a single NIC both sides of the pfSense bridge.

Ok

Unfortunately, the ad went down two days ago and I didn't recieve any feedback on shipping.

Has anyone had their card(s) shipped?

EDIT: After asking the seller whether he'd ship the card, in less than an hour, ebay has decided to interfere and refund me in full. Whatever this guy was doing, ebay didn't appreciate it…..

It's also silkscreen printed right on the PCB next to the power connector :-)

7-18VDC, though the text specs say up to 20.

How do I configure them to present a standard SSID to the house?

Wireless Interfaces

Yes it's overkill and more power but it gives me more options

For sure it will! You will be able to run all packages you want and with a sufficient
SSD drive this will be a really hardcore pfSense box! You can be;

under performed = nothing goes right performed = all goes but with small or no headroom over performed = likes "right performed" but for a longer time of usage

What's a good Intel quad NIC? I see a lot on eBay, some Dell branded, etc.

Intel NICs would be the best choice!
$18.99 Intel i350-T4

@BlueKobold:

In our company we had not only one times a problem with this boards or their IPMI LAN Port

Maybe you just don't know about the problem.

https://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_July_2014
https://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013

Once you enter 'boot' and press return it should continue booting.

Steve

Thanks. Mine just came in the mail today. They look nice. If these make too much noise I'll try those.  Just waiting on super micro fan holders and then I have everything for my build. Let the frustration of install begin :)

I see that Netgear sells a MiniPCI solution.

It is Netgate not Netgear please!  ;)

http://store.netgate.com/Soekris-VPN1411-Crypto-accelerator-P319.aspx

If someone is owning a miniPCI or PCI slot he could get better VPN performance with his
pfSense. under pfSense 2.1.5 here we got:
IPSec AES-128 ~42 MBit/s instead of ~13 MBit/s (nearly 3 times)
IPSec AES-256 ~30 MBit/s instead of ~12 MBit/s (nearly double)

So if your pfSense firewall is up and running and for the rest of your tasks are liquid enough
but not the VPN, it could be a really gain for those peoples! And not only the pfSense users
have a closer look at this cards! the Soekris vpn1411 & vpn1401 are also supported under;

ClearOS OpenWRT ZeroShell OPNSense (mOnOwall)

What happened to this market?

Still alive, but in the most cases crypto cards are prohibited to export from the USA and also to import
in many countries!!! And so this small card are really able to get for the end users and home users.
They are on sell and this for also a longer time as I see it right!
Both Soekris VPN adapters (different throughput!)
Exar
Comtech AHA
Cavium

If the amount of the VPN users, connections, throughput or anything else related to the VPn stuff is going to
big, mostly VPN servers would be bring the best effort to offload the entire Firewall from this tasks and gain
more throughput on all "machines".

I would think someone would make a solution without the binary blob aspect of the cavium stuff…

Cavium crypto accelerators are often more to find inside of Routers and Firewall soldered on the boards.

Did Intels adoption of the AES-NI instructions kill this market? I think an external processor is an excellent approach.

If you can get your hands on a C27xx SoC based machine it would be better to go with Intels AES-NI
and yes I think we will see in the future time also perhaps a better support of AES-NI with counting
higher numbers. The AES-NI is only integrated in smaller or lightweight CPUs or SoCs to push them
up really. In greater installments Intels QuickAssist adapters will be needed!

AES-NI/QuickAssist and performance increase in low power CPUs is definitively killing the market for such device.

Where crypto accelerators are prohibited it would be a really win for all users for sure, because "they"
can´t cut of the main CPU!

With QuickAssist there's no need for additional hardware and less compatibility issues.

Absolutely not in my eyes. It would be more the the need for Intel Quick Assist Server Adapters

For sure you will not need to install one crypto accelerator card and one de/compression card
you only need to install one card. But this cards should be not able to buy for all home & SOHO
users and not able to pay for those clients also! the other both cards are able to pay for, but then
they must be also supported by the entire OS likes FreeBSD or pfSense!

We where placing in each branch office a smaller VPN Server and at the central office a bigger VPN server
to gain the throughput and now we are waiting for the Comtech VPN and Compression cards to do some
testing together with CentOS and ClearOS. And the compression cards we where installing on several Linux
and Windows based servers to get more throughput and speed in the entire corporate LAN with great success.

support use of both 2.4 and 5GHz radios simultaneously?  Or is it a case of either 2.4GHz or 5GHz but not both?

2,4GHz or 5GHz only likes @Phishfry was explaining first.

Are there any "gotchas" with this adapter that I should prepare for?

Buy an external WLAN AP and connect him to the pfSense! It would bring you up to the latest standards
and the best connectivity.

Yes, that card would have surely made things easier!

The cooling should be ok. I followed the instructions you posted and the case had a marking inside to place the alu heat spreader.
You never know, but I think this aspect should be ok.

Thanks for your comment!
'Norbert

Don't cross the streams.

Okay, to close out this thread (yes Fahrenheit…).  The box was RMAed and promptly swapped out for a new one.  All is well so far. Great hardware support!

Thanks,
Mike