The T10 definitely not. It uses a chipset with (probably) an ARM CPU and pfSense only runs on x86/64.

The M500- maybe. It seems Watcguard aren't listing the hardware specs any longer in much detail. If it's an X86 CPU then it may well run pfSense as long as Watchguard haven't locked down the BIOS. However they have use some non-X86 chips in similar appliances, the XTM330. The throughput figures imply something pretty powerful though. Check the boot logs if you can.

Fun project.  ;)

Steve

I am trying to add the ZTE Z915 as a backup connection, but I can't seem to configure it properly as an interface.  I'm using pfsense 2.1.5, and the internal LAN is 192.168.1.0/24

After plugging it in, the ZTE is recognized as ue0, and I can ping the interface at 192.168.0.153 (assigned by DHCP on the ZTE I presume).  I assume that 192.168.0.1 is the gateway itself.

For the gateway, I've tried both assigning both 192.168.0.1 and 192.168.0.153, and I've also tried leaving it blank/dynamic (see image), all options do not seem to be passing traffic through.


Thanks BlueKobold!  Running full filtering with Snort and Clam-AV we are pushing 320Mbps with this box on PfSense 2.2.4.  Very happy with it indeed!

The idea behind the dual SD/SSD is to have an SD that rarely, if ever, gets written to it so that the system's life could be extended.  The SSD would be to hold the logfiles and DB files.  If it ever failed the unit would still run just fine until the SSD was replaced.  Stepping up to a larger SSD isn't an issue as it would certainly extend its life but I'm not sure if it's overkill.  I would think that the logfiles wouldn't be that much, though.  Right now /var is only 2.9G and it has lightsquid files going back to last October.

We aren't very happy with the reporting in lightsquid, especially compared to the big guys like Sophos.  You mention using a RaspBerry PI2 as a logfile server.  What did you have in mind?  What package would you suggest it run?

We go back and forth on the wifi card.  It's not a necessity, but if there was an 802.11n class card that worked for us it might be nice to have in there to remove the access point we have now.

I appreciate the feedback.  Any other ideas?

@Jason:

Honestly, I wouldn't use either.  If at all possible you want a SSD with some kind of power loss protection.  The cheapest drive I'm aware of would be the Intel 320; you can pick them up on eBay fairly cheap.

Thanks. Don't want to spend money on SSDs, I already have 2 spare SSDs now :)  Regarding power loss protection, I'm not too worry about that because I connected router to UPS always.

I have a standard T5740 and there is no room for a NIC in there.

I haven't verified if the expansion module you point at is correct but you will need something to make the combination work.

So last info from the vendor is, it is as it is. They will not do anything.
For me this means, don't recommend hardware from them to anybody. Because do will not always delivery you what the have promised you.

@kejianshi:

Yes and no - You will need to do a simple 2 minute base install on the new drive and then restore the config (another 1 minute) from your current setup.

Does the restore process restores all the settings of installed packages? so that they can be used after re-installing all these packages so that we don't need to setup each package again (e.g. SNORT rules for WAN and/or LAN)?

Thaks for the advice but for the moment i have no choice but to try to use what i have.
I have to wait until fix, someone points me in the right direction, new PFSense distro or i find similar parts (mobo with no fan and DC-In Jack for power). Meanwhile the machine that i was planning to use for the PFSense box was turned into a small PC for browsing the web and i reverted to my old ASUS N56U.

The above, excluding the case/psu/SSD would go for around 300 USD. I am in Lebanon, hence my limited options. I might be able to find your suggestions, but it will be time consuming. I can get the above online without wasting time hardware hunting (which I am willing to do if there's a major advantage over the above list…)

The pfSense installation (FreeBSD inside it with all the pfSense code bundled together) is very small also. Fits in 1GB. You only need the smallest SSD, unless you are planning to use a proxy cache package and want to cache ginormous amounts of stuff.

Unless you have bucket loads of interfaces, rules, aliases with millions of entries, proxy cache that you want to keep in-memory cache of lots of stuff,… there is no point in adding more RAM.

Use the 64-bit install anyway on 64-bit capable hardware. All the packages work on 32 or 64 bit installs.

You can create VIPs on WAN for extra public IPs, forward those inside to wherever you like. That is in the standard install.

OpenVPN is part of the standard install. You can easily set up a Road Warrior OpenVPN server. Then give it the pass rules that you wish to allow Road Warrior access to whatever inside LANs or hosts/ports you wish.

TP-LINK TL-WA901ND allows usage of VLANs.

I have everything setup and running. 61ºC is the normal temperature, I'll post some statistics when I have time ;)

Thanks.

First of all, thank you for you suggestions and your help.

I have solved the problem.

I did what divsys suggested: I removed all units from the TP-Link and added them one at a time. Each time, I waited some hours to make sure things were stable.

When I added one of the accesspoints, an Asus RT-AC87U Router set up as an accesspoint, the connection disappeared again.

I then updated the firmware in the router and voila - it has now been stable almost a day :)

Greetings and thanks from
Lars
Denmark

Lesson learned though. This seems to be more and more important.

I created lagg0 for my 4 x NIC cards. After created it, I cannot see the original mac address for the other ther NIC cards.

This is normal! If you create a LAG (LACP) you will be setting up a primary or master Port and then you add
the secondary or slave Ports, and for the whole LAG, that is acting now as only one interface shown from
the outside, is now showing then the MAC Address from the primary or Master Port of the LAG (LACP)!!!

Can I get it without breaking the lagg0?

in shell command # ifconfig Under the DHCP lease information If you reboot the machine in side of the BIOS Perhaps by using an external program likes the Colasoft mac scanner Under the point "interface assignments" in pfSense you will perhaps see them looking in or showing the ARP cache or the ARP table (Diagnostics > ARP Table)

Something like this is similar to mine:
http://www.ebay.com/itm/Intel-BOXDCCP847DYE-DCCP847DYE-Celeron-847-SODIMM-NUC-Mini-PC-Kit-O4-S-/351451082566?pt=LH_DefaultDomain_0&hash=item51d41def46

No links earlier due to not knowing if I was allowed to post them…

EDIT: That one needs RAM and a HDD and a power cord, my bad for not noticing earlier

EDIT2: and one that is complete: http://www.ebay.com/itm/SmartVue-Intel-NUC-Kit-DCCP847DYE-Mini-PC-Intel-1GHz-CPU-4GB-RAM-16GB-mSATA-SSD-/221835008683?pt=LH_DefaultDomain_0&hash=item33a6659aab

The Alix APU is here in Germany around ~220 € as you will see it at the Yawarra store, and will be shipped
international, also to Australia, but then the tax and shipment cost comes on top, so that you will have a price
range near by the given one as Yawarra is shown in their shop. This would be even then the best to have a
closer look on parts from Australia directly, perhaps something used or refurbished?

I understand. But after following post after post and blog after blog, it just seems that my TCP performance test is a little low. Is this expected? I'm also shooting for over 10Gb/s with LACP, but I'm just not getting that. Not quite sure where I'm going wrong here.

That Nexcom unit is pretty nice too. It comes from some kind of Taxi, Limo or Bus. It had disk intact and I was checking out the cellular data method  for Video-Push the Local NYC TV station was using to put content on the box. Looks like the computer was used for digital signage, maybe Wifi hotspot too.. I like seeing how stuff works…Especially custom apps like it... Reverse jigsaw as you try to figure out what it does without passwords or instructions.

For $48US bucks shipped a killer deal..An As-IS gamble..

The 3 pin phoenix connectors are 5ea. for 5 bucks...
http://www.ebay.com/itm/261485196352

How will a i3 Haswell, for instance 4370 compare to something like a E3-1225 or 1230?

Here is a link that compares both against. Intel Core i3-4370 vs. Intel Xeon E3-1231 v3
The main goal would be things such as;

double of cpu cores for the Xeon Turbo modus on all cpu cores for the Xeon internal L2 + L3 cache is double for the Xeon

Also for QuickAssist, I couldn't find any concrete information on what CPU has support for it.

In you initial post you were asking for two mainly things, that must or should be given, AES-NI and ECC RAM
and the QuickAssist Technology is one point on top of this, but not really inserted to pfSense at this time.
They are working on as I am informed, later it could be a little features that comes on top of all units that
are sold by the pfSense shop or has it plain integrated. It will be speeding up such things as crypto work,
compression workload.

I can't answer your Xeon question, but the only platform that directly supports quick assist is
the C2xx8 platform.

In the most new Intel CPUs AES-NI is working in and in some rarely cases also QuickAssist is
enabled also, but the most benefit from this Technology would be pointed to the "smaller" SoC
based platforms, but not only! There are two QuickAssist accelerator cards made by Intel.
Intel QuickAssist Technology

And on the bottom line of the pfSense shop offerings you would be able to rad the following
statement about it:
Future pfSense distributions will have support for QuickAssist. AES-NI support is included.
So I really thing it would be more important as we all can imagine at this point of time.

A SG-2440 or SG-4860 could also matching your needs and fitting your wishes.
But to answer this really you should tell us more about this point.  ;)

You are better off with an i3 (with aes-ni) than a celeron + hifn accelerator card, same sort of price range.

http://us.hardware.info/reviews/4993/26/intel-core-i3-4330–i5-4440-review-affordable-haswells-benchmarks-igpu-truecrypt-71-aes-+-aes-ni

While not OpenVPN or IPSec (which likely would be higher) - 2.1 Gigabytes/s worth of performance vs  250 megabytes/s