Thank you everyone for your assistance.
Just got off the phone with pfsense and after board resets, it appears that I have a faulty
board. They issued and RMA and I am returning it for a replacement.
Great people great response and service. This is a new system and board and faulty boards are very rare, so unfortunately I got a lemon. Shit happens !

With respect to the pe-configured SG-4860 or any other for that matter, there is NO reason to connect through the serial console port. The appliance has a DHCP server pre-configured and should provide an IP address when one connects to the LAN port.

(BTW, the console cable is a standard USB to Mini-USB cable nothing fancy. The UART chip contains the serial interface with the proper configuration which does NOT require a NULL MODEM cable. That information in the documentation is a remnant of older systems.)

I must note that both SSD and SYSTEM LEDs were solid RED which was an indicator that there was an issue with the board. The engineer at pfsense had me do a jumper change and board reset but without success. So back it goes to Austin and will impatiently await the replacement.

thanks again for all your help.

@Phishfry:

I see from the pdf yours has 1M hrs/mtbf. The endurance charts shows it all. Not a bad choice.
If running Full you need to tune.

OK.

Thanks a lot.

From what I understand from reading up on the forum, Rangeley pushes accelerated VPN into the hundreds of megabits already.

But this is also hard pending on which model is soldered on the board.
At this days the Rangeley SoC is really rocking if the OS on it is using
the AES-NI instructions and for sure for vpn tasks.

QuickAssist would take this into the tens of gigabits, but I really don't foresee to have anything more than a 1Gbps fiber connection for the next 10 years or so.

But this is only the half of the truth about Intel QuickAssist, it would be also speeding up
tasks that are profit from that, likes Snort, Suricata, OpenDPI and others.

That's why I think Rangeley is too high end for my needs, and that personally makes it hard to justify the price for it.

For sure that is a very new platform and many Vendors are bringing out of them now
and there fore the prices are often very high at the beginning.

I'm moving to 500/500 fiber this summer, and want to take full advantage of it with a new pfSense setup! I'm aware that many 'lower' end systems are well capable of routing 500Mbps, but I'm a heavy VPN user (both IPsec as OpenVPN) and thus require a AES-NI

For sure I would have a look for something between 2 core / 2 GB RAM and 8 core / 8 GB RAM
likes 4 core / 4 GB would fitting your needs at best as I see it right.  ;)

capable system in order to maximize VPN bandwith.

Installing this card and you will be happy too, but the QuickAssist and AES-NI
I would prefer at this days and the card is also able to install on top, for sure!  ;D
Comtech-AHA-AHA363PCIE0301G

@BlueKobold:

Hello kroberts,

perhaps some informations interesting for you?
New Boards with build in Dual 10 GbE or SFP+

Tyan S5530 ASRock Rack D1540D4X Supermicro X10SDV-TLN4F and X10SDV-F

Do you know HotLave?
They are producing 1 GB, 10 GB and 40 GB Intel based NICs!

HotLava MultiPort NICs

One tip of me by side to you, build with the D-1500 based boards a pfSense based
firewall and with the Xeon E3 a NAS or Server, but please don´t connect the
pfSense based firewall direct over 10 GBit/s this will be not the best effort for the
throughput, you will be better going with a Infinion SX2 card, that can be connected
directly from the pfSense based firewall to the NAS and it will be serving more speed
and throughout as the 10 GBit/s SFP+ option as I see it right.

We'll likely be moving to Xeon-D (Supermicro at first, something better to follow).

All the HotLava 10Gbps NICs appear to be based on Intel 82599ES.  These work, but don't work as well as Fortville (Intel) or T5 (Chelsio).

I use a i350-t4 without issue on 2.1\2.2

@Derelict:

They want to be on the phone (Google Voice or Skype) and be able to walk around their home. They don't need to be able to drive down the street but they should be able to get up and walk away from the AP without a drop in signal.

Someone needs to understand the physics of radio frequency energy.

Or all wave functions.  Light and audio also follow an inverse law.

I guess i gave up early on my UE0 devices. So it works fine as cuaU2. I may have to re-test some other modules now. Thanks for the heads up. Did require the +cfun=1 tip. I wonder if i could get my Novatel E371 going that way. It is LTE so i will try that next. It shows ue0 now.
Thanks
Signing off from my H5321gw

3g.jpg
3g.jpg_thumb

@jbhowlesr:

Forget all other recommendations given. Go on Ebay and search this card: Intel EXPI9400PTBLK. I bought three of them for $9.99 each used. These cards work flawlessly with no additional software. Plus they are server based so they manage themselves without used of the CPU

If you want to run the em(4) driver (https://www.freebsd.org/cgi/man.cgi?query=em(4)), sure.

But igb(4) is a far better driver, and the chipsets supported by it are far better for network processing.  (More queues, etc.)

@virgiliomi:

You can probably build a better system (for pfSense) than that one, for probably about the same price.

Get a Supermicro Mini ITX Atom C2558 board ($260 on Amazon)
Get a mini-box M350 mini ITX case, DC-DC PSU, and power adapter ($70 from mini-box.com)
Get 4GB of Kingston ECC 1600 memory for the motherboard ($50 on Amazon)

$380 (not including shipping and/or tax) will get you NEW equipment:

A better processor - quad-core Rangeley Atom with AES-NI and QuickAssist and more power-efficient (15W vs 34W for the CPU) 4 ON-BOARD Intel gigabit NICs (vs 2 + 2 in the eBay system) PLUS a fifth for IPMI remote system management more RAM (4GB vs 1GB) fanless more compact etc…

BTW, that doesn't include a storage device... but that eBay system is just giving you a CF card for storage, so there's nothing great there. If you have a spare SATA laptop HDD or SSD, you'll be set.

You can definitely do better than that eBay system.

I don't know why people are so married to CF for storage.  It's a seriously substandard architecture.

This: http://store.netgate.com/ADI/RCC-VE-4860-board.aspx has the same C2558 CPU, 8GB ram (which you're not going to get for $50 for the Supermicro) and a 4GB eMMC (way faster, way more reliable), and two more Ethernets for $406.00 q1.

thank you for the reply, i also found out that this card is not on the comparability and maybe that is why i was having issues.

I have since purchase a card that is support with quad ports.

@jahonix:

@gonzopancho:

Today, QuickAssist isn't supported on FreeBSD (and thus: pfSense).  You'll never guess which company Intel is supporting in getting this port done

I love the idea that Intel supports Mr. Ermal to get this into FreeBSD via pfSense.
Kind of shows the significance this project has already earned! Kudos to you guys!

BTW, the successor of the APUs obviously won't support QA but how about AES-NI? Or is that Intel-only as well?

It's more than Ermal, though yes, Ermal is doing the majority of the work.

AES-NI is supported on some AMD CPUs.  That's why we did it first.

My pfSense is on an SSD serving a small home network, doesn't seem to be doing all that much writing to it so I'm not worried about wearing it out. If you used some of the packages that do a lot of writing you might want to go to a 120 GB SSD so you get more wear-leveling space.

for the price difference, I would go for the 8 core vs 4 core atom. better to have too much than not enough.

the new xeon d is a monster that should be out soon if you need more power. a couple hundred dollars more. not much for a business.

You could seek out the local electronics recyclers. 3 to 5 year old PC's can be had cheap. For me my first pfSense box was a $50 Dell 760 small form factor core2, 4gb ram. I added a 2.5 40gb hd. I scored a NC360T dual nic cheap.
Then you can decide later how much power you need and what you want to spend on low power vs hp. You may even run into a stack of old firewalls you could revive with pfSense.

Unfortunately, visiting a place like that can be habit forming. I need special permission from my significant other just to drive by the place..

Hmmm… if you want passive - looked at some of the flex risers (someone linked those on eBay in some of those DYI Firefox threads, some SATA HDD mod or what it was.)

Hello vyruz,

any news on this?
I suggest the same as @Harvy66 4 Core / 2 - 4 GB or 8 Core / 4 - 8 GB based on the
new Intel C2xxx CPU SoC if VPN becomes a really point in this game, also likes Squid
and Snort, if not so, I will suggest the new Alix APU 1d4 as a complete bundle.

This would be,

saving power small enough upgradeable powerful enough long time usage

both will do the job. the gigabyte board has two realtek nics while the asrock only has one. you need to add a network card of some type to the amd board.

get some ebay intel network cards, or a single card with two ports.

personally, i would go athlon 5350 and asus am1 as it unofficially supports ecc ram. i would use the intel ebay cards on same.

Hello,

I really would in normal suggest, to place the Cameras and a storage like a NAS inside of
a DMZ and let them then there able to connect to the Internet, this is not affecting the
LAN side and is also more secure as I see it right.

But related to the missing ports to do so, I would also recommend to set up VLANs and
then only connecting via VPN to the pfSense from the outside, this will be securing the entire
LAN but otherwise you are able to connect to the cameras also.

It must not be that the pfSense is routing alone the entire LAN traffic. A DGS-1500-20 Switch
from D-Link is offering much more ports then others and also 2 SFP+ Ports for under 200 €!
DGS-1500-20
20 x 10/100/1000 RJ45 Ports
2 x SFP Ports
2 x SFP+ Ports
1 x RJ45 Console Port
Layer3 feature set and able to route the VLANs selfs!
This can also be taking load from the pfSense firewall.