Hello,

Was going to get it with the mSSD so I would have the option for snort.

The same as @kejianshi was telling but on top from me, here in Germany where I am
living, I am able to buy the pfSense Book [Pfsense: The Definitive Guide] for nearly ~35€
and then there is not really all inside what is new, what was changing and what is urgent
to do, but then I have to read this book and on top then to understand what is really going
on, to build and install the pfSense like this guys would be able to do, but this is not really
all as I see it right, because the install service when a reinstall is needed will also shorten
time that you now have to waste.  :(

Will it be the same as buying it with the software preinstalled?

Never! If you buy it from the pfSense store you only have to unpack and power.

Are there any guides for installing pfsense on this hardware yourself?

Via Google surely here in the forum also buying the book can bring you some more knowledge

But this is needing much time and time is also money!  ::)

With the mSSD option I dont really have anything to flash it with so I am
not sure how I would get pfsense on it.

Once more again, and why know 150 € saving was a big deal?  :-\

Because on ebay I can get all that for under $250.

Here is an Alix APU complete bundle and an ideal choice to start with pfSense!
Alix APU Bundle and they are shipping world wide! ~230 €

[Qute]I guess the only requirement is that it runs pfsense, not sure what other requirements are needed. 
And not so easy to answer, but power saving and able to upgrade with something likes a
modem, mSATA or a WiFi card would also be a good option on top, or?

There is no end goal other than learning and then maybe using it as a router/firewall/vpn.

Then buy the Alix one it is an ideal beginning choice and has in my eyes also a high grade
for reselling if at one day you must buy something else to fit your needs, but with the saved
power, you will be able to have mSATA and a WiFi card easily get out of this "game".

Hi stephenw10,

thank you very much for your comment!

Since I'm not interested for any VPN tunnels or similar, I think I won't miss this functionality, but thanks for pointing that out.  ;)

Yeah by power hungry I meant it'll use a lot of electricity, generate a good deal of heat, require fans that will make noise, etc. It's more than powerful enough of a system for what you're wanting to do, just maybe not desirable to mess with for power consumption and heat generation reasons.

Any old PC in the sub-$200 range is probably going to be an older CPU that's equally power hungry.

My recommendation would be to buy one of our options at store.pfsense.org. :D

If you want to DIY, there are a number of threads here and on our sub-reddit about people's DIY builds. Lot of people build Atom systems for home use which don't cost much more than what you're talking there, and with the greatly lessened power consumption, might pay for themselves.

From previous posts by gonzopancho, I suspect prototypes of pfsense may already run QA on the bare metal of https://www.pfsense.org/hardware/pfsense-store.html#c2758

It can be but is also only guesswork and nothing anyone can trust really on, so as I see it
like in other posts here in the forum also where explained, better buy a CPU that comes
with AES-NI and if this CPU will also comes with Intel QA, it might be nice to have for
the future usage, but once more again nothing I would count on!

For the ESXi it would at the time the best choice to go with a Intel Xeon E3 or E5
together with ECC RAM, to build a stable box that is also sorted by AES-NI and VD-T
assets.

For sure I personally would really prefer to buy a crypto accelerator card likes the Exar DX-1700
Series and I must not think about all this things.

on your main office, the one where everyone connects to, I would use a supermicro c2758 with 16gb+ ecc ram and a sata-dom 32-64gb @ SLC memory. this is the main unit that everyone dials into.

for the other offices, you can build the same unit over for each, maybe with less ram, or even get a gigabyte celeron-j rig with 4-8gb and a regular sata ssd @ 128gb.

if you want it rock solid, go supermico everything. you can use the 4 core atoms instead of the 8 cores to save about 60-70$ per box. I would just get the 8 cores.

the xeon d is also almost out, and would make for a more capable main box, but at greater cost.

Since you say you're already running the stuff, instead of relying on performance numbers achieved in an unknown way on a different software, why not simply test it yourself to see if performance is "enough" for your needs?

I'm just going to point out that Paul, Netgate's COO, used to work at Tipping Point as the VP Business Management / VP Product Management.

IJS…

@YoMan:

I have a question regarding AES hardware decoding.  How important is it to have a CPU that supports hardware AES decoding if you are running OpenVPN?  What speed limitations would there be running pfsense on OpenVPN with a modern processor (eg Celeron 1037U)?

I am trying to decide what type of hardware to get for my first pfsense router build.

Thanks

Today:  not really.

But when OpenVPN 2.4 ships (and we get it in pfSense), then AEAD (basically: aes-gcm) will be supported in OpenVPN, and you're really going to want a CPU that can do AES-NI (or the ARM analog, or better: QuickAssist) at that point.

The other issue is that tun/tap are a terrible performance bottleneck, but we're working on that, too.

Here are some of the items for auction.

Intel D945GCLF2 Mini ITX Atom motherboard
http://ark.intel.com/products/42491/Intel-Desktop-Board-D945GCLF2

I can probably throw in a 1GB stick of RAM for this.

Netgear 16 port 10/100 unmanaged switch
http://netgear.com/business/products/switches/unmanaged/FS116.aspx#tab-techspecs

Netgear 16 port gigabit unmanaged switch
http://netgear.com/business/products/switches/unmanaged/GS116.aspx#tab-techspecs

PCI ADSL Modem
descibed here (not the OP's Traverse card) - https://forum.pfsense.org/index.php?topic=79929.msg436451#msg436451

Also some misc. Mini-PCIe wireless cards, at least one works as hostap and I will find out exactly what they are.

That link isn't working for me, can you post something I can use for an ebay search?

http://www.hardocp.com/article/1999/01/01/bx62_viking_funeral/

;D

Hi Fabzster,

I would prefer to go with a Intel based server network adapter to
be on the sure side to get maximum performance and support under
pfSense. If you go by a dual port or quad port Intel based server network
adapter is not really interesting, but be aware of the desktop one, they would
be running also fine and are also supported for sure too, but the server adapters
are using a DSP (digital signal processor) on the card that is taking much of the load
and tasks from the main cpu and so far you get a real good network adapter.
For home usage, my suggestion is;

Intel desktop adapters Soekris LAN1841 Quad NIC
and for productive networks; Intel server NICs HotLava NICs (Intel based)

Related to your question I´ll go with the
Intel i350T2 , pci-Express (4x) Dual-port gigabit lan server adapter , 10/100/1000mbps , Intel i350 chipset

@Blooregard:

I'm working in a similar project, and I was considering that:

http://www.lannerinc.com/products/x86-network-appliances/rackmount/fw-8896

Talking with Lanner engineering about FreeBSD 10 compatibility they said me that it hangs on boot with this network appliance….

It's a very brand new model and I suspect that is in fact compatible, but with some workaround to boot...

Is someone there using a similar equipment? (Same CPU and chipset)

I'm considering similar hardware too, tips are welcome!  ;)

1 from for that!

Thanks for sharing your experiences, we where also looking forward to a bigger and faster instance
to run pfSense native installed on and we where playing arround with the brand new Lanner-FW8895
shown under the links in the next lines.

Lanner has also distributors in various countries, here in Germany where I am, we have two of them
and like jason was telling before, we also call them, order and whait three till five weeks and the
hardware is there!

The Lanner FW-8895 is capable of many ports in many assets and comes also with 4 hot swap able
HDD slots. And on top we where looking with one eyes on this module for the FW-8895 for
faster DPI packet processing and VPN speed but we are not nowing anything over the support
in pfSense.

Lanner FW-8895
Lanner NCS-MTX401

No.

@dreamliner:

I'm looking for a solution that will allow me to restrict up/down bandwidth speeds to all devices on my network with an exclude list for a handful of addresses.  I'd also like monthly bandwidth reports.

I bought a Buffalo router running DD WRT and that allows me to limit speeds to all connections and then add an exclude MAC list for other devices to get full speed.

It doesn't have bandwidth reporting capabilities and uTorrent doesn't seem to be stopped by the global DD WRT bandwidth limiter. So I'm looking at pfSense.

I was originally going to buy an ITX based system but the cost was over $300 and I wasn't sure if I needed all that or if pfSense will even do what I want.  I have an old Dual Core Athlon 64 system but it only has 1 10/100 onboard network card (its a Dell e521).

I was looking for a Dual gigabit ethernet card when I came across some older atom thin clients with 3 gigabit ports on ebay that are preconfigured with pfSense for $108.  I'm wondering if they will have enough horsepower not to run into any problems and if they'd work for what I need.

Here is a link to what I was considering:
http://www.ebay.com/itm/Pfsense-2-2-HP-t5740-Intel-Atom-N280-2G-RAM-2G-Flash-SSD-3gig-NICs-Wireless-/261805580029?pt=US_Firewall_VPN_Devices&hash=item3cf4d41efd

I don't really mind spending more money, but I'd hate to buy something I don't need.

Thoughts?

the question is: what's the intended throughput you would like to achieve? This affects the way you choose hardware. I saw from some other threads that platforms like Atom D525/D2550 can do somewhat 500-600Mbps NAT throughput. And I just bought a USD250 Celeron 1037U (with 6 x Intel GbE) which showed me 940Mbps NAT throughput (tested by iperf, link here).

Hello folks,

But my question is if it can handle 100 Mbit/s through VPN aswell?

For sure it can handle it, but as recommended to you it is also a very expensive solution.