Ok, so basically still DHCP for what counts for throughput.
So what does top -aSH show when you are testing?
I imagine it will show at least 1 CPU core at 100% but it will also show what processes are using the CPU cycles.
Yeah there are a few ISPs offering 1500Mbps services where the modem link is at 2.5G.
The only solution I have seen is to use a Broadcom NIC with custom firmware and a patched driver. Or get a switch that can link at 2.5G and 10G but that's an expensive option.
From the diagram it looks like you're already planning use a Broadcom NIC for the link to the modem. Just use a 10G NIC to link to the switch. As has been said 2.5G will just give you problems and you don't need it there.
Or you can find a J3160 cpu barebone on aliexpress.com which usually costs around $200(with the shipping fee to US. Just an example) with 4 intel LAN and slightly better Passmark score. Or AMD RX-427BB 2nd hand on ebay.com like HP T730 or DFI DT122 with higher power consumption and more powerful cpu.
Well assuming those cards did not fail, as we have seen some fake Intel cards do, then there should not be a problem.
You might want to look for OEM NICs from Dell, HP, IBM etc which use Intel chipsets and are much more likely to be genuine.
Of course if getting hardware is difficult that just use whatever you have, it can probably be made to work.
Yes, unfortunately it's almost impossible to get data from the eMMC if the board has failed completely.
The one thing you might try is resetting the NVRAM. That presents in the same way, Coreboot fails to POST, the status LED remains red.
To reset the NVRAM on the SG-series desktop model follow these steps:
Remove power from the system.
Remove the case and orient the system with the Ethernet ports facing you.
Locate the NVRAM reset jumper located just the left of the CPU heatsink.
On early models it is labelled J8, on later models it is labelled J10. Only one of the two will have pins and the jumper present.
Move the jumper from pins 1 & 2 to pins 2 & 3.
Power the system on. The STATUS and SATA LEDs will light briefly then go out.
Remove power, move the jumper back to it's original position and reattach the case.
That was a more common issue when those boards were introduced but subsequent Coreboot updates pretty much eliminated it. You have nothing to lose by trying it though.
Yeah, that hardware will barely notice 50Mbps. You could easily put all of it in a VPN. And run packages.
The only downside is they are power hungry and hence often loud. It will be quite old as well so reliability could be a factor.
No. You need to complete the install as normal and then setup enough so you can access the webgui. Then import the old config from Diag > Backup/Restore.
It is possible to import a confug during the install but you need to have it on a USB drive passed through VBox as you suggested:
The recover config option you are using there in the installer is for recovering a config from the drive you are installing to. If you needed to re-install an existing firewall for example.
What size CF card is it?
What are you planning to use it for?
All of those boxes are now so old that I would not consider them reliable at this point. I went through 3 at home that all started misbehaving eventually.
@sayin1974 said in fortigate 600c pfsense nasıl yüklenir:
fortigate wants to charge a lot for the license.
can i install pfsense on this device?
Probably not. Or not in any useful way. You will not be able to use any of the ASIC connected ports as they use proprietary code. That is most of them.
0x1509 - Quad port EEPROM-less Device ID (Default) 1
0x150E - Quad port 10/100/1000 Mb/s Ethernet controller, x4 PCIe,
So no EEPROM, or not readable, on the OPs card. Maybe it's damaged or missing. Or a jumper got moved etc.
@TheNarc said in Cannot load a compiled .ko Intel NIC driver to pfSense 2.4.5:
The stable/11 branch is here:
But I've been unsuccessful in linking r357046 to a commit hash, which is not entirely surprising as I'm not too well versed in git. I thought github's search would be able to find it, but I haven't had luck yet. I'll let you know if I locate it though.
It will be good to know, but I managed to compile it as follows:
The VM image didn't had enough space, so I've created a VM from 11.3-STABLE ISO
Installed subversion (svn)
Used the following:
svn checkout https://svn.FreeBSD.org/base/release/11.3.0 /usr/src/
to download the source - So you were right using Release SRC on STABLE. I still don't understand why it works, but I'm glad it did.
What I saw in the FreeBSD svn manual, is that we can use svn -r (and the number of revision), in order to update the source to exact revision. But it didn't worked for me, or it's a more complex syntax, or I don't have access to the repository. If you find out please let me know. We will need it when pfSense based on FreeBSD 12 will be released :)
In the end I would like to thank you, for all your tips @TheNarc , @stephenw10 and @jimp . It worked
@stephenw10 said in Firebox X550 hanging on boot:
However that appliance is now ancient in computing terms.
I got my hands on one of the last ones ever built which replaced a unit under warranty days before Watchguard quit them altogether. That was over ten years ago and it served me well until we out grew it. (Could not transfer speeds we do today with all our subnets and VPN's) Ran Watchguard software for just under a year before becoming a pfsense box.
Ancient is very true at this point.
Yeah, there we go that VID:PID is not recognised by u3g so no com ports are created. Recompiling u3g to include that would likely allow it. If you do that route you should test it in FreeBSD first.
You may also be able to change the ID of the device to something that is already recognised. Some modems will allow you to set the ID directly using AT commands. If the hardware is sufficiently similar it might come straight up. You would have to do that from Linux or Windows.
Yup, same on the u250s I have. The Atheros AR8328 in the u30s doesn't have a console at all though. It's something more often found in SOHO routers. If I was doing it I was try with OpenWRT as I suggested. They do have support for that in their switch framework.
@johnpoz said in Will this Dell Optiplex be a good Home pfSense option?:
@AR15USR said in Will this Dell Optiplex be a good Home pfSense option?:
How is that going to work? I doubt the r7000 supports vlans - is it going to be running 3rd party firmware?
Decided to use DD-WRT fyi...
@stephenw10 said in Will this Dell Optiplex be a good Home pfSense option?:
Should be no problem them, that hardware will barely be troubled by that.
Thanks for the confirmation...
Like what software can do it on that hardware other than pfSense?
I have no answer for that.
pfSense may be able to do that but it's a scenario I have ever tested. Nor a hardware I have ever tested.
If you have the hardware I can only advise you test it yourself and find out. It should not be that difficult to do.
igb(4) is the correct, and only, driver it should be using and it's in kernel in pfSense. There is no need to load anything.
You need to determine how it's failing. If the card does not appear as a PCI device that's something very low level like a bad card or a BIOS fault.
If the driver fails to attach you need to see what the error it reports is in the boot log.
I believe that should work though I have not tested it myself.
Although those are mPCIe form-factor they are still USB connected. It is far more difficult to remove it accidentally though and I would not expect it to require mode-switching.
It may even be possible to use the cellular package with that to get link stats.
All of those links take me to a page that requires login on aliexpress.
Is there any reason the official netgate solution wouldn't work for you?
I'm not sure if the SG-3100 would work for the home, office and guest setup using the LAN and OPT1 interfaces. Not sure if the RT-AC87u setup as an access point with a separate guest login would prevent the guest users from accessing the rest of the LAN it's connected to. My feeling is it wouldn't so you might need another interface and AP for the guest if that's the case (SG-5100).
If price is an issue, I hear good things about the apu2 platform.
Oh, the internet is working.
Seems very slow.
I hope the internet is only for the VM router and hypervisor and not this local computer, where I stream videos.
I will need to only allow certain devices on the router for internet, due to low need and a low internet plan.
The hypervisor has a very slow connection with a ping of 4000 ms.
Looks like I can progress to the network configuration.
Case closed and thanks.
@valnar said in 2020 home build or buy?:
I have a 200/10Mb cable circuit and run pfSense on a PCEngines APU2C4 (new one is APU2E4). It's more than powerful enough and barely sips electricity. I run Plex through it just fine. It can handle 500Mb+
Concur. I just installed pfSense on a PC Engines APU2E4. I don't have gigabit fiber WAN yet (currently just 25 Mbps ADSL) but there are plenty of credible reports that the APU2E4 will push 500 Mbps (unencrypted) without optimization, and 950-1000 Mbps with a couple of minor tweaks.
The APU2E4 has a few specs that make it especially pfSense-friendly:
AMD Embedded G series GX-412TC, 1 GHz quad-core CPU WITH AES-NI support.
4 GB of ECC RAM
Up to 120GB internal mSATA (not CF card) storage
3 Intel i210AT ethernet ports. (The i210AT has double the number of transmit/receive queues vs the closely-related-and-more-common i211AT.)
DB9 / RS232 serial console port
2 x USB 3.0 ports
Completely fanless, and very low power draw, around ~6 watts idle ~10W max. Compare that to using a random old desktop or server PC which could draw easily 30W-40W idle, maybe much more depending on configuration.)
Very compact (about 6" x 6" x 1" thick)
Very competitive price point
If you enjoy spending hours to days messing around with random old hardware, trying to figure out whether the ethernet interfaces in it are a) compatible with BSD b) reliable in general c) performant enough to allow pfSense to shine as it should, and mucking around with BIOS-related boot quirks, etc, by all means, dig around in your closet or go to Goodwill or a flea-market.
If you want a smoother, easier pathway to a decent-performing and reliable pfSense community-edition install, go with a well-known hardware vendor with recent good compatibility reports.
We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.
Subscribe to our Newsletter
Product information, software announcements, and special offers. See our newsletter archive for past announcements.