You might also be able to change the IDs it presents by accessing the command line under some other OS. It's been while but I seem to recall reading those Quectel devices were very similar to Sierra internally.
In a current CPU the TDP is only vaguely related to power consumption, and mostly in that low TDP parts have their max performance throttled to hit a specific max TDP number--at idle they're going to be close to the same. In an old opteron the power management features are much less advanced, and the idle power consumption in a typical "mostly idle" fw configuration is going to be much, much higher than a relatively cheap processor with a more modern core. And not just the CPU--the older chipset, especially for a rackmount server, is going to be much more power hungry than something new. If you're paying california power rates I'd probably just buy a newer box rather than fiddle with the current one. At lower power rates pulling one 4386 and leaving the system alone is the most practical approach, because the break even time for buying anything else will be long.
I went with the Asrock, it works perfectly under Pfsense and has great fan control to run totally silent in a very quiet room.
CPU i3-9100, overkill but 9100T are hard to find on stock
Used the intel I219V port for LAN and I211AT for WAN
Hope it helps other users
@kiokoman thanks. Some random Nvidia 2gb pcie card I got for free aome years ago. One slot and has hdmi. Am4 lacks video except for the apu units. Since i got a videocard, going for it. Tempted to get a 2700 non x 8 cote for 100$ more for fun...
Here for our new gateway of defense :
SM SYS-5018D-MF ( + 8Gb ram and a Xeon E3-1240LV3 ). I add also Intel Ethernet Server Adapter x4 LAN, and last but not least i will use SSD (x2 in case of...)
They claim to support FreeBSD though the FreeBSD mlx5 driver doesn't list that card specifically.
pfSense does not include the Mellanix drivers by default, you would need to copy the kernel modules across from an equivalent FreeBSD version or compile the drivers if something newer is required for that card.
I would test it in FreeBSD to initially if you can.
What service are you actually opening on the QNAP device? One thing that will immediately increase security would be to restrict port forwards to an alias of known external source IPs. That may not be practical in your situation, I don't know.
Out SG-3100 would do well in that situation. The SG-5100 would be better of you plan to run packages such as Snort/Suricata or pfBlocker.
Hi @ramses-sevilla - I have been using this exact system with pfSense and a symmetric 1Gbit fiber connection since early 2017. Zero problems since then and have been impressed with the performance of the machine. Hope this helps.
It's not an issue, it's normal.
ix is the driver. It is a 10G capable chipset and driver, but depending on the actual implementation, is perfectly happy operating at 1G or other compatible speeds/media types/etc. There are ports on the Netgate SG-5100 which are similar. They are detected as ix but the physical connection is 1G, not 10G. It will link up and run as expected at 1G.
Think of it similar to a 10G capable SFP port with a 1G module in it. Sure, the chip can go faster, but the media connection is only 1G.
No, atom n270 has a 32-bit instruction set.
The current versions of pfsense is 64-bit
This is a link for hardware distributed by Netgate that is definitely working with pfSense.
I just worked through something similar--the tutorial I was following forgot to add the DNS on the new VLAN interface, which resulted in clients showing no internet. I got clued (after a solid 2 hrs of peaking through settings in unifi and pfsense) in when I typed 18.104.22.168 into my browser to stimulate traffic to sniff and it worked. I felt super smart.
If you can't laugh at yourself...
x520 is fine, also uses the ix(4) driver.
The NIC will not be the limitation in getting close to 10Gbps, the CPU usually is. But with that CPU... I've never run pfSense on anything that powerful personally.
This worked - Thanks a lot.
If somebody will have same issue, here is how I did: I have edited the config file in sublime text editor and replaced the necessary ports (e.g. em0 with igb1) for interfaces and VLANs. After I have restore to the edited config and I get a message on the top that there are some discrepancies for my interfaces (that was expected as my config was for new nic card and I have still the old one ). I have shut down the pfsense computer, replaced the old nic with the new one and restarted and everything was working fine from the first time (no other settings were necessary except just to find the right ports that corresponds to the new nic card.
I see. In that case I'll just continue using the adapter as a bridge in Proxmox and assign it to pfSense that way. That has been working just fine for about a year now. Was thinking about doing hardware passthrough because I want to get rid of my old router and let pfSense handle the PPPoE connection to my ISP and wanted to minimize any potential security risks.
Hi @PhiloEpisteme - my pfSense box is actually based on the Sumpemicro 5018D - F8NT 1U barebones system:
I believe they also make a stand alone or desktop version of this as well (i.e. with the same CPU). With respect to noise, I would not call this system quiet, and the primary reason for that is of course the small form factor. With a 1U chassis you are limited in terms of the types of fans you can use and to get any decent airflow you'll need several small fans operating at quite high RPM's (which means more noise). While this system doesn't sound like a jet plane taking off, one would definitely notice the noise in an office setting. I haven't measured the power consumption on just this system specifically (only on my entire network stack), but with a CPU TDP of just 35 Watts it will be on the lower side. Consider also that the CPU wont' be running at full speed the whole time (unless the firewall is consistently loaded down), but any expansion cards you add will contribute a few extra watts. If you are looking to build a system with this CPU (or similar) it might be a good idea to just get the motherboard and CPU combo and run the whole setup in a larger (2U or bigger) case, which would allow you to use bigger fans.
Now having said that, given that your use case involves wanting to utilize 10Gbit speeds between subnets, I would recommend looking at a higher frequency CPU than the Xeon D's as @stephenw10 already suggested. The quad core Intel i3-8100 or newer generation i3-9100 would make good choices and are decent bang for the buck IMHO. Couple that with a solid motherboard (that has appropriate expansion slots), a 4 port 1Gbit NIC, and a 2 -4 port 10Gbit NIC and you'll have powerful system that will also handle OpenVPN quite well. The i3's I referenced do have a little higher TDP (65 Watts) but again, unless the firewall is loaded down the entire time, the CPU will scale back the frequency and power consumption will be lower on average.
I hope this helps - please let me know if you have any other questions.
I have seen this problem many times with Supermicro motherboards and Intel NIC's.
Remove all the extra cards, and configure one of the onboard NIC to login through the Web GUI.
Navigate to Diagnostics -> Edit File -> Browse to /boot/loader.conf
Add this line in your loader.conf file :
Save and shutdown pfSense.
Now add the extra NIC's and they shall be recognized correctly now.
Yes, please open a ticket. I would like to look at your config for this.
The crashes are all almost identical which indicates a software issue. And they are on all interfaces including both igb and ix which is very unusual.
db:0:kdb.enter.default> show pcpu
cpuid = 0
dynamic pcpu = 0x8a2100
curthread = 0xfffff8000704b620: pid 12 "irq296: ix1:q0"
curpcb = 0xfffffe011c653a80
fpcurthread = none
idlethread = 0xfffff80004958000: tid 100003 "idle: cpu0"
curpmap = 0xffffffff82b8bc18
tssp = 0xffffffff82bbca90
commontssp = 0xffffffff82bbca90
rsp0 = 0xfffffe011c653a80
gs32p = 0xffffffff82bc32e8
ldt = 0xffffffff82bc3328
tss = 0xffffffff82bc3318
Tracing pid 12 tid 100099 td 0xfffff8000704b620
pf_test_state_icmp() at pf_test_state_icmp+0x45a/frame 0xfffffe011c653160
pf_test() at pf_test+0x1a3a/frame 0xfffffe011c6533b0
pf_check_in() at pf_check_in+0x1d/frame 0xfffffe011c6533d0
pfil_run_hooks() at pfil_run_hooks+0x90/frame 0xfffffe011c653460
ip_input() at ip_input+0x441/frame 0xfffffe011c6534c0
netisr_dispatch_src() at netisr_dispatch_src+0xa8/frame 0xfffffe011c653510
ether_demux() at ether_demux+0x173/frame 0xfffffe011c653540
ether_nh_input() at ether_nh_input+0x32b/frame 0xfffffe011c6535a0
netisr_dispatch_src() at netisr_dispatch_src+0xa8/frame 0xfffffe011c6535f0
ether_input() at ether_input+0x26/frame 0xfffffe011c653610
vlan_input() at vlan_input+0x215/frame 0xfffffe011c6536c0
ether_demux() at ether_demux+0x15c/frame 0xfffffe011c6536f0
ether_nh_input() at ether_nh_input+0x32b/frame 0xfffffe011c653750
netisr_dispatch_src() at netisr_dispatch_src+0xa8/frame 0xfffffe011c6537a0
ether_input() at ether_input+0x26/frame 0xfffffe011c6537c0
ixgbe_rxeof() at ixgbe_rxeof+0x7fd/frame 0xfffffe011c653880
ixgbe_msix_que() at ixgbe_msix_que+0x96/frame 0xfffffe011c6538e0
intr_event_execute_handlers() at intr_event_execute_handlers+0xe9/frame 0xfffffe011c653920
ithread_loop() at ithread_loop+0xe7/frame 0xfffffe011c653970
fork_exit() at fork_exit+0x83/frame 0xfffffe011c6539b0
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe011c6539b0
--- trap 0, rip = 0, rsp = 0, rbp = 0 ---
We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.
Subscribe to our Newsletter
Product information, software announcements, and special offers. See our newsletter archive for past announcements.