Possibly spoke a bit too soon there, the expansion card interfaces show up now that the bnxt driver is loaded but as soon as I turned VLANs on at the switch ping, DHCP etc. all stopped working. All sorted now though. I found the solution elsewhere on this forum for another Broadcom NIC. As suggested in that topic I have enabled promiscuous mode on the interface that I have VLANs on. This appears to have resolved the issues although I haven't been testing it for long.

It should be pins 3-4. See step 3 here: https://docs.netgate.com/pfsense/en/latest/solutions/sg-4860-1u/msata-installation.html Steve

@NRgia said in Porting BGE Driver to IFLIB...: Because I don't want to hijack @NollipfSense 's thread anymore I would not worry about it ... I left the thread open for others, such as yourself who may want to attempt the porting ... thank you for contributing!

@StarsAndBars I went with using a quad-core i7 Apple Mac Mini server ... replaced hard drive with SSD mirror and thunderbolt 2 PCI enclosure with an Intel i350 ... easy to upgrade to 10GBe, nice small form factor, low electricity consumption. I must say though that I like and sometimes drool when I see Netgate XG-7100U or desktop.

@dotdash I definately get those same CAM error messages as you indicated. All I do is boot to an existing image, connect the console cable and putty in, drop to shell, and plug in the USB drives. Happens pretty much any time I use a USB 3.0 drive. I've plugged in 3 of them with the same issues. A USB 2 drive that I have doesn't do it.

@bmeeks Thanks B. Waiting for the 2.4.5p1 release to be available to upgrade the CPU cores to 16 again. Hopefully it will solve the problem.

I'm going back to the drawing board. I think at this point I should stick with something Intel based. Thanks for all the replies.

@riftor_77 said in Predicting resources used by packages: Thanks for all the responses so far. For context, I set up my system similar to pfSense baseline guide with VPN, Guest and VLAN support and then added pfBlocker and Suricata on top. My question is actually how to calculate what changing each of those many variables will add or subtract from the resource load. I want to find it my ideal settings, calculate how much resources everything takes, and then build my system to those specifications. For example, if I am using pfBlocker and I add another feed, how do I calculate the additional CPU and RAM usage that adding that feed will require? Let me know if I am clearly explaining my request. Why not simply run a controlled test and see for yourself? Measure CPU and RAM usage while running traffic through the box with iperf without that additional feed enabled, then repeat the exact same test with the feed enabled. You can even do it several times and compute an average. I doubt you see very much of a change, though. Just remember to reset the states in between the tests to be sure the firewall actually inspects the test traffic against the entire rule chain and does not use an existing state established during the first test to bypass a bunch of rules in the second test.

@valnar said in Hardware recommendations for new user: If one of your requirements is route at gigabit speeds (#6) internally, and not just be limited to the 100Mb Internet speed, then some of the smaller units won't suffice. That said, I do have a PC Engines APU2 myself for my pfSense box it's great, but it won't go much more than 600-700Mb. Yeah, I would definitely want to keep internally routing at gigabit speeds. My understanding from watching some of the Lawrence Systems reviews is that it isn't an issue with the 3100 and above. My concern with that unit is whether is can reliably do OpenVPN at > 100Mbps and secondly, if it's up to the task if I were to start installing packages. The LS review suggests it is, but I've seen some posts suggesting it might not be. Thanks

Yep, that's probably a good idea. If it can be read I doubt it would be that hard to display it. Steve

@Orbixx said in Zotac CI323 Installation - Controller Failures: @noconnor Any luck? I added those entries to /boot/loader.conf.local and that has definitely bypassed the boot issues. I did try adding those elements to System > Advanced > System Tunables (for config backup) but couldn't get that to work. I'm pretty sure that was a just me entering them wrong. I haven't tried moving over to a 2.5 version yet to see if that makes a difference. edit: Actually, reading the docs for System Tunables, it looks like I was mistaken and those values (Loader Tunables) are not applicable to System Tunables.

Yeah, that's a huge latency. When it reloads normally it's barely noticeable. I would at least test disabling smp to see if it solves the issue. If it does that is fixed in 2.4.5p1 so that will be a permanent solution. Steve

Thank you guys, very much. All your suggestions and comments really helped me get familiar with pfSense. I'm starting to question why I went such a long time avoiding it. The NC-365T card came in and pfSense recognized it right away. But before it came in I had already learned how to use VLANs for the multiple internal subnets. Now I believe that VLANs is the best solution. It saves ports on the switch. Plus, the bottleneck is still the going to be the WAN connection and not the single Trunk port for all the subnets. I also learned how to use Virtual IP addresses for my static IP subnet on my WAN. In my opinion, pfSense rocks. I will be using the NC-365T on my Hyper-V Server to separate NAS devices and shared printers into different VLANs.

@Pippin: In my case it would be for home use. Problem was that I purchased that fanless PC before realizing that it would pose a problem. I was pleasantly surprised that the problem had gone away in the meantime. I am also wondering, whether Intel NICs carry a licensing premium.

The SG-1000 was a lower powered device, I would expect to see ~130Mbps through it in a typical install. So 94Mbps seems low but you will never see anywhere near 500Mbps. Steve

@stephenw10 yea, very strange. It seems to me that the lcdproc service window where you set that information isn't copying and saving that information. Thanks again

What exactly happens? What connectivity is lost? This happens with any config change? Creating a new interface is quite a big config change compared to, say, creating an alias. Nothing in that setup should present an issue, they are all well tested components. When you hit this what do you do to regain connectivity? Steve

I had a GSM modem in the 90's and I assure you it's not that bad. I agree it could be a lot better. The best thing you could do to improve matters is to port umb(4) driver from OpenBSD to FreeBSD, or persuade someone else to port it. Steve