The pfSense GUI might not have the code to deal with 802.11ac Ah ok, I understand that this will be perhaps then the breaking point, thanks in advanced.

domotz takes all of a couple of minutes to setup.. If you have a bunch of vlans it takes a bit longer.. Since you have to add the interfaces or sub interfaces for your vlans on the box and make sure the box has access to all your different vlans at layer 2.  You need this because it arps the whole subnet to find devices and monitor when they go up down, etc.  You can change how often it arps for something, etc. You can run it on anything really, a pi, a vm you have, something running linux, etc.. I have it running in on a ubuntu vm currently.  Even runs on some NAS boxes, etc.. Synology, QNAP, ReadyNAS You can try it out for 21 days before you have to pay for it.  Its a great little piece of software for monitoring devices on your network be it new stuff that joins or wanting to know when stuff goes down or up, etc.  Since it phones home.. You will know if it goes down as well, etc.  Or you internet is down which would prevent other things from sending you alerts.. You can even have it monitor services like http or ssh, etc.  You get a few "eyes" to watch services in your normal cost.. You can add more for a few bucks, etc.  It even can monitor snmp of switches and show you what sort of util your interfaces are seeing, etc.  It really is a sweet little product for the cost.. Something you setup with arpwarch or nmap or aprping and some cron job is not going to come close to the feature set of domotz, etc.

I have built and used pfSense systems for many years, usually based on an i3 based high clock speed CPU to ensure I get 1Gbps throughput under varying configurations. But under varying configurations means here the raw WAN throughput or am I wrong with this? I am tempted to get a SG-4860 unit as I like the form factor and finding a decent small case with front facing network ports is a pain.  So I have a few questions: There are many solutions to fit your needs in any kind of art and wise! The SG-4860 is able to get also in a 1U rack mount case with front I/O ports! You may also be able to buy the board only and let produce a custom case as you may want it in the desktop factor but w/ fron I/O ports! Schaeffer AG You may also be able to buy a small 1U dual board case and let only drill the front plate or panel as a custom work only on your "special" demands. Case & Frontpanel 1. After the initial year of support, am I free to install a stock community image on the device as I would do for a custom built system? You are free to do so, but if they offer an ADI image that fits to their boards and came pre tuned I would be aware of this was to feed any SG-unit. 2. Would the Atom 4-Core 2.4Ghz CPU be fast enough to sustain 1Gbps even with OpenVPN / IPSec, and packages running such as ntop? I only know one person that was reporting to get with an SG-4860 nearly ~900 MBit/s over a 1 GBit/s symmetric internet line, but not using PPPoE at all. And something likes ~470 MBit/s over IPSec VPN. Link 3. Does the unit support the upcoming 2.5 requiring AES-NI? Yes. 4. Is there any reason you would recommend building a custom system rather that purchasing the SG-4860?  Asking since I can build a mITX based i3-8100 4-Core 3.6GHz, 8GB RAM, 128GB SSD, 4 x Intel NIC system for about the same price as the SG-4860.  It will be larger and the ports will be in the back, which is a bit of a pain in my cabinet. You must get the hardware to fit your needs and not sorted by brands, the one way is supporting the project and the other way is supporting your budget and offers more options too.

Thank you for the extremely quick feedback on this VAMike! I am aware of the realtek view, I have read your discussion on this the other day (https://forum.pfsense.org/index.php?topic=123462.0). So this question definitely didn't mean to be an intel vs. realtek topic, I was more concerned that using both port of the intel dual port adapter will have some speed limitation vs. using both intel and oboard NIC. So thanks for answering this in the second part of your feedback. If the Intel can handle both ports at full speed without any limitation/ drawback, then I am happy to ditch the onboard realtek for sure.

@BlueKobold: For POE I would just need to make sure that I am using Cat5, Cat5e or Cat6 cables correct? Was not sure if there was a difference other than throughput speed or if there was more to it than that. For 1 GBit/s you will need CAT.5e and if you ware willing you can also go with CAT.6(A) if you want to, For 1000baseT you need cat5, which is the cable the 1000baseT spec was designed for. Some additional tests were added to the cable standard and the result was cat5e. The differences mainly involve crosstalk tolerance, and had more impact on connector/punchdown assembly than the cables themselves. Most factory built cat5 cables would pass the cat5e spec but weren't tested/certified as cat5e. (Field terminated cat5 was a mess, as 100baseTX didn't push the specs as hard as 1000baseT, and only used 2 pairs like 10baseT–so some installers back in the day didn't even bother to terminate all four pairs.) In practical terms, any decent cable you buy new today will work fine at 1000baseT. You won't find any cat5 for sale in 2017, and If you're looking ahead to 10GbaseT there's no reason to buy cat5e rather than cat6 (if there's a huge price difference, find a different source.) If you already have cables, they're probably fine--just try them. If you run into problems (like the link takes a long time to come up, or won't get above 100Mbps, or starts at 1000Mbps and then steps down) it's probably the termination--but unless it's a really long run it's not worth fixing rather than tossing it.

I use this board for 4 months now. I have no problems at all. Performance is great using ips, squid, Pfblocker. Power consumption can’t be lower. It’s a very solid board. I like the Ipmi feature.

Possibly just about I would say. Is the connection symmetrical (300/300)?  Will you be maxing out the line all the time? What type of VPN connections will you be using? Will they be on all the time and at the same time? If you want to use squid (caching?) as well at the same time as the VPN you may max out the CPU. Since you have the unit, try and see how well it gets on.  If the CPU maxes out all time or throughput is slow you will know for sure. Realistically though you should try and get hold of an XTM 5 series. 2.3 will be the last 32 bit version and 2.4 will not be available as a nano install. I have an XTM 5 running an Intel Xeon CPU L5420 @ 2.50GHz using the 771 to 775 mod , 4gb ram and an SSD. You need to find the fastest clock rate CPU that you can as the firewall thread only runs on one core.  Faster the clock the more traffic you can shift. In the future even the XTM 5 will not work with pfsense 2.5 as it will require an AES CPU which none of these models do.

Hi all …. I'm still here  ;) Clarifications: I bought the AP42 after a cursory hardware/software review (including pfsense). The Gigabit traffic is not seen by the AP42 because it's isolated locally to the primary DD-WRT router network. So IMHO 10Mbps AP42 interfaces is adequate (Gbe a nice overkill). Yes/No? Back to the basic problem - booting the pfsense USB (built with rufus 2.17) The USB is not recognized by the BIOS, even in legacy boot mode. Tried building on uBuntu with dd. Same issue. Downloaded again, same issue. Seems I'm overlooking something very basic. I was able to boot a rufus built OPNsense img so it must be something else I'm missing. Advice? Final update: 9 days, two posts, no response. Good bye.

Hi, Updating the doc would save time for next users following the 'Getting Started' manual… Thanks, Hakim

I bought the thing on October 12 last year. That device has a 1-year warranty. Sounds like you should immediately register your device for support if it isn't already and open a ticket. Are you running pfSense 2.3.4-p1 like you should be? If not you should probably upgrade. Your WAN interface should be configured as: Default (no preference, typically autoselect)

@VAMike: Maxing out around 70Mbps single core doesn't seem impossible, those were really slow CPUs. It does look like hyperthreading is disabled, so you can see if there's a BIOS setting to enable that. (It also might just not be supported on your motherboard.) You were absolutely right, hyperthreading was disabled. I enabled it and now I have full speed. YEAH! Thank you so much, I never thought about that and probably would have bought new hardware next weekend. And thanks to anybody else for the input.

@BlueKobold: Is there a VPN connection for the update-from-console option? For extra $? There are many secure ways to get it, but mostly some vendors are submitting that over an encrypted tunnel using an internal TMP module for that or doing it in software. … Who are these vendors you speak of? Shoestring budget osdisc.com (its owner's sidejob), random & late linux format? Sincerely, JC Magras

Hey thanks, I saw their offer on Amazon but good to hear they use good components. For the lower Internet connection speeds here in Germany it will be one of the best and often sold hardware in combination with pfSense as I am right informed. It is running here for 100 MBit/s down and 50 MBit/s up for ~ 70 employees together with IPSec VPN, Squid & SquidGuard, snort and pfblockerNG, all is fine. One line of thinking was to start with that and if for whatever reason I don't have enough power on this one, use it as a slave in a HA setup. You will be able to run it in one big 1U" case as well available from the Varia-Store, here is a link to that dual 1U" case; APU2C4 - 1 U" - rack mount case Haven't looked into that too much, but it would enable me to use a VM with plenty of power and a backup unit in case the server gets rebooted / dies / explodes / flies away. That could be also very interesting, but I love more the real hardware HA setup, if one server is "gone" mostly also both VMs are also "gone" please don´t forget this too! For more power you could also have a look on the new Supermicro Atom C3000 line But the network drivers will be not really matching to all NICs that are SoC integrated!!! Stronger and faster then the Intel Atom C2000 series, but slower and less powerful then the Intel Xeon D-15xx series. it is not only interesting what kind of Internet connection speed you are running, also the amount of installed packets, running applications, offered services or used protocols will be also important likes the amount of users and their produced traffic such mailing, surfing, gaming or audio/video streaming!

enable and auto likely do the same thing.  Only disable would behave differently. Note EIST is required if you want to use turbo clocks.

@stephenw10: You may want to add that as a Shellcmd so it gets stored in the config file and survives updates. https://doc.pfsense.org/index.php/Executing_commands_at_boot_time Steve The fix that I put in has been working well for many days now, so I followed the instructions in the link above and found the line in the file /conf/config.xml and inserted the following line right above it: <shellcmd>/usr/sbin/usbconfig -u 0 -a 3 power_off</shellcmd> Then I saved the file and rebooted. Everything seems to be working fine.

Don't do it. A single SSD can saturate practically all network links. Mostly because even with 10GbE you'll still have on-disk compression, caches in RAM and the possibility of using ZFS and having two disks in a pool to increase IO.

Used to run pfsense on a 433 MHz Celeron with 386 MB of memory until recently. Perhaps the memory system is to low, the actual version will be running well, but in the near future the support of the entire hardware will be changing step by step and so it might be a better thing to change now, and go with 64Bit hardware that comes with AES-NI support too. So you might be able to run it likes now for years without any issues. What if it were not that particular hardware, can't you say where the hardware check is done and ways to disable it? There will be not a switch to disable or enable it! As I personally know it, it was announced here in that forum or over the blog on the netgate website, the following changes will be coming with the new version 2.4 and above; No 32Bit support anymore, only 64Bit hardware will be supported (but we got ARM support for two devices (at the moment) therefore or instead of) No NanoBSD support anymore (pfSense version 3.0 will be written totally new from ground and this is also very hard work and to the cost of much time) AES-NI is a must be or must have option and not a can be or should be option (Over the change of using Phyton over PHP and perhaps other things get also changed too) Were they forced to stop building 32bit for technical reasons or was it a management decision? Who should be pressing them to do so? But handling all, I mean, 32Bit and 64Bit, NanoBSD, rewriting version 3.0 totally new from scratch, AES-NI support, QAT, netmap-fwd and tryfwd or fast-fwd, failure and bug hunting, ARM support, might be a bit to much at one time, perhaps this can be differ or changing at one days back who knows, but I personally think it is more the lag of time to realize that all. For a firewall only unit, with low power demands, you has more then one option at this time. Official with support: SG-2220 SG-1000 SG-3100 Alternatives well known and working: APU2C4 Lanner units Scope7 units Qotom Intel i3 AxiomTek units I personally would have a look for the SG-1000 or SG-3100 or APU2C4 as a replacement here.

@ssbarnea: I am still looking for a barebone or minipc, (nearly) silent that can reach 60-70MB/s OpenVPN (256) for under $250/£200. No 2nd hand or repurposed hardware or "run your openvpn from another place". I just want one small router, not a big collection of devices which would only increase the number of possible points of failure. I own this one, no problem to reach 120Mbps OpenVPN (256) https://it.aliexpress.com/item/New-Braswell-mini-pc-M150S-with-2G-ram-8G-SSD-celeron-N3150-Dual-H-D-M/32533935685.html

The UP Squared board can run pfSense 2.4. Pentium N4200 Dual Reltek NICs Up to 8 GB of ram Up to 128 GB of storage 1x mSATA/mPCIe slot 1x M2 2230 slot (non SSDs, only PCIe devices) 1x 6Gbps SATA3 Rapsberry Pi form factor w/GPIO pins (though there are no kernel drivers in FreeBSD 11) Though FreeBSD 11 (which pfSense 2.4 uses) is limited in that it doesn't fully support the Intel eMMC 5.0 specifications.  I'll later test pfSense 2.5 w/FreeBSD 12 when it matures a bit to see if they included the drivers there. I'm personally running Xen on ArchLinux on my UP^2 to gain access to its GPIO and eMMC 5.0 storage, with pfSense running within Xen. The Reltek NICs handle my 500 Mbps up/down Verizon FiOS connection just fine.  As a matter fact, I stress tested the UP^2 with this setup and achieved 890 Mbps UP and Down simultaneously.  OpenVPN I haven't finished setting up yet though. http://www.up-board.org/upsquared/ Link to pfSense on UP Squared: https://up-community.org/wiki/PfSense