@cyberlocc: there is a pretty big diffrence from a core 2 quad at 3.5ghz and a kaby lake Xeon at 3.5ghz. No kidding.  That guide is ancient.  ~150 users/nodes shouldn't be a problem even with the most basic of hardware (that otherwise meets your 1Gbps requirements).  I'm serving that many nodes with virtual machines that have 1GB of RAM.

@Waqar.UK: @iormangund: True, it is a lot, but I have yet to find a decent small fanless equivalent other than a shuttle ds77u. At least that has intel nic and aes passmark score over 1k. Thanks to advice from this forum you can build an i5 for cheaper. The part that's causing me the issue though with building one is the motherboard, all ones I have found that would be perfect for the job would need a bios update for kabylake, and I don't have a skylake chip to do a bios update with. Emailed some manufacturers asking if the boards in question will post with a kabylake for an update but no response yet. (I know I could just get a standard board, but if i'm building my own I want ipmi and at least 2 intel nics, ie Jetway NF592-Q170. No kabylake compatible boards that don't need a bios update that fit that afaik)

I have a XTM 535 and interested in it as well. Now that XTM 53X are dropping in price as network engineers are upgrading to newer hardware, a good opportunity to revisit the new generation of XTM 5 series of routers. XTM 515, 525, 535, 545.

Thanks for suggestions guys. I will contact netgate also for models and support. Thank you.

^That. When 2.4 is released the Core-e will essentially be obsolete though there will be security updates for 2.3.X for some time should it be required. Even if that were not the case all of those boxes are now very old with likely many many thousands of hours on them and the component failure rates to match. As much fun as I had with those boxes I could not recommend anyone does so now if they have another choice.  ;) Steve

Jus got new record IPSec AES-256-CGM - 326 Mbit/s  

Update for anyone interested, the EVGA SuperNOVA 750 G3 PSU did not arrive on time Saturday by 8 PM as promised and paid for, so I called FedEx and asked that they return the package before delivery.  Got confirmation that Amazon would provide a full refund so I ordered what I hope is a correctly sized power supply. Remove EVGA SuperNOVA 750 G3 PSU -$140.85 Add FSP Group 700W PMBus V1.2 $179.99 New Total:  $930.84 I will probably continue my search for a cheaper alternative that supports AES and use this particular system for something that can actually use the horse power.  Right now the Watchguard XTM is working great! Y-ASK

@Routerb: Can this be done? In short: No. All-in-one with internal VDSL2 Modem is not easily possible and Wifi is, as you already pointed out, better served from an external AP. @Routerb: Internal Wifi or am I better off just adding UBIQUITI ACCESS POINT external AP. @Routerb: Failover 3G/4G checked. Use an external 3G/4G modem, aka stick. @Routerb: VDSL2 support nope, not in a single box. Unless you find a working VDSL2 modem that fits into an internal PCI-what-have-you slot. @Routerb: OS PFsense checked. @Routerb: All build into a minipc fanless device dreamer. @Routerb: VOIP port define your needs, this is usually just another ethernet port. If you're talking POTS then no.

This has been discussed several times before on other threads. My experience with a cheap ebay i350-T4 has been very positive since I bought it. Stable as a rock and appropriately fast - and as far as I can tell it's using genuine SoC's. https://forum.pfsense.org/index.php?topic=74158.msg569894#msg569894

"i agree and i already do this…. unfortunately only wireless n" Does this support guest??  Ie vlans?  What are you currently running for your external AP?  How many do you have? If what you want is guest or multiple wifi networks that you can segment then yes get a external AP that supports vlans is what your after.. Why not take the opportunity to update your current external AP that only does N to something that does AC, shoot for that matter AC wave 2 ;)

OK, thank you.

Hi, in the past i had used some USB wifi devices with RALINK RT5370 chipset. Most of them work in AP mode, but some won't do this very long.  ;) They run very hot and died after some days/weeks. And also only 54 Mbit! So i prefer to use an external AP! best regards Dirk

@ivor: Why dedicated hypervisor running only pfSense? I already have another hypervisor running my other projects. I understand not all motherboards do PCIe passthrough well. Does anyone have experience with this? As long as your CPU and motherboard supports VT-d, you're good. Really? I thought it needed IOMMU support, which some people have had trouble with. If this is your only concern, 2.4 is a better choice as it supports ZFS. Config backups and restore is a great way to get back online after bad configuration. You can always restore recent config from the console (option 15). These are automatically made every time you make a change within the GUI. Because of that, I believe you may be overthinking it with virtualization :) Hmm, maybe. I have a friend that does a virtualized setup so he can easily test multiple pfSenses snapshots and that like. I also might be doing some custom modifications to pfSense so I would like having separate installs under a hypervisor as well. Most x86 hardware except for super embedded platforms supports virtualization as I can gather, just concerned about PCIe passthrough. Thanks

Yeah we did get a bit carried away looking for the LED control.  ;) However the IP390 is a 32bit platform so it will not be supported by 2.4 anyway. There will be security updates for 2.3.X for some time after 2.4 is released though. I'd advise you just get a 2/4GB CF card and run Nano with that for now. Steve

I think but am not sure PT is a server class card, CT is definitely desktop class. Also 500MB is megabytes not megabits ;)  Plenty of capacity for a gigabit card.

@Balanga: How do I tell what protocols my modem supports? Assuming you have one of the popular Huawei LTE modems like 3272/3276/3372 the rule is very simple: with 21.X firmware you have a choice of RAS (PPP) and NDIS (network card) with 22.X firmware you have a NAT router (HiLink) All I want to do is get my Modem to act as an NDIS device. Do any of those protocols equate to NDIS? Here is an example with E3276: AT^SETPORT=? ^SETPORT:1: 3G MODEM ^SETPORT:2: 3G PCUI ^SETPORT:3: 3G DIAG ^SETPORT:5: 3G GPS ^SETPORT:A: BLUE TOOTH ^SETPORT:16: NCM ^SETPORT:A1: CDROM ^SETPORT:A2: SD ^SETPORT:10: 4G MODEM ^SETPORT:12: 4G PCUI ^SETPORT:13: 4G DIAG ^SETPORT:14: 4G GPS this is what modem supports AT^SETPORT?                                                                    ^SETPORT:FF;10,12,16 this is what I have active This combination or composition as I referred to it earlier affects USB device PID which is presented to a host system and used by the device driver. In the example provided earlier this corresponds to "idProduct = 0x1506". So 'FF' means I don't need anything before the driver installed, 10 is PPP interface, 12 is a COM port used for commands (PC User Interface), 16 is a network card. 3g driver in pfSense will pick first two. There is no native support for NDIS in pfSense, some people were successful using custom scripts to bring the connection up. using ppp, I need a Userid and password. I don't have these and can get online without in other environments. In most cases you can leave those fields empty or put whatever you want in the username field. Some carriers may require the phonenumber to be used as username with no password.

Indeed there's no 802.11ac support in FreeBSD and hence pfSense at this time. Additionally there is no M.2 socket in the SG-4860. There are mPCIe slots you can use though. Older Atheros based cards will work such as the one we previously stocked: http://webcache.googleusercontent.com/search?q=cache:BGgZhXcr-o4J:store.netgate.com/APU-wireless.aspx Generally though you can usually get better coverage by using an external access point. Steve

I've added a fan on top of the Qutum for one reason only. I'm not comfortable with fanless machines locked up in a cabinet with no airflow around them together with 2x NAS units that warm up the ambient air considerably. To be clear this is not an issue with the device, it run super stable without the fan, I just don't like HW running at 50c continuously especially when the fan is silent and the cabinet insulates all the noise anyway. Any fanless i5 unit would be in the same position due to the 14watts needing dissipating somehow so your real alternative is to look at lower TDP parts if you want fanless and are not comfortable with a 50-60C operating range. The CPU will work till 100C or so, so it's not like the unit is overheating.

@umuzidan: USB WiFi Adapters that have removable antennas which work very well with pfSense / FreeBSD. there isn't any, that work "very well" that is. There are very few usb wifi adapters that work with freebsd to begin with and of those they are typically just a dongle/stick. You might have better luck asking Here. But your top response is going to be just don't do it and get a dedicated WAP