I'd have a hard look at the 5018D-FN8T - it's the 4core Xeon D with a far better lineup in available interfaces. OK if you only need 2-3 NICs thats fine, but I'd take the FN8T with it's 4 cores and 6(!) Gigabit NICs AND 2 SFP+ 10G ports over any other version of the lineup. Sadly the only Xeon D board of Supermicro with real networking in mind and not throwing in strange mixes of interfaces. :)

@garyd9:

@whosmatt:

In addition to the RMA taking 3 months, he got back the same board, as verified by serial number.

THREE MONTHS?

From SM's warranty (available here: https://www.supermicro.com/support/Warranty/):

If returned products are: a) within the warranty period, b) accompanied by the proper Return Materials Authorization ("RMA") and c) defective as determined by Supermicro; Supermicro will, at its option: 1) repair the defective product within 10 working days, 2) replace the defective product with a refurbished product or 3) issue a credit to the Customer for the current value of the product. For purposes of this Limited Warranty, "refurbished" means a product or part that has been returned to its original specifications.

(note the "10 working days")  In addition, in regards to replacement, there is this:

All product replacements are subject to quantity available in Supermicro stock. If Supermicro does not have stock to replace the returned products, Supermicro shall have at least 30 days to manufacture and replace the returned products.

It sounds like your friend is considerably more patient than I am.  After the 10 working days, I'd have been on the phone with SM quoting their own warranty text to them.  If they hadn't repaired within 10 days, they should have sent a refurb.. or manufactured a brand new one for him/her.

Yeah, I don't really know.  I asked him about it today after reading this post.  He was in contact with SM the entire time. The board went to Taiwan (from California) for repair.  Apparently he is indeed very patient.  It was a A1SRi-2758F IIRC.

@LastLife:

So I an looking at getting the Jetway NF592-Q170 it has 1 x Intel I219-LM PHY Gigabit LAN (iAMT 11.0) and 7 x Intel I211-AT PCI-E Gigabit LAN.
<–->
Would this mother board work with pfSense?

Yes, it will work. Intel Q170 generally will work on FreeBSD versions 10.1 (pfSense 2.2x), 10.2 (pfSense 2.3x) and 11(future pfSense 2.4x).

Ps. I bring my own cards with when I come down from Europe, if there is anything you are looking for (smaller items, of course), I am doing some four journeys a year. Send PM

VK-T40E is not ADI. It's switching to a console on com2 and appears to hang when you're looking at com1.

You need to use the memstick-serial install image. Such as:
https://nyifiles.pfsense.org/mirror/downloads/pfSense-CE-memstick-serial-2.3.2-RELEASE-amd64.img.gz

Steve

@WithWings:

A larger issue for me is that you can't be 100% certain that those rules will reman as you set them up, so given time, what if a piece of the config is forgotten due to bitrot, that opens up the network?

I can't even imagine how that would happen.  I'd worry more about a flash drive dying due to excessive writing than I would about the chance that data would corrupt in such a way that it would write a valid rule to open access to your network.  That would be akin to giving a monkey a typewriter and having it randomly reproduce one of Shakespeare's works.

Remember, by default, no traffic is allowed in on any interface on pfSense.  You have to explicitly write rules to allow traffic.  There are some default ones created for you by the setup wizard, but in the absence of valid rules, all traffic is dropped.

@JamesVA:

Thanks!  Just to confirm, you're saying that these newer CPUs + AESNI are able to achieve 1gbps throughput over openVPN?

I've seen an i3-6100 do multiple gbps in a single stream (with performance tuning that would likely be counterproductive on the open internet). The speeds you end up getting will depend on the network and the openvpn configuration, but the CPU won't be the bottleneck.

@Snugglebear:

Funny, I distinctly recall all sorts of NTP errors with the GSM series, including one that could never sync up. That was still better than another unit which would hard reset if you dared to save the configuration.

From what it sounds like the suggestions are to either go with an enterprise level solution such as a Cisco or HP (at relatively high cost unless buying used) or find something more commodity-oriented with a better management software stack. Does that sound about right?

It really depends on what you're looking for. The original request was for a basic switch for a not-networking-oriented user. The netgear "smart" switches provide basic functionality and throw in a few features that you might find useful for about the same price as something with no additional functionality at all. Some of the features on the netgear may be a bit flaky (though, don't get me started on the crazy matrix of cisco firmware level limitations) and if you're really trying to do stuff like ipv6 l3 routing or igmp snooping you should probably spend more money on something else. BUT, you're very likely to want a 10gbe upgrade in the not so distant future as the cost of that gear keeps falling, so why spend money on a higher end 1gbe solution now if you're not likely to really utilize the added functionality before you get around to a 10gbe upgrade? Only you can decide what your actual priorities are, but make sure you're buying the thing that you're looking for and not the thing that someone else is looking for.

I just came across a post that may be related:

https://blog.pfsense.org/?p=2297

waiting for further information as this blog post is really sparse!

@gx:

@frmpf:

Did you end up having further power-down events?  We have two SG-2440s in an HA setup, the standby unit has powered off twice in a two week period (figures it'd be a few months out of warranty  :-\ ).  These are in a datacenter with conditioned power, though, so no flaky UPS batteries to check.  My hope is that it will end up being the AC adapter or something, just popped onto the forums before I head downstairs to power the unit back up.

after I did an update and the device seemed bricked I shelved it and now use a different solution, I lost faith in netgate devices

Heh, I missed that.  ;D

I don't know of anything cheaper new. If you don't already have a case, PSU, or RAM then the cheapest overall option will be to buy an old used desktop off of eBay. All you'll have to add is the NIC.

For more power savings from a used computer look for an Intel CPU with T on the end. I'd recommend getting something cheap that doesn't include a HDD and doing a USB install if you're looking to save money.

not everything is multithreaded, and some rss aware network drivers fallback to one queue when altq is enabled. (popular igb driver included).  per core performance is important, extra cores will help tho when more services are been run on the box e.g. processing pfblockerng feeds, an idle core can be allocated instead of one processing wan traffic.

Also for what its worth I agree with Henning Brauer, I think FreeBSD would benefit much more from porting the newest PF from openbsd in performance and features, but instead there was a focus put on multi threading which I think overall is less beneficial.

Thank you for the replies. :)  They have given me a few things to look into when I get back out there in the next day or two.  I will definitely check the speed/duplex settings, in the box and have a gigabit switch on hand as well when I return.  Hopefully that will solve the issues and I can get it working on a switch. :)

I'll let you all know what I find.

Ok, So… After waiting a month and a half for parts from china I can confirm this bios chip has some kind of security lock on it. The reason I say this is because If i take the chip out of the board, Put it in my programmer, Read the chip then try to write the same data back to a different chip it fails EVERY TIME. I have tried several different chips from different vendors, I even pulled one out of an old mobo that I had laying around, Still failed. I though hrm... Maybe this is an issue with my programmer. So... I bought a new one. Bought new adapters to go with it.... Tried the same thing. Got the same result.... Failed to write at 0x0FB. This was odd to me, I figured that there must be a code offset. So i tried setting the offset at the point of failure and offset before the point of failure. This results in... No solution. Still failed to write. The best read I have ever gotten from the chip was the one attached. It has diffrent data than all the others and seems to be the most "Complete" version I was able to pull. This was done after I bumped the chip power from 3.6 to 5v (Dangerous i know but I was getting irritated.)

Can anyone else confirm if this bios has some sort of stupid lock or security bit programmed in that makes it unreadable?

One more thing, This is an annoying chip. The chip its self is stamped as SST 49LF004B however no matter what programmer I drop it in the chip identifies as a SST 49LF004A. Trying to read/write using the settings for the A version resulted in no change.

Looking at the data that is coming out of the bios pull It would appear that there is an included package in the rom file that is for the PCI driver, this file (assuming is the culprit of all this frustration). It is named "ROM\BA1228L2.LOM" I came to this conclusion when I tried to extract all the files from the bios image and this file fails to extract. I have found a supermicro bios online with the same pci LOM file but was able to extract this one. Any one Skilled enough to re-write a bios from scratch with all the extracted/good files up for the task? Attached below is a zip file containing all the extracts plus the working BA1228L2.LOM

Since I have multiple chips I was thinking about just finding a compatible rom and editing it to match the settings and Chipset registers to match what I pulled and just pop it in the board and try it out. What do you guys/gals think?

UPDATE:
Does anyone have a KEMP LM2500 that I could get to dump the bios for me please. Looking at the update history of the KEMP LM2500 NSA-1043 I see that at some point the bios was addressed in this unit by KEMP Tech. I am willing to bet that if we can get a dump of that system that it would allow us to have a flashable bios.

ts100-3.zip
TS_100_extract.zip

I've decided to go with the xeon option.  Instead of being too concerned with what h/w is in the pfsense box, I've decided to concentrate on what I'm going to do with the replacement board once the C2558 is repaired/replaced:

So, I'll skip the D-1518 and go for a 6 core D-1528.  That should make a nice VM host machine once the repaired/replaced C2558 comes back from supermicro. :)

Take care
Gary

@Hegemon:

That board has no Intel QuickAssist, but it comes together with TurboBoost and so did you
enable the PowerD (hi adaptive)?

I did indeed. And although it doesn't have QuickAssist, it does have AES-NI on chip. For the small amount of encryption I'm doing for home, it seems to be plenty.

An Intel Core i3 or i5 will do the job too, but the Xeon E3 is more electric power saving.

I'm not a expert, and I could very well be completely off base, perhaps you're correct. I'll just say I'd have to see it to believe it. An i3 doing IPS inspection at 1Gbps seems like a far stretch to me.

I have an i3 @4.1  with snort and suricata(for testing purposes)  and i get 950 of a gigabit link with 40/50 % of cpu usage. If they are correctly configured, it proves that one must not underestimate an i3.

Just to be clear you need a 10Gbps VPN tunnel?

Steve

Stick a small vlan switch off the LAN and pull the APs off that.

thanks, i missed that thread, looks like netgate is handling this alot better than synology is.