I think it will be a pretty simple setup. We have two VLANs (in/out) and two physical 2 * 10GE fibre. You will be able to use then a Chelsio card that is fully offloading the NAT part. Authentication is not needed at the firewall as we intent to go with Option82 DHCP (DHCP Server will be apart).  There is no  need for VPN, LDAP or CaptivePortal. Ok, that would it make more simple. If we have say 4.000 users online - all with some sessions established the box needs to keep all the NAT states. I am just not sure if pfSense is the right product  and if its okay to go with a general purpose CPU with standard server hardware for that amount of users (throughput) DHCP and DNS entries must also be stored for caching them too, there will be not limitations only the hardware is setting up the highest level, from the side of pfSense you may get not be pressed down! or if it would be better to go with a real firewall vendor using ASICs or something. If only firewall rules SPI (netfilter) and NAT is needed pfSense would do that job with ease, only to find the real matching hardware would be here the problem in my eyes. The $ delta seems to be huge in favor for pfsense! Money is not all, if the network must be running really 24/4/365 and also a HA set up might be the best bet to give a guarantee that all is well. The pfsense hardware requirement guide goes only up until 500Mbps (https://www.pfsense.org/hardware/). Not really, there is written something to archive "over" 500 MBit/s that means more then 500 MBit/s or above that you will be need - 501+ Mbps Multiple cores at > 2.0GHz are required. Server class hardware with PCI-e network adapters 2 x Xeon E5-26xxv3/v4 and 32 GB RAM or more will be your choice and way to go with as I see it right. Or a self made Supermicro Xeon D-15x8 platform should be more then enough.

@stephenw10: I would expect to see 1Gbps firewall and NAT throughput using any of those CPUs. Though it does depend on your traffic type. If you are passing all VoIP with tiny packets you might struggle. It may struggle with small packets? My only experience is with my home PFSense with Haswell i5 3.2ghz + Intel i-350. A few weeks back I finally got iperf working correctly on my Windows desktop and was able to almost send 1.4Mpps of UDP. Almost 70% kernel time, it was struggling to reach line-rate, but got very close. I found a public iperf UDP server, set PFSense to shape to 1Gb/s instead of my normal 150Mb/s, pointed at it and let it rip. PFSense was claiming about 1.4Mpps hitting the LAN interface and about 1.4Mpps leaving the WAN. This was through NAT and with HFSC still enabled, just set to 1Gb/s. To top it off, the system load graph was claiming about 15% system time and just under 20% total CPU. The graph is averaged to 1min, so I had the iperf test run for 2min to make sure I got a full minute sample. Of course the iperf results were as expected with around 85% packetloss. That happens when you attempt to shove 1Gb of traffic down a 150Mb link.

For the benefit of the thread I worked it out, in retrospect it made perfect sense, but there ya go. So I setup an internal hyper-v network, which only the pfsense VM can access. Then I connected the android phone and shared it with the new LAN via internet sharing, this then let Windows create a DHCP server that pfsense could grab an IP from. Phew!

@BlueKobold: I'll take your advice and just use the mSATA w/out the onboard eMMC. I'm not in the mood to run custom scripts for this device…. Please create an account and Register your device at the store and then you could download the ADI pfsense Image and install that on your mSATA. It is not the community Edition (CE) it is a custom Image that matches all the given hardware from that ADI device such as yours. So you will be sure that Tunings and all pimping will be right done for you regarding that Hardware! Not sure which version you are talking g about. I just downloaded and installed the netgate Adi community ity version off pfsenses website.

Hello again Thanks for the input, I have some ideas to work with now, it seems my initial idea of setting up squid probably isn't the best solution. I asked around to see if I could figure out what was using up the montly bandwidth and it seems at least one of the family members is very fond of torrents, not only downloading but also seeding. This is probably a pretty bad idea when you have a monthly limit on your bandwidth. He's not particularly interested in stopping his activity and we talked about setting up a dedicated connection for torrents. The connection will be alot slower (2-5 mbit *DSL) but it will have unlimited usage.

@VAMike: @darkarn: @VAMike: @Taiidan: Benchmark a "gigabit" realtek or broadcom you get at best 70MB/s That's simply not true, so the rest can be safely ignored. Hmm I don't know; I just noticed that an old integrated Atheros NIC can be easily beaten by an Intel NIC on a PCIe card in transferring stuff to and back from a NAS I can't sustain a gigabit on my old 3c905 either, which has exactly zero relevance to whether no current realtek or broadcom chipset can achieve more than 70MB/s. That claim is easily disproven and utter nonsense. (Just as ridiculous is continuing the meme that every "realtek" is the same any more than every "intel" is the same. If someone wants to talk about NICs at the very least specify a chipset.) That 3c905 reminds me of an old Realtek PCI NIC I saw in one of my friends' PCs! @dreamslacker: @darkarn: 1. I have no choice though; had to put my AC66U in center part of the house for proper coverage but not allowed to do Ethernet drop 2. That's why I looking around, especially when there are much powerful CPUs for much lower power consumption 3. Thanks for the tip, I will try this out 4. Whoa, thanks, I will keep a look out for this issue too 5. Sorry, what's an SI? Wife/ Parents acceptance factor? If so, tough luck. I'd just go for the Core i3 Skylake in a Mini-ITX and add on an Intel PCI-e network adapter. Systems Integrator. Except in my case, we do practically everything with the sole exception of programming. The running joke has been that if it runs on electricity, we can do it or find someone to do it. Even had a case where we sold and installed replacement batteries for our customer's van. 1. Yep, my parents lol 2. I have actually specced up two different i3 builds but using micro-ATX instead. I may want to wait until next month due to Kaby Lake though 5. Ah I see, and whoa, I didn't know it's possible for an IT company to do auto repair work too lol

Thanks Steve

I own and use AirConsoles for some years now. There is only one radio installed in the device. You can configure WiFi and ETH to your liking, separate, bridged, client, server with or without DHCP. If cou can get access to the ETH port of the device remotely then you're good to go. The mini version is absolutely sufficient for what you want to do. The standard version is what it all started with and which I got. It adds a battery that's always empty when you need it - and only lasts about 4 hours fully charged. There's an XL version with a way bigger battery and a clumsy case. The available console cables (serial on RJ45 to USB) are Cisco compatible. Edit: image is of an early version 1 of the device and not the current 2.0 [image: IMG_6700.JPG] [image: IMG_6700.JPG_thumb]

Too rich for me but it looks very nice.

thank you so much!

Yeah, as you noted elsewhere, it worked a lot better once flashed with a fixed BIOS. The catch 22 is getting something to boot to flash the BIOS. Still have the thing somewhere collecting dust, not using it since it started to behave unpredictably due to its age.

ls /dev/cu.* $ ls -1 /dev/cu.* /dev/cu.Bluetooth-Incoming-Port /dev/cu.SLAB_USBtoUART /dev/cu.SLAB_USBtoUART50 /dev/cu.SLAB_USBtoUART54 You do not need to power the SG-1000 to get the port to show on the host. The serial chipset is USB-powered. There will, of course, be no visible output until the unit is powered.

Hi I have bought Intrel Pro 1000 MT. You can now close this topic. Thanks.

Thanks to all of you for the great advice. I'll be working on these suggestions over the weekend.

@W4RH34D: I noticed there isn't a SDcard in the slot so I'd imagine it can't save anything after reboot Hmm should we be putting one in? Would it even help? (I imagine "no")

Thank you Frank for your write up. I will repost when I am ready to describe my needs for the devices I have at home. I think it will be easier for you guys to suggest the appropriate switch for my needs. Thanks

@AndrewZ Thanks. I did not even think about an internal card and right now think this is my last option. I am wondering whether to use a USB modem like http://consumer.huawei.com/en/mobile-broadband/dongles/features/e3372.htm or a router like https://www.amazon.com/Huawei-B315s-22-Unlocked-Mobile-Router/dp/B01B5OM94O/ - whether there are any implications. @BlueKobold Thanks, buying a new CPU board is a last option after buying an internal card. ;) To me, there seem to be several drawbacks, like kind of a high price, and also due to high integration I would have to replace the whole thing if any one component fails, either on the mainboard or with the LTE ports. Also, since our current firewall has just now reached it's limit at the same time that I have started to look into pfSense, it will be a Hyper-V based solution and I will just put some more NICs into an existing server, just the LTE part is not solved. (Using existing hardware makes process of introduction faster, also, since this will just be a VM and some NICs, if anything fails, I can either move the VM to another host and/or replace or move some NICs.)

How are you getting on with your APU2C4 Mr bogmonster? I'm thinking of getting one. I take it the LinITX service was acceptable?