Your answer will depend much more on the throughput of your WAN connection than the number of users.  My suggestion is to buy from the pfSense store.  Any of the currently available devices should handle 250 users just fine, and you'll get the support that comes with your purchase.  If you seek maximum reliability, buy two devices and run them in a failover pair.

@VAMike: this is actually important, not just snark. 500Mbit/s would be kinda meh. 500MByte/s would be pretty decent. Yeah, that was my point in asking.  I'd have been shocked to see that kind of throughput from any pfSense box running on a hypervisor.

It's alive, it's alive  ;D 8) After switching the cpu from another XTM 5 , the firewall works great. Just saved that thing from being a door stop for the rest of his life Grtz DeLorean

Where is written that switches are not working on the layer3? In common usage, switches referred to layer 2, Ethernet.  A separate function, at layer 3 was done by routers.  The layer 3 switches simply move the routing function into dedicated hardware, rather than software, as was previously done.  Regardless, if you're not routing a layer 3 switch won't accomplish much that a layer 2 switch couldn't do.

What if I use virtualbox for pfsense instead installing physical pfsense router? This might be not the problem as I see it right but, then you will need a second NIC or you must working with other things such VLANs. Do I need to add or buy 1 NIC for pfsense, right? It is not a must be but the best in my eyes would be to have one WAN and one LAN interface. BTW. Can I apply router on a stick in cisco 2960 for pfsense? Definitely not able to realize as I am informed!

What are you trying to say? That we are running Intel Xeon VPN Servers together with plug in cards to realize a set up such you want it and I mean not only on one side! This GB VPN (symetric) stuff is nothing to deal with cheap and fancy devices or tiny hardware what home users and/or hobbyists are using! That is what I want to say with that above! It is something around ~900 € for each server and each side what we was deploying and we get no something around of ~840 MBit/s - 920 MBit/s, plus on top counting the TCP/IP overhead and this might be for 24/7 in a commercial network.

It might be sounding something strange or rude, but it is also even a think what this amount of users are doing! We use a APU2C4 for 70 users mailing and surfing together with Squid & SquidGuard, Snort, pfBlockerNG and tinyDNS. This device is able to handle ~500 MBit/s at the WAN port. If there will be ~60 VPN users I would more council to set up a  VPN server in the DMZ that would be better to handle that amount of users, suing services and throughput we don´t know. How does the APU2C4 compare to the Qotom J1900 ? The Qotom J1900 is a little bit stronger in some disciplines, but worth spending money for, only in my eyes and based on my mind. Better to go with a Jetway NF9HG-2930 and 8 GB of RAM and a small mSATA. It is something around ~350 € but really capable to deliver 1 GBit/s at the WAN interface and it comes with better routing power for VLANs too.

I will not say it will not delivering your needed 1 GBit/s at the WAN interface, but real 1 GBit/s over OpenVPN AES-256 and this symmetric would not be really able to imagine or expecting, only my mind.

@BlueKobold: And if you plan to cache data with squid as a proxy you may have a look at a SSD over a HDD. I'm running a pfSense box with a 600GB White Label Velociraptor (10,000RPM). Good drive and are rather cheap on eBay (~$50 shipped) and come with a one year warranty. Once my newer router comes in, I will get a pair of them and run as a RAID1.

Expanding the volume ain't enough. You need to expand the filesystem. Good luck with that. IOW, backup, reinstall and restore.

Dear All,     After ugrading E3276 firmware, the modem successfully delivered IP address but I could not login to it's administration page in order to set parameters needed by the ISP. After several attempts with various methods, I gave up and restored the original firmware and replaced E3276 with ZTE MF90. All problem is gone now. Best Regards, Andry Bangun

If you're asking about the driver support for the Broadcom NICs, it should be supported by the bge driver.

Wow…  WTF??  <rolleyes>Dude your going to make lots of friends here with that sort of assitude I didn't assume any of that shit..  I made a simple remark to the comment that comes up quite a bit about everything in 1 box mentality..  Which has nothing to do with proper wifi setup.. You seem to have gone off the freaking deep end like I was attacking you in some way?? "1st: You assume I'm an idiot. " I didn't untiil now ;)  with a touch of Douche as well..</rolleyes>

@jimp: @acascianelli: I've actually been considering doing the opposite when 2.4 comes out. Currently running a full install on my APU2 with a 60gb SSD, but I'm considering switching to a nanoBSD install when 2.4 comes out. NanoBSD has been deprecated and does not exist on 2.4, thus the original purpose of this thread. You'll have to run a full install on 2.4. Oh.  Well.  I guess that settles that.  Thanks!

As the title said, What is the Best USB Wifi 2.4GHZ"N" Adapter With Pfsense? pfSense wireless interfaces i have an old Laptop and i want to use it as a router with Pfsense so that i can use the traffic shaping function for online gaming. Hm, I rella ydon´t know if this should be a good 2nd life for a laptop, but its your choice! Please suggest the best USB wifi 2.4 "N" adapters to use! And if using a PCI card is more powerful please also suggest some good 2.4 N ones. In normal I would have a look under the link from above or if I am in your situation a nice small 5 Port Switch likes the Netgear GS105E or GS108E able to get for ~$25 or ~$40 and a sufficient nice WiFi N router that comes with OpenWRT or DD-WRT and then let it run in the WLAN AP mode! Cheap, everywhere to get your hands on and well working. netgear r7000 with ddwrt is your best bet Let them run in the WLAN AP mode and all is fine. Well running and good working for me and friends are; UBNT SR71-A and SR71-E Compex-WLE200NX miniPCIe > USB Adapter UBNT UniFi ac Pro WLAN APs MikroTik RB435G & RB493G & OpenWRT & miniPCI WLAN cards

Any way to try and reset it (software) Install a Linux distro likes CentOS or Ubuntu and have a look if that will work normal then. or replace it (hardware) You should call the reseller or where you was buying it, LinITX perhaps. or do I just buy the latest version with better CPU and better NICS? SG-2220, SG-2440, SG4860 or SG-8860 PC Engines APUC2C4 smallest Jetway NF9HG-2930 small ASUS Q87T (i3,i5) big AxiomTek NA342(R) smaller AxiomTek NA343 small AxiomTek NA345 small AxiomTek NA361(R) mid range

Hi, I was wondering if a Supermicro C2558 with 8GB running on a SSD, would be able to handle a 1Gps connection. No you wont! Also with the C2758 you might be not really hitting the 1 GBit/s range! Do a forum search about that and you will be found many threads about that. I believe the only think I need is it to handle a VPN connection. If you choose the IPSec VPN you will be benefit from the AES-NI over AES-GCM algorithm. For a real GBit/s at the WAN today or at the time you will need something that is more Intel Core i3, i5, i7 or Xeon E3 that will be able to saturate one link with 1000 MBit/s.

options the ASUS Q87T and the Gigabyte GA-Q87TN ASUS Q87T you will need the lastest BIOS F4, pfSense is running well on it. GA-Q87TN is not really flawless running with pfSense on it. APU2C4 will be nice to play with for a longer time Jetway NF9HG-2930 will be the next fine running appliance AxiomTek NA342 or NA361 will be coming nearly to this above.

Thanks for the advice.  I think I'm going to punch the button on the SG-4860 - probably overkill for my needs but hopefully will support me well into the future, especially if the Intel Quickassist technology becomes viable.  I also really like the idea of supporting the project and don't mind paying a bit of a premium to support software that works. At first go with that SG-4860 you wont regret it anymore and anytime! For the VPN tasks, I would give you the tip to chose the IPSec (AES-GCM) you would be able to get something around ~500 MBit/s +/- some MBit/s more or less!!! It is based on using the AES-NI which is used by AES-GCM algorithm.

I'd like for OPT 1,2 to join in.  I have read what I can find but cannot see any help in this. Can someone explain how to include multiple ports with 1 network? On top of the bridge method shown by @stephenw10 you could try out two other options that will run nice. 1.) You may create a LAG (LACP) with all three LAN ports to the switch that must be then also supporting that LAG (LACP)! Cons, are that you will be creating one big pipe that is shown then also as one Port only. 2.) You may need for this option also only dump switches that are coming without any web interface, CLI or program to insert configurations. set up for each Ethernet or LAN port one subnet likes; eth 1 / LAN Port 1 = 192.168.1.0/24 eth 1 / LAN Port 2 = 192.168.2.0/24 eth 1 / LAN Port 3 = 192.168.3.0/24 And then you connect to each LAN port a dump switch that is then high up the entire port density of your whole network! For sure this is based then on plain routing and not only one great network but based on the routing capacity of your pfSense you will be able to regulate all your client PCs and network devices that will be enrich the entire network too. Not really 100% matching your criteria and what you want but able to realize with dump switches without configuring them too.