Go for an APU2c4 kit and add an msata SSD or another mini pc with integrated intel nics. Cheaper, better and smaller. Limited to 4gb ram, but by the time you reach that limit you would be out of cpu power.

Google 'add hard disk pfsense' and that will fix you up.  Squid just needs you to edit Services - Squid - Local Cache - Squid Hard Disk Cache Settings - Hard Disk Cache Location.

@YipYip: In your XP do the mobis play as much a part in problems as the NIC's ? Thanks YipYip Honestly, in the 10 years I've been acquainted with pfSense (and running in production for 8 years) I've never really had a hardware problem. But I'm also not running at the edge of performance. In general, any hardware that runs FreeBSD runs pfSense, so if you're on the fringe, look at the supported hardware list for FreeBSD.  I've run on Intel, AMD, and Via CPUs and Intel, Broadcom, Realtek, Via,  and Marvell NICs without problems.  Running both virtualized on VMware and on bare metal. Not sure this is the answer you're looking for, but unless you're on bleeding edge new hardware that isn't supported by FreeBSD, any issues are likely not caused by the hardware (unless it's defective).  EDIT:  or unless you're pushing the envelope of what the hardware is capable of.

Well i found out what the problem is from TP-Link forums From one of their forum users "We worked with TP-Link technical support and discovered that there is an issue that was only able to be resolved by removing the earth connector from the plug on the TP-Link power supply, and voila it works!" and TP-Link response "After the testing, we have confirmed the conjecture before, the NIC in the Asus motherboard does not isolate the MDI from the frame ground according to the IEEE802.3 requirement. As we said before the power adapter of the TL-SG2210P does not isolate as well and then the incompatible problem happens when they work together. The adapter of the TL-SG2210P and Asus motherboard are both to be blamed for this problem. We are deeply sorry for that and we have already begin to apply new energy efficiency power adapter which will solve this problem perfectly. Thanks for your understanding in advance!" Full details here http://forum.tp-link.com/showthread.php?85051-Switch-shuts-down-when-connected-to-modern-Asus-motherboards&p=188035#post188035 Something to keep in mind if you're buying this switch and have these motherboards brand/gen. I'm hoping TP-Link will issue a replacement for AC adapter soon.

Derelict, thanks for the help. I did all that but it didn't work. FSCK never listed a problem. What worked was re-installing. Thanks.

Hey @seniorpine, I have the exact same device, and I'm tryin with nanobsd version, but still no luck! Did you just wrote the installer to your CF and installed to the HDD from it? If so I will also try that. I just want to use this box as the firewall in our office.

Ultimate is subjective, no? There are so many other things responsible for the network to be amazing. The reality is that without purpose built from user experience UI all the way to the gateway device there will always be headaches and unforeseen scenarios that the user ultimately comes across for whatever insane reason. This really is a Frankenstein's monster of hodgepodge tech where most of us just cross our fingers and hope that it works.  I'd wager that no one knows every single facet of the technology they're using.

Not supported. The processor is not x86 See : https://forum.pfsense.org/index.php?topic=43574.msg435635#msg435635

@josh4trunks This is a very old threat here and this problem is resolved in or since pfSense version 2.3 Redmine Bug #4397 The fix above noted in "do control plane MTU tracking" is in 2.3/10-STABLE and works, which fixes this.

That was kind of my thinking as well. Interesting to tinker with but impractical in the long run.

@Philip7: Would it work to take a NUC and add a StarTech USB Gigabit NIC (chipset ASIX AX88179) to create a fast OpenVPN pfSense box? My Zotac CI 323 works fine but the cpu is still the bottleneck when downloading via my VPN provider (17 MBps). What is the speed of your line? What is your VPN provider? My mini PC with the same processor of your Zotac CI323 (Celeron N3150), which runs the latest version of pfSense, is able to reach full speed line (100Mbps) connecting to PureVPN or PIA. It's capable to run snort, pfBlocker and a couple of OpenVPN clients smooth as silk. Snort is the process that takes more CPU resources under heavy load, while downloading to 100 Mbps the CPU usage barely exceeds 90% if Snort is active, and 40% if Snort is off. I don't know your needs, but maybe the problem is in the client configuration or in your VPN provider. Here something about the OpenVPN performance: https://forum.pfsense.org/index.php?topic=115673.0

Well right before a workout I had no internet connection.  After making my way through the house to my horror this machine was loop rebooting. I just started a diet and let's just say my mind isn't 100% atm. Anyway - I reconfigured an access point to be a router while I went to the closet and pulled an old machine off the shelf. I took the same quad nic that was in the t3500 and put it in the "shelf" computer.  I loaded the lastest iso cd of Pfsesnse and with a usb stick including the /conf/config.xml the pfsense rig was up and running literally within 10 minutes. Gave me time to figure out that the t3500's PSU died. Something to note about this particular computer is it doesn't require a proprietary PSU and I slammed in something I had in a closet. (cooler master 750)  Works great! Yes it's a mess in there - I was in a hurry! [image: boneyard.jpg] [image: boneyard.jpg_thumb]

About 100 users It might be more interesting to know how much traffic they are producing! Multi-WAN (load-balancing) scenario with 3 connection of 500Mbps each Might be more tended to the rest of the clients and services that are offered! Load balancing can be done in three different ways such; policy based routing (many clients in/out sending) service based routing (different services by different ISPs in usage) session based routing (server session based and more for many devices in the DMZ) Router redundancy: I would need extra Ethernet port and 2 servers Ideally two identically units such 2 x 4860 or 2 x 8860 and using CARP then OpenVPN server: roaming and point-to-point Also an Xeon E3-12xxv3 system or an Intel Xeon D-15xx platform will be good then Snort or Suricata IDS Captive Portal Squid (possibly, not sure yet) 50% - 50% I will say it is not really even clear to me what services are running, what protocols are in usage and how many and what exactly of traffic will be generated, in some times it will be wise to buy and go with a SG-4860/SG-8860 unit from the pfSense store and/or a self made Xeon E3 unit that will be for sure hard and strong enough plus you may be able to add some RAM later on top if really needed!! So it would be more or less a question what is really going on in that network. I would assume that also the SuperServer 5018D-FN8T or the SuperServer E300-8D would be ideally together with two D-Link DGS1510-24 layer3 switches! enough power enough ports enough space enough RAM capacities Intel Xeon D-1518 4 Cores / 8 Threads up to 128 GB DDR4 2133 RAM M.2 socket, mSATA or SATA-DOM 2 x SFP+ & 10 x  GB LAN Ports Intel based Cool solution in my eyes.

so I was wondering if there was anything I could run on it that would use some of the extra ram to improve the network in some way? Thanks in advance for any help :). high up the mbuf size to 1000000 high up the Squid RAM size more RAM disks or for caching Using Squid, Snort, pfBlocker-NG and VPN will be fine with that amount of RAM the first thing I would realize is the mbuf size increasing.

Do I really need AES and QI Might be that you are not needing it really, but if you are using IPSec it will be perhaps better to have AES-NI to speed up your IPSec VPN and if QI is fully integrated and will be used in pfSense it might be fine pushing up more then only one or two things how knows it really? As an WiFi ac AP you might be better sorted with your old one, that will be pimped up with OpenWRT or DD-WRT regarding to the given functions and options. Otherwise UBNT and MikroTik will be able to serve you better too in my eyes according to the range of WiFi options.

Bug has been open 1 year ago. Not much progress on this by now. Hope in the new major version to get some improvements.

Never mind. After putting 1 unit with the vent down and discovering it was a pop rivet, I did the same with the other and with a little gentle shaking, got the second one out as well.

Are you attempting to use Suricata in inline mode? There are known issues with that configuration (in Suricata, last I heard)