It should be set to AES-NI

However, that will only accelerate AES-GCM for IPsec

If your board supports AES-NI, you must select it from that list yourself to enable the module.

Squid and captive portal on same system?

Exactly.  It's used for a site to site VPN with a max throughput of 6Mbps required.  It'll do just fine for us until it is completely fried.

In the interim it's important that the device can get updates for patching security problems.

@likelinus:

Thanks for the advice! It's appreciated.

So the Zotac should be good to go? I know they make some Qotom 2 LAN port units as well. Or if anyone else has a suggestion.

I believe the Zotac should be fine.
Mine is a small home network with three smart TVs (used mainly for Netflix), three computers and a dozen wi-fi devices. I have a fiber connection 100/100.
I bought a miniPC with the same CPU of the zotac CI323 and two Nics. I'm really satisfied, it's capable to run snort, pfBlocker and a couple of OpenVpn clients smooth as silk.

I came across that link too but you don't need to manually load ahci anymore as the latest installer already does that for you.

If it's detected and a driver attaches, you still have to assign it under Interfaces > (assign). Find it in the list and click Add from there.

If it doesn't show in the list, it's possible pfSense does not have a driver for that card/chip.

Post the contents of /var/log/dmesg.boot and the output of "pciconf -lvb" and "ifconfig -a", there should be some trace of the card there.

@pazure:

The more I dig into pfSense, the more I'm absolutely loving it - this coming from my previous firewall - a Cisco ASA 5510. Anyone want to buy it?

Haha, no.  We're still running a failover pair of ASA 5510s but strictly in a VPN concentrator role.  All firewall duties are strictly on pfSense now.  Glad to hear you're loving pfSense.

First of all thank you
it worked

secondly
I think these relays  has another role in this Motherboard
After putting the jumper
I tried to reinstall pfsense again
I kept getting HDD error messages
Only when I plugged the cable back The installation went ok

can i do something with the led on the front panel ?

Yes.

Finally after a long time I got it working with "usb_modeswitch" as per this thread

https://forum.pfsense.org/index.php?topic=111787.0

lte.cfg file:
#######################################################

Huawei E5377

DefaultVendor= 0x12d1
DefaultProduct=0x1f02

TargetVendor= 0x12d1
TargetProduct= 0x14dc

MessageContent="55534243123456780000000000000011062000000100000000000000000000"
NoDriverLoading=1

#######################

Download and upload speeds with LTE now as per speedof.me from 26 to 32 Mbps symmetrical. With DSL only 14 down and 1 up.

FW 21.301.03.00.00

ifconfig ue0 and pfsense-Gui don't show a media for interface ue0 (USB ethernet).

Rgds
AW

FWIW, the max # of states is governed by how much RAM you have installed.  Quick and dirty rule is about 100,000 states per GB of RAM as the default state table size on pfsense.  Source:  https://www.pfsense.org/hardware/  "Large State Tables - State table entries require about 1 KB of RAM each. The default state table size is calculated based on 10% of the available RAM in the firewall. For example, a firewall with 1 GB of RAM will default to 100,000 states which when full would use about 100 MB of RAM. For large environments requiring state tables with several hundred thousand connections, or millions of connections, ensure adequate RAM is available."

IMO, the state table size is probably the least of your worries when choosing hardware, since RAM is cheap.  Hope this helps.

I think any of those will do well for you.  Older Intel chipset NICs (not necessarily made by Intel) are cheap and effective.  I've used NICs from HP, IBM, Dell, and Intel, and all were fine.  For reference I'm currently running an older HP dual NIC based on the Intel 82571EB chipset and it's been flawless.  Older hardware will draw a bit more power, but otherwise is comparable for a home user (or even an enterprise user in the 1Gbps market).  And since you're in a desktop form factor, a few extra watts probably aren't at the top of your priority list.

Thank you

next step  ????

Would be in my eyes to get a PCIe x4 NIC and try it once more again and/or have a look over that the
golden pins or fingers from the card are fitting right in that x16 slot. Read the manual some PCIe slots
are not really nice playing together with that x1 cards and some will do it with ease.

Currently i use a Netgear GS748T managed switch for my VLAN's

Please have a look for a Cisco SG-300 or D-Link DGS-1510 that are Layer3 Switches and they
are routing the VLANs without the need of a router with neraly wire speed!

but my current router (Fritzbox 7490) does not support VLAN tagging.

Together with an Layer3 Switch you might be able to run your FB 7490 and let the Layer3
Switch do the entire VLAN routing and you don´t need really the pfSense.

I do have a spare Intel I3 2120 CPU free so this could be an option.

Any desktop CPU over 2,0GHz and higher might be a really nice candidate to get enough
speed for your action.

How much memory shoudl i be using if i also want to use VPN options and reverse proxy?
Do i need extra NIC's (besides 2)

2 GB for the base system without other packets should be right 4 GB together with Snort installed and VPN tasks 8 GB together with Squid, Snort and VPN tasks or Captive Portal might be a good amount of RAM.

FWIW, and I'm not really a Hyper-V expert, but I saw a similar performance hit when I built a pfSense FW on my 2008 R2 server.  I had to use the legacy NICs, but they are supposed to be capable of 100 Mb anyway.  My pipe is 100 Mb and I can achieve 96 Mb at Speedtest.net through my lowly 10 year old Via C7 appliance, but only 20-30 Mb with the VM.  I was hoping to replace the old hardware soon since x86 pfSense will go away with 2.4.

It's possible that the different sites are referring to different things - Storage, or Operating temperatures, or bare board (the boards inside are not exclusive to the chassis).

I'd go with Netgate as a reference since they manufacture the units.