I've got two of the Intel PRO 1000 PCIE cards (from Amazon); one in a NAS4FREE NAS box I built and the other in my PFSense box.  Cheap and reliable.  If the motherboard you are using has a PCIE and a PCI slot available, get a PCIE card as PCI will limit the bandwidth and should be avoided like the plague if possible.  Those HP cards with the Intel chip are also nice, I have the 4 port one in a server and it is a well made card for a low price.  If you are trying to put something together without breaking the bank they are a good way to go.

Well, I gave that a shot (replacing with em) and didnt see much of an improvement. However, I noticed that when I enable trim on my SSD, the WAN in errors seem to have decreased by a margin, but are still there.  Any other suggestions on tuning this thing?

What's the RAID controller on the R200?  If it's a hardware controller (It's been a long time since I've been in a Dell shop but I recall the PERC 5 and 6 were), you should just be able to swap in a new drive and the controller will do the rest.  The OS should be agnostic about that part, again if it's a true hardware RAID controller. As for the config file, I'm not sure, but one way to test without blowing things up would be to fire up a 2.3.2 VM and restore your 2.2.5 to it.

Package arrived today but I'm not home. Yes specs say 2 Realtek NICS

If they are all on the same USB bus it is possible that there is not enough power for all four devices. My understanding is that the Hilink devices require lots of power.

Finally! I got the replacement NIC today and can report that it worked without any problems at all. Thanks for all the helpful inputs and suggestions.

It should be set to AES-NI However, that will only accelerate AES-GCM for IPsec

If your board supports AES-NI, you must select it from that list yourself to enable the module.

Squid and captive portal on same system?

Exactly.  It's used for a site to site VPN with a max throughput of 6Mbps required.  It'll do just fine for us until it is completely fried. In the interim it's important that the device can get updates for patching security problems.

@likelinus: Thanks for the advice! It's appreciated. So the Zotac should be good to go? I know they make some Qotom 2 LAN port units as well. Or if anyone else has a suggestion. I believe the Zotac should be fine. Mine is a small home network with three smart TVs (used mainly for Netflix), three computers and a dozen wi-fi devices. I have a fiber connection 100/100. I bought a miniPC with the same CPU of the zotac CI323 and two Nics. I'm really satisfied, it's capable to run snort, pfBlocker and a couple of OpenVpn clients smooth as silk.

I came across that link too but you don't need to manually load ahci anymore as the latest installer already does that for you.

If it's detected and a driver attaches, you still have to assign it under Interfaces > (assign). Find it in the list and click Add from there. If it doesn't show in the list, it's possible pfSense does not have a driver for that card/chip. Post the contents of /var/log/dmesg.boot and the output of "pciconf -lvb" and "ifconfig -a", there should be some trace of the card there.

@pazure: The more I dig into pfSense, the more I'm absolutely loving it - this coming from my previous firewall - a Cisco ASA 5510. Anyone want to buy it? Haha, no.  We're still running a failover pair of ASA 5510s but strictly in a VPN concentrator role.  All firewall duties are strictly on pfSense now.  Glad to hear you're loving pfSense.

First of all thank you it worked secondly I think these relays  has another role in this Motherboard After putting the jumper I tried to reinstall pfsense again I kept getting HDD error messages Only when I plugged the cable back The installation went ok can i do something with the led on the front panel ?

Yes. Finally after a long time I got it working with "usb_modeswitch" as per this thread https://forum.pfsense.org/index.php?topic=111787.0 lte.cfg file: ####################################################### Huawei E5377 DefaultVendor= 0x12d1 DefaultProduct=0x1f02 TargetVendor= 0x12d1 TargetProduct= 0x14dc MessageContent="55534243123456780000000000000011062000000100000000000000000000" NoDriverLoading=1 ####################### Download and upload speeds with LTE now as per speedof.me from 26 to 32 Mbps symmetrical. With DSL only 14 down and 1 up. FW 21.301.03.00.00 ifconfig ue0 and pfsense-Gui don't show a media for interface ue0 (USB ethernet). Rgds AW

FWIW, the max # of states is governed by how much RAM you have installed.  Quick and dirty rule is about 100,000 states per GB of RAM as the default state table size on pfsense.  Source:  https://www.pfsense.org/hardware/  "Large State Tables - State table entries require about 1 KB of RAM each. The default state table size is calculated based on 10% of the available RAM in the firewall. For example, a firewall with 1 GB of RAM will default to 100,000 states which when full would use about 100 MB of RAM. For large environments requiring state tables with several hundred thousand connections, or millions of connections, ensure adequate RAM is available." IMO, the state table size is probably the least of your worries when choosing hardware, since RAM is cheap.  Hope this helps.

I think any of those will do well for you.  Older Intel chipset NICs (not necessarily made by Intel) are cheap and effective.  I've used NICs from HP, IBM, Dell, and Intel, and all were fine.  For reference I'm currently running an older HP dual NIC based on the Intel 82571EB chipset and it's been flawless.  Older hardware will draw a bit more power, but otherwise is comparable for a home user (or even an enterprise user in the 1Gbps market).  And since you're in a desktop form factor, a few extra watts probably aren't at the top of your priority list.

Thank you