Squid and captive portal on same system?

Exactly.  It's used for a site to site VPN with a max throughput of 6Mbps required.  It'll do just fine for us until it is completely fried. In the interim it's important that the device can get updates for patching security problems.

@likelinus: Thanks for the advice! It's appreciated. So the Zotac should be good to go? I know they make some Qotom 2 LAN port units as well. Or if anyone else has a suggestion. I believe the Zotac should be fine. Mine is a small home network with three smart TVs (used mainly for Netflix), three computers and a dozen wi-fi devices. I have a fiber connection 100/100. I bought a miniPC with the same CPU of the zotac CI323 and two Nics. I'm really satisfied, it's capable to run snort, pfBlocker and a couple of OpenVpn clients smooth as silk.

I came across that link too but you don't need to manually load ahci anymore as the latest installer already does that for you.

If it's detected and a driver attaches, you still have to assign it under Interfaces > (assign). Find it in the list and click Add from there. If it doesn't show in the list, it's possible pfSense does not have a driver for that card/chip. Post the contents of /var/log/dmesg.boot and the output of "pciconf -lvb" and "ifconfig -a", there should be some trace of the card there.

@pazure: The more I dig into pfSense, the more I'm absolutely loving it - this coming from my previous firewall - a Cisco ASA 5510. Anyone want to buy it? Haha, no.  We're still running a failover pair of ASA 5510s but strictly in a VPN concentrator role.  All firewall duties are strictly on pfSense now.  Glad to hear you're loving pfSense.

First of all thank you it worked secondly I think these relays  has another role in this Motherboard After putting the jumper I tried to reinstall pfsense again I kept getting HDD error messages Only when I plugged the cable back The installation went ok can i do something with the led on the front panel ?

Yes. Finally after a long time I got it working with "usb_modeswitch" as per this thread https://forum.pfsense.org/index.php?topic=111787.0 lte.cfg file: ####################################################### Huawei E5377 DefaultVendor= 0x12d1 DefaultProduct=0x1f02 TargetVendor= 0x12d1 TargetProduct= 0x14dc MessageContent="55534243123456780000000000000011062000000100000000000000000000" NoDriverLoading=1 ####################### Download and upload speeds with LTE now as per speedof.me from 26 to 32 Mbps symmetrical. With DSL only 14 down and 1 up. FW 21.301.03.00.00 ifconfig ue0 and pfsense-Gui don't show a media for interface ue0 (USB ethernet). Rgds AW

FWIW, the max # of states is governed by how much RAM you have installed.  Quick and dirty rule is about 100,000 states per GB of RAM as the default state table size on pfsense.  Source:  https://www.pfsense.org/hardware/  "Large State Tables - State table entries require about 1 KB of RAM each. The default state table size is calculated based on 10% of the available RAM in the firewall. For example, a firewall with 1 GB of RAM will default to 100,000 states which when full would use about 100 MB of RAM. For large environments requiring state tables with several hundred thousand connections, or millions of connections, ensure adequate RAM is available." IMO, the state table size is probably the least of your worries when choosing hardware, since RAM is cheap.  Hope this helps.

I think any of those will do well for you.  Older Intel chipset NICs (not necessarily made by Intel) are cheap and effective.  I've used NICs from HP, IBM, Dell, and Intel, and all were fine.  For reference I'm currently running an older HP dual NIC based on the Intel 82571EB chipset and it's been flawless.  Older hardware will draw a bit more power, but otherwise is comparable for a home user (or even an enterprise user in the 1Gbps market).  And since you're in a desktop form factor, a few extra watts probably aren't at the top of your priority list.

Thank you

next step  ???? Would be in my eyes to get a PCIe x4 NIC and try it once more again and/or have a look over that the golden pins or fingers from the card are fitting right in that x16 slot. Read the manual some PCIe slots are not really nice playing together with that x1 cards and some will do it with ease.

Currently i use a Netgear GS748T managed switch for my VLAN's Please have a look for a Cisco SG-300 or D-Link DGS-1510 that are Layer3 Switches and they are routing the VLANs without the need of a router with neraly wire speed! but my current router (Fritzbox 7490) does not support VLAN tagging. Together with an Layer3 Switch you might be able to run your FB 7490 and let the Layer3 Switch do the entire VLAN routing and you don´t need really the pfSense. I do have a spare Intel I3 2120 CPU free so this could be an option. Any desktop CPU over 2,0GHz and higher might be a really nice candidate to get enough speed for your action. How much memory shoudl i be using if i also want to use VPN options and reverse proxy? Do i need extra NIC's (besides 2) 2 GB for the base system without other packets should be right 4 GB together with Snort installed and VPN tasks 8 GB together with Squid, Snort and VPN tasks or Captive Portal might be a good amount of RAM.

FWIW, and I'm not really a Hyper-V expert, but I saw a similar performance hit when I built a pfSense FW on my 2008 R2 server.  I had to use the legacy NICs, but they are supposed to be capable of 100 Mb anyway.  My pipe is 100 Mb and I can achieve 96 Mb at Speedtest.net through my lowly 10 year old Via C7 appliance, but only 20-30 Mb with the VM.  I was hoping to replace the old hardware soon since x86 pfSense will go away with 2.4.

It's possible that the different sites are referring to different things - Storage, or Operating temperatures, or bare board (the boards inside are not exclusive to the chassis). I'd go with Netgate as a reference since they manufacture the units.

If you're in a 1U chassis, all sorts of options are open to you. Without giving specific recommendations, I can list what I'd prioritize. I'm not going to go for embedded solution answers due to your 1U preference, though the pfsense store does have 1U appliances that will likely crush your workload. 1.  High clock speed, and at least four cores (not 2 cores with SMT). OpenVPN tunnels are currently single threaded.  You have three, as do I, so each can use a single logical core, but the raw speed of that core will ultimately determine the throughput of each tunnel. 2.  AES-NI will help now. QuickAssist for the future. 3. Ultimate future-proofing would be a socketed (and therefore likely NOT fanless) motherboard, but having a 1U chassis where you can swap the board without replacing the entire system second best. 4.  Upgradeable RAM.  4GB is probably fine for your use case.  But for the future…  ECC if you're especially concerned with uptime.  Likely you'll be upgrading and therefore rebooting far more often than is warranted by ECC. 5. A combination of embedded Intel NICs and a PCI-e x4 slot to add more (or to use your older NIC with the em driver). As for your storage questions, I'll leave those for others to answer.  I'd love to see pfsense run from rpool with the ability to add a mirror.

PCEngines APUC4 http://www.pcengines.ch/apu.htm 300/30 ok but not the 500/50 this will be not really nice with pfSense in that moment. Supermicro X10SBA-L http://www.supermicro.com/products/motherboard/celeron/x10/x10sba-l.cfm To high in price compared to the overred CPU power and the jetway NF9HG-2930 is cheaper an better in my eyes, because it supports DDR3-1600MHz RAM modules and it is sufficient to run many packets on pfSense and on top it is 100 % compatible to pfSense. Gigabyte GA-J1900N-D3V http://www.gigabyte.co.nl/products/product-page.aspx?pid=4918#ov Gigabyte GA-N3150N-D3V http://www.gigabyte.co.nl/products/product-page.aspx?pid=5631#ov J1900 would be to low power offering but the N3150 would make sense to me, but is not really my choice then better to go with a C2558 or the NF9HG-2930 thats would be my first choice here in that case.