try to take a look here, maybe it helps  ;)
https://forum.pfsense.org/index.php?topic=115673.0

@jimp:

Personally and around the forum you'll find cases where their hardware is dodgy. Some people love it, until it craps out. Others have issues from the start.

We sold one of their units for a hot minute until the returns were overwhelming, and that unit still has issues with FreeBSD 10.x and refuses to run it from CF, due to some issue in the unit's ATA controller. Not to mention it doubled as a space heater.

It's a big roll of the dice. You may be one of the few that has no problems, but more than likely you'll hit something sooner or later.

thank you! appreciate the feedback. I guess I will be another reference point in the Jetway study  ;)

do you have any minipci slots?

@guardian:

@CiscoX:

@guardian:

@CiscoX:

I also like to put my smart results of my disk.

So far so good… everything looks fine with the smart results.  Only challange I see with that drive is that it's not rated to be running 24x7.

If you look at the specs:
http://www.seagate.com/files/staticfiles/docs/pdf/datasheet/disc/barracuda-ds1737-1-1111us.pdf
you'll see Power-On Hours 2400.  Which is 8 hours/day 5 days/week.

It may not have a great lifespan given that a pf box will have the drive spinning 24x7x365… unless you turn stuff off.

Thank you very much. I think have to replace this disk then. Maybe WD RED (NAS disk) or what about SSD. Do you have any suggestions? :)

Thanks in advanced

Replacing the disk is a good idea if high reliability is important.  The bulk of the drive is for logs, packet logging, and rulesets, so there isn't anything that really needs protecting other than the configuration.  As long as you keep a backup of your configuration, it shouldn't matter much.  If the disk fails, you reinstall a fresh copy and reload the config and you're done.  (Might be a good idea to keep a fairly recent copy of the installer on your local computer as if pfSense dies, you won't have any internet unless you have a router you can swap in till you get it fixed.)

I'd recommend you use an SSD as speed will help if you are logging packets.  Also quiet and cooler with no moving parts - if you buy a decent brand, an  SSD will likely last a lot longer than a mechanical disk, but you never know.  For mechanical disks, I'd recommend Western Digital.  Seagate were good once , but lately I've had way too much BAD experience with  them-Seagate seem to be going for cheap/volume.  Don't know if their enterprise stuff is better, but I've never had any experience with it.  WD Blacks in PC's - WD Reds in NAS - Samsung SSDs for boot drive and embedded devices like pfSense box.  (May be better SSD choices, I bought based on speed/performance ratings from test sites-can't comment about longevity since none of the ones I own are over 1 year old.)

If you do use an SSD make sure you enable trim (wear leveling) to make sure you get best life/use out of the disk.

I used these instructions and based on personal experience they worked no problem with a Samsung 850 EVO SSD.

Original Source: https://forum.pfsense.org/index.php?topic=114202.msg634936#msg634936```

I enabled TRIM on the Samsung SSD as follows.  Below is compiled from several other posters here..so thanks!

1.  booted pfSense from USB stick and installed pfSense to SSD

2.  Used Putty to connect to the box, fired up the shell and obtained ufsid by showing the fstab file:
        [2.2.4-RELEASE][root@pfSense.localdomain]/root: cat /etc/fstab
        # Device                Mountpoint      FStype  Options        Dump    Pass#
        /dev/ufsid/576dca6e13175d08            /              ufs    rw              1      1

3.  booted pfSense from USB stick into single-user mode

4.  at the # prompt, the following was issued:
      /sbin/tunefs -t enable /dev/ufsid/576dca6e13175d08 (your ufsid will be different!
      /sbin/reboot

5.  booted pfSense from SSD.  Again using putty, ran this command from shell to see if TRIM was enabled.
      /sbin/tunefs -p /

Hope this helps.

Thank you so much for the information.
I do run backup almost every day of my pfSense :)
I will probably go for the WD Red or Samsung SSD 850 EVO(run this one on my other computers, never experienced any kind of problem with them) when my Seagate is "dead" :)

For what you describe (now and the future) that box has plenty of horsepower.

I'd fire it up and try it out.

Let us know how it goes.

2gb of DDR1? 64bit system? That must be a really old server .

Let me ask this question a different way: Is there a difference between using a SG-2220 with a managed switch vs using a SG-2440 for layer 2 network segmentation?

So to bring the actual topic to a point… would a 2358 make a Gbit capable pfSense platform

I would not personally trust two radio cards inside a traditional firewall style case. I know we've tested it and found it not to work on our hardware, and likely it fails elsewhere as well.

RF interference is a given in that case. Just get an AP and you'll keep your sanity.

Where's the problem to find a case (with front access) that fits?
http://www.ebay.de/itm/302012051373
http://www.ebay.de/itm/351603650038

You can still get them new.

@Pippin:

The second idea is the difference between 948 Mbps normal and 270 Mbps OpenVPN (unencrypted). Mainly caused by packets travelling between kernel and userland, and OpenVPN`s internal fragmenting and defragmenting, here CPU power (of single core!!!) comes into play.

When version OpenVPN 2.4 is ready, bringing AES-GCM, it is expected that throughput will go up.

The other issue probably related to process threading, the "pf" is now capable to support multi-threading, while as what I remember OpenVPN doesn't, for those low end ATOM devices we usually need 1-2 core's power to have NAT running at 1Gbps throughput, which means if we allow only single core operation the NAT probably will be cap at ~700Mbps, and OpenVPN will have more impact because it's adding burden on the CPU as well.

Lots of small packets are just difficult to process in general. If you want to fill a 1 Gb pipe with 64 byte frames, you likely need something like netmap to do so, no tool like iperf is going to achieve that rate.

With a single stream between a given source and destination, you're not likely going to utilize all the queues on the NIC. Assuming you didn't force it to a single queue (which would be bad), that's likely why you're not getting >1 core utilized.

What is the firmware version on your modem?
In which mode are you going to use your modem - RAS or NDIS (means PPP or Network Card)?
If you see no com port created in pfSense - plug your modem into any computer, make sure it's detected by the OS and check from any terminal emulator:

Would love to also hear someone's input on this, I have 350Mbps connection, and I want to have a dedicated openvpn rig.

SG-2440/4860

ASUS Q87T (BIOS update to F4 is needed)
Intel Core i3 (4 Core @3,0GHz)
Intel i350-T4 (Quad port NIC)
miniPCIe WiFi & mSATA card
PicoPSU 160 Watt
8 GB RAM
M350

Supermicro C2558/C2758
PicoPSU 160 Watt
8 GB RAM
M350

Gigabyte GA-6LISL
Intel Xeon E3-1240v3
Intel i350-T4
8 GB RAM
M350

Hello, maybe you should take a look on this thread:
https://forum.pfsense.org/index.php?topic=114945.msg639526#msg639526
I wanted to replace the home router with one that is able to perform an OpenVPN client at full line speed.
For example, mine can manage a VPN connection up to 120Mbs, while the one of Paint up to almost 300Mbs.
The AESNI support helps to reach the same performance with a lower load of the CPU and therefore with a lower heating.
Fully loaded, the system consumes just over 10W.

WOW~ , I  never thought about that ,  next time I will try to convert to non-RAID mode.

I get T130 with a H730 by my supplier ( NOT directly to Dell) , I told them my requirement , and they give me a hardware list.

Actually , I want to buy pfsense  XG-2758 directly , it is more cheaper than T130 , but I can not convince my boss about how to fix machine  when it is malfunction.

It's pf that won't go any faster, but yes, that's the best you can hope for at this time with the packet filter enabled.

@whosmatt:

Bummer, but good to know.  I was going to upgrade my workstation @ the office to Windows 10 but I bring a few VLANs into it (for running virtual machines on different segments) and I guess I'll have to wait.

Not much point waiting. Even with Server 2012 R2, you're expected to use M$ tools to run VLANs (by setting up a single NIC in a LBBO Team and assigning VLANs to it).

It's not exactly a bad idea since not all network chip manufacturers provide tools to configure VLANs and/ or link aggregation.

The only issue is that with Windows 10, you can't configure VLANs without Hyper-V role. That means your processor on the workstation will never clock down - Hyper-V forces the processor to always run at the maximum clockspeed to reduce impact on the VMs. Probably not a problem for desktops but it's an issue for laptops.

@BlueKobold:

The CF Cards mostly or normally are mounted as "read only" and so not many write cycles will be done.

Since version 2.3 the CF cards are now always mounted as "read/write" from bootup for preventing errors during use later.
Also this gives a better navigation speed in the Web UI , like before when u must manually change to read/write,
or configuration was at the speed of a turtle trough peanut butter.
The write cycles are still kept as low as possible thanks to the embedded design,
only the mounting is changed.
But i have experience more errors that point to the CF, will these are brand new uit the package.

Grtz
DeLorean

Be able to do 1Gbps throughput WAN/LAN

Intel G3260T or a refurbished (used) Intel Xeon E3-12xxv3

ECC RAM

A mid ranged Intel Core i3 that supports ECC RAM or the E3-12xxv3

Low profile

Is able to realize but often then together with a spinning HDD not really fan less running.

Not too expensive

To know the real budget is the best for us to give you a dedicated tip that rocks.
ASUS Q87T & G3260T without ECC