@edwardwong:

And to avoid failover, if mission critical, building one more set of firewall and let them work in CARP failover model would be definitely better than running only 1 firewall.

Absolutely.  I run 6 pfsense firewalls at work.  Four sites, with only 2 of them having enough IP addresses for CARP.  Where it's available, it's invaluable.

I'm getting a full gbit line and well wanted to buy a 2558 board but it seems to be getting EOL.

Here in Germany the C2358, C2558 and the C2758 are all to get the hands on! From where you are (country)?

so speed 1000/1000 over PPPOE.

Then go with an Intel Core 2 Duo or Intel Core i3, i5, i7 (embedded) or Xeon E3 CPU that is
handling that speed with eases and more on top.

at least 2 intel ports
minimally 100mbit VPN preferably higher.
packages like snort and squid.

Then a qaud core CPU or SoC might be the better option for you! It might be better
for all together I mean the 1 GBit/s, the Squid and Snort on top.

now I have 2 roads I can walk
1 is
Celeron G4400 with a Gigabyte GA-Z170N-WIFI board

You are prisoner of your own mind, you have more options then that, but often not in the same
price range like the named by yours. This one might be to low or not string enough.

The other is Supermicro X10SDV-4C-TLN4F Xeon D1518
The difference is that the 1st option is 3x cheaper.

This board is able to get here in Germany for ~597 € + shipping fee

ASUS Q87T ~150 €
2 x 4 GB RAM ~60 €
1 x mSATA 120 Gb ~80 €
Intel i350-T2 ~120 €
mini-ITX case ~60 € or
1U case + PSU ~130 €
1 x Intel Core i3 @3,0GHz ~200 €
All in all nearly ~800 € and able to serve your network as you need and wish it.

I've used one for over 5 years and it's been great.

Vlans  OK  read this thread  https://forum.pfsense.org/index.php?topic=113392.msg631783#msg631783

64-128GB SSD is enough for you.
I suggest you to install squid as well, 150 devices accessing internet would be beneficial from squid proxy in general, especially when you only have slow ADSL connection. I did it once 8+ years ago, only 2M+5M ADSL and my pfSense with squid was serving 150-200 users without any issue, not to mention that I was still using spinning HDD as cache drive at that moment.

@jhancock:

Hi, I'm looking to purchase a SG-4860.  I don't know if there is any value to having a 128GB SSD instead of the standard memory card.
The device is to be used for our medium sized office firewall/vpn.  Around 150 devices internal.
I may want to eventually use some traffic/source database to filter malware. 
I will certainly want to log traffic for purposes of understanding usage trends so I can decide on sensible bandwidth shaping policies. 
I do not need to keep logs long term for audit/policing purposes.

So I'm asking if there will ever be a need for such storage?  I haven't used pfSense in about 6 years so am not familiar with the disk usage needs for common features.

thanks, Jon

@BlueKobold:

I fail to see the need for trim on something with as few writes as pfSense.  Just some log entries now and then.

Together with squid and snort or squid as a caching proxy it would be speeding up many things
if you are going with a mSATA or SSD and yes also TRIM can be interesting then. Why not using
the actual given features and options?

I didn't bother with trim on mine, as it really isn't necessary .  Heck even an SSD is not necessary.  I used to boot pfSense from a USB stick and it worked just fine.

But running Squid as a caching proxy you might be not able to realize with that set up.

Not going to do that with a 16GB SSD anyway :p

That being said, squid proxies are not very effective anyway.  Most traffic is effectively cached on the local machine.  Only if you have very many machines on the same network all downloading the same OS updates does it really make sense.

This was owed to the Squid usage as a caching proxy and not the syslogs!

I haven't read pretty well your post about squid, I edited my last post as well saying about 120gb should not be enough for caching?

Here is a dual 19" rack mount case for ~60 € that can hold two of this boards with ease

Wow that rack is very cool, thanks for the link!

I've had much success running pfsense in VMware on cpus ranging from older Core2 based Xeons to the  X5550.  I would not use any of them for a 1Gbps connection in a VM.  I'd suggest running all your other workloads virtualized and get a dedicated box to run pfsense.

@khorton:

@Sekrit:

I tried Jetway but decided to return it.  Instead, I changed my server to XeonE3-1245 and supermicro X11 motherboard with a 4 port intel LAN and running pfsense on Vmware under Windows 10.  Addons are snort, pfblocker and Squid proxy. It has been very stable and fast for 6 months.

Which Jetway board did you have, and why did you decide to return it?

I had a Jetway JC320U93W-2930-B Intel Celeron N2930 Dual Intel LAN Fanless NUC

It generated too much heat. SO-DIMM was defective or the motherboard was causing memtest errors. SSD I received was DOA. The USB drive that I was using temporarily eventually failed too.  I had enough problems.  I wanted to give it a shot to vmware installation and never looked back.

Hello,

you could try that:
https://forum.pfsense.org/index.php?topic=106078.msg630826#msg630826

it works on my AC785S and it's the same idVendor and idProduct

good luck

@Jailer:

Looks like it's supported by FreeBSD so it should work.

thank you i didnt think about looking here thank you so much thats good

@Aluminum:

ECC on the system ram will mostly just give you higher potential uptime between random flipped-bit crashes IMO, it can't hurt but no big deal.

Yeah, that is what I thought, but it doesn't hurt to confirm with others on occasion.

For me uptime has never been an issue.  My uptime is always governed by the need to reboot for a hardware/software upgrade, one power outage in the last 10 years the times I moved, never based on system instability :p

@whosmatt:

The SG-2440 will be more than enough for that usage.

Yes.

I was getting errors until I bought a new switch.  If you have another around, give that a shot.

Please check the discussion about E5372 which looks similar to E5573 discussed here:
https://forum.pfsense.org/index.php?topic=106477.msg594536#msg594536

True that, i just checked on NewEgg, only $20 difference.

I just gotta  figure out what would be good CPU to get for my Gigabit (down) / 50mbit (up) (Cable/DHCP) connection.

@jwt:

We understand the issue now, and the good news is that it can be fixed by a change to coreboot.

I've tested a preliminary fix.

Now we just have to do the engineering / testing of same to get it to production.

Thanks for the update. I'm really pleased with this news and look forward to the coreboot update.

@bkraptor:

This is a PSA for anyone looking to buy a RCC-VE – keep in mind that the devices may not meet the specs. I know it may sound like a rant, but this is not the kind of support I expected from a company that wants to break into the Enterprise space.

Wanted to update on this because jwt has provided excellent support since my last post here. I am happy with the outcome of my support case.