You're not getting what I'm saying.

Out of the box my SG-4860 had the WAN and LAN ports reversed so the port marked WAN on the front of the router was actually the LAN port on the web GUI.

I had to swap in the GUI in the Interfaces -> Assign section ibg0 & ibg1.

The ports marked on the outside of the box read WAN, LAN, OPT1 - 4.

Anyhow everything is working a treat, I'm well chuffed.

Thank you for your answer.
The USB port run fine with pendrives 2.0. I have installed pfsense from usb 2.0 memory stick plugged in USB 3.0 port. without problems.
I can't use USB 2.0 ports because I must to keep open the case to use it.

I've just checked mine t520-so-cr in a 1u case with four 1u fans pulling air over a c2758f. CPU is 45-50 and t520 is 45. I previously used the intel x520 which ran much cooler I recall.

@wm408:

If you know of any documentation that speaks to the reduction in writes… please point me.

Search the forum.
cmb or some other developer wrote about it here. I only remember having read it.

@edwardwong:

This is not BSD specific issue, in forums talking about storage/NAS there were more discussion about this (since this will kick the disk out form a RAID group

Disable parking is the only way (which you already did), but an enterprise level HDD should really be employed (or using SSD) for long term use.

I just wonder if those system tuneable will help, right now I have disabled parking and we will see what happens next, it looks like Linux has some different default settings.  If these two things do not work, I am going to throw in an  SSD.

@heper:

"I built my own and saved a few bucks!" doesn't induce me to invest the huge sums of money involved in fixing all of this.  There isn't enough glory to make up the spend.

@jwt
well that might be true in the US. In europe the price difference between a pfsense branded unit or a similar supermicro unit is significant.
for example:
sg-4860 @pf store = $699
sg-4860 @EU-webshop = $1066
so around $367 difference in price between US & Europe.

Now the thing is, you can get a supermicro c2758 for around $1100 in europe / a c2558 for around$850. (in 1U case)

To conclude:
there is a $200 price difference .I work in the education/non-profit business, they are scraping by as it is …. $200 is a big deal for them.

As a member of this community i would love to pay the extra $$ because i think it is more then worth it.
Unfortunately at work, it'll be supermicro until the price difference is <= $100

Even worse here I guess.

when I buy a SG4860 from Germany I pay €980,56 +shipping at around €20 (around $1110)
https://shop.voleatech.de/en/shop/sg-4860/ (so Yes a pfSense partner)

When I build one myself:
A Supermicro A1SRi-2558F (€290), Supermicro SC-101i case (€70), 8 GB DDR3L ECC memory (€50), 120 GB Adata SP550 SSD (€45) and PicoPSU of 80 watts with a brick (€75) I pay €530,00 (around $600)

That's almost half the price. Dont get me wrong here jwt if it was affordable I would get it from the pfSense shop/partner but it clearly isn't in my case and it's not that Supermicro is an obscure manufacturer.

OK Guys thanks for your input.

I will keep my previous setup and won't convert my PE 2550 for this.

Thanks a lot for your inputs.

@divsys:

Hmmm, at a guess I would say something goofy in the hardware dealing with the display adapter or electrical noise.

Is this a VGA connection or HDMI?
If VGA, check your cabling and monitor.  Can you try a different monitor and see if the problem goes away?

Tried on a 17" EIZO via VGA and on a Sony Bravia via HDMI.

Are the monitor and PC plugged into the same power outlet?

Yes

I would check the BIOS settings for memory assigned to the internal graphics and reduce it to the absolute minimum.
The pfSense console is text based only and doesn't require a block of memory for graphics.

Good point; will check tomorrow when home from work

Check if there's a BIOS update for that box and get it up to the latest.

will have a look

Thanks for your time and responses

I'd be interested in knowing which offloading to enable for which hardware.

The configuration interface says that certain settings are I'll advised for certain hardware, but it is shy on details.

As already stated multiple times the unifi stuff, I have a lite, pro and lr..  I use to have the old AC model.  Active on their forums and got on their beta list somehow because of posts, etc.  And got a free lite and lr before they started selling them.  Which was a fantastic!!

When the Pro's came out I got one, and just recently sold the old AC model to fellow pfsense forum user for $75 which I thought was quite fair since they still selling that model for $300 and he had some other of that line, etc.  So was a win win..  I got offset of the new version cost, and he got a older AC pro model for less than the current lite models.

You really can not beat the price point on these things..  They rock, the forums over there are good and helpful.  They continue to develop and work on new firmware all the time..

AMD should not be a problem this CPU also supports AES-NI so it boosts the VPN encryption performance.
But it has a bit high TDP, you should consider to run pfSense virtualized on it to use the rest computing power for semething else.

https://nicegear.co.nz/wishlists/207

This is my build .. works beautifully , nice and neat and cute.!

There are many ways to walk down the road for you here.

Fits exactly the needs in my eyes:
pfSense store SG-2440 would be nice matching to that case and is supporting the pfSense project.
Look at the pfSense or Netgate store.

Is a good, silent, and small alternative to that:
PC Engines APU2C4 is also running well for that use case for sure.
As a bundle for ~250 €

No AES-NI but powerful enough to handle all:
Jetway NF9HG-2930 ~$199
2 x 4 GB ~$40
mSATA ~60
M350 ~$40
PSU ~$10

Push all other away and is really upgradeable and powerful or strong!
Pending on the chosen CPU a real pfSense bomb
ASUS Q87T / Gigabyte Q87TN
CPU as you need it
max. 16 GB RAM
2 x miniPCIe

@imWACCo:

@mattlach: It's sort of academic anyway, my ISP speed maxes at 60mb/s Down. If I put a 1000mb/s card in, that's 940mb/s overhead. Even a 100mb/s is 40mb/s overhead.

If you run Squid proxy caching, it will no longer be academic since your cache disk can probably dish out 60 - 80MB/s easily. Of the 4 cards listed, your best bet will be the Broadcom PCIe.

I know the fortinet uses some x86 parts but they also use a LOT of custom ASIC chips in the boxes as well for packet processing and stuff.  You can try but it may be very difficult.  I know the 60b only has 256MB of ram which will be quite limiting.  The post in the fortinet forums below may be of some help with the specs.

https://forum.fortinet.com/tm.aspx?m=76778

Disregard, I forgot to set the second dip switch for the processor change.  Its booting again.
A mod can delete this if they want.

APU wall mount replacement for the new APU cases
Usage only on your own risk.

SG-4860 is a 64bit capable Atom D2558 with AES-NI and Intel Quick Assist.

If this will be a original SG-4860 from the pfSense or Netgate Store it is a real 64Bit  hardware.
And if this is a real SG-4860 it is based on an Intel Atom C2x58 SoC and a custom pfSense image
should be installed on it, that is available after creating an account in the pfSense store and registering
that unit likes @jimp was mentioned before.

In former days many admins where thinking of installing a 32Bit version to get out more "bang" using
the 64Bit hardware, because the need and use of the real 64Bit image is more then the 32Bit! But this
days should be over for now and in the future.

@mattlach:

3.)  Do you really trust the VLAN implementation of your managed switch?  How often does the switch firmware receive security patches?  Are you running on the latest?  I love my managed switch (HP Procurve 1810G-24), but I'm not convinced I'd want to expose it to my WAN.  You'd be surprised how much the typical WAN connection gets hit by various attempts, if you turn on and examine verbose logging…

So, long story short, it's certainly very possible to do this method, but it's not necessarily best practice.

If you configure the switch properly, at least where the WAN VLAN(s) are concerned, the switch core shouldn't interact with the WAN traffic other than an ASIC level tag-untag.

As it turns out, we unracked it, and tried it.. it powered on, and then we re-racked it and it powered on.
Maybe the moral of the story is to leave it unplugged from power for more than a few seconds.