Please create an account under pfSense Store to register
and activate (product activation) your account SG-2440 device,
then you will be able to open a ticket there or write to support@pfSense.org

you would have to use a usb3 lan for the second lan port, but looks good for an pico itx type setup

@BlueKobold:

Hello,

in normal Infiniband is used to build separate SAN networks that are connected over Infiniband NICs
that are attached to Infiniband switches to deliver around ~10 GBit/s or 40 GBit/s or 56 GBit/s or
attached directly from card to card. And this extra or separate network will be then connected to
the rest entire network over 10 or 40 GBit/s in usual. So why pfSense as a firewall should be
invited in this game? And why for so much money? A normal Mellanox SRx3 VPI card is able
to get for the cost of ~1300 € (dual Port NIC) and a switch for around ~6500 € and then this
construct will be able to delivers 56 GBit/s at each port! But there is no need of the firewall or
a separate router that is doing anything in this "game".

I am building a small compute network (single rack) 
Kvm/Centos / dual  xeon  / 4 xeon phi -    compute nodes
Kvm/Solaris / zfs  mirrored / striped ssds -  data server (San -  napp-it)

Remote VPN
Development VMs
LAMP,  misc servers smtp, ftp, etc…

Qdr infiniband -  cheap,  high bandwidth,  low latency
Ib/nfs/rdma

If pfsense can support ipoib and bridge wan to lan
then I don't have to buy a bridging switch in the short term.  I  will likely vm pfsense as well.

A Voltaire 4036 is relatively  inexpensive.

This is being done as a home basement  project,  low budget,  incremental build out....  Data mining,  machine learning,  parallel programming,  networking lab/sandbox, kaggle contests

Matlab,  pysci,  R, OpenMP,  openacc,  c++,  Fortran,  etc.

a few remote developers,  analysts,  VPN / ssh.

Problem solved. I made changes to the loader file and mbuf is below 1 percent down from 36 percent! Thanks for the assistance.

Sorry if I seem kinda all over the place but i recently came across some free money :) (500$) and have been wanting to play with one of these systems for a while (pfsense / mini-itx)

You could go with other hardware also if you want to assemble it by your own for sure and also
really powerful if you want to run many packets, a full UTM device. $500 seems to be right as I
see it right.

i will just throw a hypervisor on it

ok this might be a solution for sure, but please I don´t know why this must be done with a 64 Watt CPU!?
I don´t know from where you are (country) but over 5 years you will spend much more money for the entire
power consuming and for this money you could be getting now a more powerful self made appliance that is
saving then on top this money, but with also much power.

I am actually setting this stuff up to get away from black box solutions

Perhaps owed to my small english language skills, what you mean with black boxes?

at this point after seeing some of the performance some are getting with even less hardware than
i am planning.

Did you really see this or was it only based on forum or Internet talks?

So if you think that the pfSense team is only tune or pimp up their own sold hardware
this might be, but they have also no other chance to do other things! Please don´t forget this.

From where they should know our hardware before? But the hardware they are selling is also
to push the entire pfSense project and it is also very risky for them. Because all peoples could
now thinking that they (the pfSense team) is now making a lot of money and all spendings and
donations will be went back or break in.

And as you was stated you will try to start in time the Netgate 4860 might be a really win for you
without any pain and 100% supported by pfSense.

And this boards or units will be combine the best from both worlds as I see it right,
the three miniPCIe & SIM slots from the PC Engines APU series and the powerful Intel
Atom C2000 SoC form Intel. No other one sells boards with this combination!

Supermicro A1SRi-2558F ~280 €
Kingston Value ECC RAM 2 x 4 GB ~50 €
M350 case ~50 €
SSD 120 GB ~110 €
picoPSU-160-XT + 192W Adapter Power Kit ~90 €
perhaps free shipping
in total 580 €

Is nearly the same as the Netgate 4860, but without the miniPCIe & SIM slot
and also without the eMMC storage, drawing more power and not an ADI image
that is ready to take for. No mSATA or wireless option nor modem with SIM slot.

So $553 for an Netgate 4860 is not so high in price as I see it real. Ok perhaps you are from
the USA and can get your hands on the one or other part cheaper then me here in Germany
for sure, but compared to the SG or Netgate units a self made box is not cheaper to get.

I don't see how this post or your problem is related to pfSense so I wouldn't expect answers in this forum.
Ask TP-Link support or maybe they have a forum as well.

Edit: TP-Link has a forum as well, ask there  http://forum.tp-link.com

Modify XML, replacing originating firewall interface names with interface names on the new firewall

To be on the save side I would suggest to do this first with a copy of the .XML file so you will be able to start
even new if it fails until it is not failing anymore.

If possible install DD-WRT or OpenWRT on your R6300 router and set it up in WLAN
AP mode, so you will be are able to use pfSense and ac WiFi in your network without
any problems.

Ditto. This is smarter setup than using pfSense as an AC wireless router.

mwc, My ISP will upgrade my FTTH connection to 1Gbit in March so I am very interested in the choice you are going to make. I was looking at a Jetway JBC311U93-2930-B system to replace my current VIA Eden based pfSense box (which has only 100Mbit NICs).

Once more again I love the Jetway boards and bare bone PCs, they are not so cheap as from the most chinese
or Taiwan vendors and some of them have a really good reputation related to built routers or firewalls.
Bit this small device (Jetway JBC311U93-2930-B) is in my eyes not well formed and assembled to realize
it without any problems. The most benefit what I was seeing is based on this board here in any sort and art
of case.
To assemble it self:
Jetway NF9HG-2930 Thin mini-ITX Network Motherboard
M350 mini ITX case

Ready to go boxes:
Jetway 4 GB Intel LAN Ports
Jetway 5 GB Intel LAN Ports
Jetway 10 GB Intel LAN Ports

For me the presents of AES-NI is optional but the most important thing is the pure routing/NAT speed.

NAT is a part of the packet filter (pf) of pfSense and pending on other reports you will see
something around 900/920 MBit/s - 960/970 MBit/s pending on the configuration I thing it
is not at all places the same WAN speed or entire throughput. So with the overhead on top
it might be coming nearly wire speed and this is actual based only on one CPU core together
with PPPoE. AES-NI is a super deal if you are using IPSec and not OpenVPN for sure.

First I was looking at a Zotac ZBOX nano CI323 which is cheaper, has a faster CPU with AES-NI, but this system has Realtek NICs (which seem to max out at about 700-800Mbit on FreeBSD).

Save your money over a longer time and spend something around ~100 € till ~120 € more,
but then you will get a device that is capable to let you built a real UTM device with IDS (Snort)
Proxy (Squid), HACP (ClamAV) and for sure a pf using firewall.

I think for pure routing/NAT speed the Jetway would be better than the PC Engines apu2b4 simple because it has a faster CPU (QC 1,83Ghz > QC 1,00Ghz).

It looks like or might be looking like that, but CPU core is not CPU core, or in shorter words not all CPU
and their cores can be compared against! They mostly delivering more power and speed how newer they
are! The 4 Core AMD Jaguar CPU can be more powerful as the N2930

On the PC Engines website the release notes state that there are still a few problems:

But if this will be eliminated and the board is running well it could be a really challenge for peoples
that needs a device only for firewall and not other services likes IDS, Proxy and AVScan on normal
Internet speed till 200 - 500 MBit/s.

If you will buy a N2930 board only likes named above you will pay ~200 €, the M350 mini ITX case
is able to buy here in Germany for araound ~45 € together with RAM, ,mSATA and an external PSU
you would be ending in the 300 € - 350  € area, but then it is running smooth and liquid for you.

Alot of the Innodisk DOM's have a 2million MTBF rate. Also note that the MV line is the value line. Still good but slower. It really only affects your bootup time. Speeds are like 25MB/s for the value line.

I disagree with much of the above post but will digress.

@stephenw10:

The NIC chips on your card always appear to the OS as straight Intel adapters so the drivers given at the Silicom support site are for the bypass part of the card only. Try installing those.
There is also code for FreeBSD but you'd need to compile it on a FreeBSD 8.3 machine and then transfer it to pfSense.

I am trying a PXG6BPi (Intel chipset) on pfSense 2.3-Alpha, and it is not detected.
Downloading drivers and trying to compile them on a FreeBSD 10.2-Stable failed. I contacted the reseller and they say "it is an old device, so buy us a new one".

If I install a FreeBSD 8.3 machine and compile the driver, would this compilation be portable to pfSense 2.3 (10.2-STABLE based)?

Upon additional investigation, it looks like the services/firewall have some kind of problem binding to the interface?

If I tell DNS to use the backup WAN, suddenly I can surf over the ConnectX-3 connection (because DNS lookups are going over the Comcast line), but things like IPSec just won't work with it.

No idea what's going on, might have to engage support on this one…

@bechardj:

I'm looking to upgrade my pfSense box for faster local file transfer speeds.

pfsense is not involved in local traffic, unless you have multiple LAN

@DStahlFL:

Two of our PFSense box's have 3 X Samsung 850 Pro, and so far the performance is excellent for writing log files and other pcap data.

https://forum.pfsense.org/index.php?topic=97554.msg582821#msg582821

Would be interesting to know if TRI works with pfsense on the 850 PRO SSDs, as mine with 850 EVO apparently do not…

regards!

chemlud

Not to say wireless doesn't work in pfSense at all, but I certainly wouldn't advise anyone to invest actual money in to it.

Lets say it as it is, if you get it (WiFi) working you will be the lucky one, but if not go ahead with an external
WiFi AP for your WLAN network. It might be mostly pending on the hardware directly and not less on the
brand or chipset. Well known working miniPCIe card for me will be the UBNT SR71-E and Compex WLE200NX.

Well after mashing together the "Begginers Guide" and EFISTUB guide i got an working Turbot-Arch UEFI install on SATA.
With Arch Linux in the UEFI boot menu.
As usual was missing one critical command: bootctl install
This made the EFI folder with the files I needed..
Several guides said –Don't install a bootloader with GPT/EFI-- Well this cost me 2 days. Luckily I went back to the beginners guide! Funny how the advanced instructions miss this critical bit.
Arch has good doc's but the hyperlinks are too much.

XFCE4 Install went smooth and looks good

1. underperformed = nothing runs as expected
2. right performed = all is running at the time, but with no headroom
3. over performed = likes Nr. 2 but for a longer time and with much more headroom for future things

How much hardware is just ridiculous overkill for a setup like this from a core/CPU and RAM perspective?

How long you want to run the same box with sufficient power and speed?
What is your future plan to install (packets) or running or offering services?
200 MBit/s speed at the WAN port is not so heavy, but together with massively QoS, IDS, DPI or many VLANs
it can narrow down the entire box step by step and so I would more loving to have some power on top as for
future packets or services that comes also often on top.

A SG-2440 or SG-4860 would be doing the job as I see it right

On the LAN however you need 1Gb throughput to handle nearly 24x7 voice calls, Windows file transfers, streaming video @ up to 20Mbps per stream, gaming, etc.

Then perhaps you shoudl think about a Cisco SG300 or D-Link DGS1510 Layer3 Switch that is
routing the entire LAN with wire speed, and the pfSense box must only do their job.

We're talking around 20 total connected hosts here with tasks varying across what I've described.

20 device must not need to much power and 5 other device are using more then the first 20! That is something
you must answering and not we.

now is the question how to install it

Install FreeBSD 10.1, and then have a look what kind of driver is loaded and then copy this .ko file
over to your pfSense based also on FreeBSD 10.1 and then try to load it at the boot time by editing
the loader.conf file and edit it and then past in the following line:

mpt_load="YES"

Safe and close the loader.conf file and create a loader.conf.local and place there this line of code in again
after an update or upgrade all files will be written new, also the loader.conf and then this line will be lost!!!
But with the loader.conf.local your custom made things will survive.
Where you have to place the mpt file in you must find out by your self I really don´t know it.
But be careful only copy files from and to;

32Bit - to 32Bit and 64Bit to 64bit OS FreeBSD 10.1 to FreeBSD 10.1 based