P/s: may my machine with 32 bit ( 3G ram) can set kern.ipc.nmbclusters="1000000" ?

Try it but step by step to see how the free RAM is going down and think about you will need some
for the rest entire pfSense.

i swear, i dont know kern.cam.boot_delay=131072 whre from.

And I was not recognizing the time delay time interval!

@BillBraskey:

Just to clarify, the only machine in the bunch that has the AES-NI instruction set is a dual SIX-core Xeon (3.4GHz) with 96GB RDIMMs and a SAS array.  Seems like overkill for a dedicated router/firewall.  Methinks I should virtualize pfSense and run it on a fraction of this computer….

Total overkill, virtualise away. PFsense works well virtualised.

I did not buy that item.
$400 seems a tad high for used…

The PC Engines ones shown here under the link in the next line are also not fine working, because TRIM support
is disabled by the new firmware. PC Enignes 16GB mSATA

Some older models of some vendors are also not supporting the TRIM command, so please
have a look at the tech specs. from the model you want to buy.

Your english is really under every all pig.

Your English is really under all sow, please!

ASRock N3700-ITX
It comes with 2,4GHz instead of the 2,08GHz
2 x 4 GB DDR3-1600
Pending on the installed packets and offered services
Intel i350-T2 Dual Port NIC
Intel NICs are well driver supported in pfSense
Samsung840 Pro 120 GB SSD
Personally the 650 is to pretty new and the 850 version has had many problems

Lanner FW-8894 with free chosen CPUs
Intel® Xeon® Prozessor E5-2687W V3
2 x 10 CPU cores @3,1GHz
AES-NI are also there in!

There are a few, but availability is scarce.

Check out these:

Aewin MB-8305 (2 Intel NICs)

BCM MX3150N (2 Intel NICs)

Supermicro X11SBA-LN4F (4 Intel NICs)

Cradlepoint has the goods: https://cradlepoint.com/products-and-services/accessories.  I bought one of their routers when they were just a newcomer, and I was thoroughly impressed with their hardware, firmware, and their product lifecycle support.  I still have that router and use it for setting up temporary networks in the wilderness.

I suspect that my aging Sonicwall, which I already own, is much more than I need given my network.

An UTM device is for something around ~245 € is not really over clocked for home usage or to much
spend money and if you have the need for an UTM device the pfSense is able to serve you also really
good and will also a do a good job for you I am pretty sure! But if you want to begin and replace such
a device it should also be able to run all your favorite packets smooth and liquid and on top it should
be delivering the same or more throughput as you got before. And a SG-2220 or SG-2440 is not that
device in my eyes.

The annual subscription costs are high.

For sure I can feel the pain, which comes beside with those license fees, but please be sure that this
small UTM device from Sonicwall is not a by the license fees substituted piece of hardware that will normally
being much more expensive and now you are orienting your self only on this lower hardware price.

So the real question is which new device will fit my needs.

This is pending on the installed packets and also on the awaited throughput.

I doubt that I require something as powerful as what I've already got

And in the meaning I was reading your text in the opening post also for sure, but with the
difference that you will be more orientating at the $180 for the Sonicwall 210 and something
like that should be driving pfSense with the same throughput and the same agility.

and which costs me too much to maintain at this point.

This point will be not there in the near future, but if the license fees are cross financing
the Sonicwall 210 hardware, you should be more orientated on the whole or entire price
of the licenses and hardware together, and this was after my math something around ~745 €
and not $180!

The two devices have the same CPU.  The 2440 has Quick Assist but I don't think that's going to do much for pfSense.

I don't need the extra ports.

The 2440 has 4 gb of memory compared to 2 gb in the 2220.

The 2220 costs $299 and the 2440 costs $499.

Is there really enough of a performance difference to warrant that cost differential given my lack of need for the extra ports?

I managed to get it working. I had to modify the bin file downloaded and make the two segments non bypass. For some reason flashing the bios with the provided file in earlier converstations did nothing. I am providing the file I modified and worked for me. Download and remove the .png extension.
Here are the steps I had to perform to get everything working
1. Buy a larger CF card. I bought an 8GB off of amazon
2. Buy a cheap CF card reader
3. dd nanobsd image to larger CF card. The 1GB doesn't cut it for installing flashrom.
sudo dd if=pfSense-2.2.4-RELEASE-4g-i386-nanobsd-20150725-1956.img of=/dev/sdg bs=16k

4. Boot with flash card in TP S10
5. enable ssh on pfsense (option 14)
7. setup the management interface em4 as the wan port using pfsense menu (option 1) and make it dhcp
8.  install flashrom with "pkg install flashrom"
9. scp provided bin file up to pfsense root dir
10. /usr/local/bin/flashrom -p internal -r tps10mod.bin
Should see this below:
[2.1.5-RELEASE][root@pfSense.localdomain]/root(8): flashrom -p internal -r tps10mod.bin
flashrom v0.9.7-r1711 on FreeBSD 8.3-RELEASE-p16 (i386)
flashrom is free software, get the source code at http://www.flashrom.org

Calibrating delay loop… OK.
Found chipset "Intel ICH6-M". Enabling flash write... OK.
Found SST flash chip "SST49LF008A" (1024 kB, FWH) at physical address 0xfff00000.
Reading flash... done.

11. /usr/local/bin/flashrom -p internal -w tps10mod.bin
This will flash the bios and it should read successful when finished.

12. poweroff the unit with the poweroff command and remove cable
13. Pull cmos battery and move the jumper right near the battery so that it is connecting the pin closest to the battery and the middle pin. Wait a few mins and place jumper back in the original position
14. place the battery back in its spot
15. Power the unit back on and place an ethernet cable int one of the segment pairs. You should now have link lights.

tps10mod.bin.png

FWIW fanless is possible with reasonably fast cpus (intels up to 45W TDP) if you custom build. Not cheap but pretty fast.

I put together a pair of thin-itx routers a few years back with a i3-3220T and an E3 1265Lv2, the fanless case is only rated to 35W "industrial" but the 45W xeon has been just fine with indoor ambient air temps. The i3 system ran me almost $500 total, the xeon was a 'spare' and built 'just because' ;) should be a bit cheaper now. You now can choose haswell/skylake i3s which are even better. Motherboard selection is the hardest part, most of the dual port thin-itx models have stupid realtek nics.

@godefroi:

hw.realmem reports:

hw.realmem: 1048576

There's the issue, definitely a BIOS bug. The BIOS is reporting 1 MB RAM there.

Sounds like it's probably just an annoyance, but upgrade your BIOS if possible, it was possibly fixed in a newer revision. Though those thin clients tend to not get bug fixes as much as PCs and servers do since they're intended to run limited OS options, and probably less RAM than you have in it.

CARP fail over cluster

@Jailer:

It was in reference to the other thread. Man it's just been one of those days for me today, I'm glad one of us was paying attention.  :-[

Post copied and pasted to the correct thread.
[/quote]

No big deal…it's always 'one of those days' for me lately! :)

I appreciate the thoughts on helping to fix this! :)

thanks for the suggestions guys :)
we have soekris net 6501 which only has one expansion slot so have to go with quad port.
AOC-SGP-I4 is priced at abt 200$. are there any alternatives in a bit cheap price? if performance stays roughly the same

My experience with uefi so far has been zero benefit and flaky to death.

I really hate that my j1900 forgets how to boot correctly every time any new drive is added.  Even a usb thumbdrive.

I also like that my old-junk hardware is pre-9-11 terrorist hysteria.

@eschmacher:

@MrFixit:

Hi,
I have a 150/150 connection also, I was wondering how the Ubox is working out for you?

Thankx

It's working great! I've set up a bandwidth limit to 145mb up and down, to prevent saturating the connection, and the CPU usage doesn't get above 25-30% during speedtests. It seems like this was a really good choice for what I was trying to accomplish.

Thanks for getting back to me. What protection are you using on this box another words are you using Snort? Are you getting your full internet speed when running speedtest?