You will have more luck with suricata than snort at 10gbps. The former is multithreaded.

A Chelsio t420 + an i7 (1550/1551)or equivalent Xeon would do it for you.  Just grab 6-8 gig of ram

You could look at some mikrotik switch gear if you are looking to save some $$

Whatever floats your boat.  I'd buy a new NIC.

@jc2it:

This topic intrigued me. So I started looking around for options that might be:
Fanless
Low Power
64-bit

Has anyone tried these:
Latte 2750 from http://www.cappuccinopc.com/Latte_2750_Mini_itx_Computer_Small_Mini_Server_with_32GB_64GB_RAM_Memory.asp this has 4 nics.
Intel NUC http://www.intel.com/content/www/us/en/nuc/nuc-kit-nuc5cpyh.html
HP T820 http://www8.hp.com/us/en/thin-clients/t820.html

The setup I'm currently building is like this

2 nodes of each:

8core Atom
passive cooling (basically a industrial metal case)
supermicro board with ipmi, quad gigE Intel
8GB ECC - this can be upgraded
100GB Intel S3700 SSD

That's it, no other fancy pieces.
The CPUs do AES and have enough cores to maybe even fire up a few jails if that ever becomes a feature.
The price was ~$900 each which is pretty OK given it's a server board, good ssd and a "real" case, and all preassembled.

I have download version of pfsens 2.2.2 ISO and my hardware is

Is there any reason not to go with the version 2.2.4?

Intel Dual core (2.6Ghz) / Intel motherboard 31 PR
4 GB RAM DDR2 Transcend
500 GB Hard Disk

From this tech. specs. it should be all ok, but related to the PC BIOS it will not work perhaps.
Try to deactivate all things in the BIOS you don´t need really.

trying to boot from USB, but not booting into the PC I got black the USB is detected in my Bios, and also tried to install from CD thats also failed anyone can help out this.

has failed is not running freezes and stand still

All this is not bringing peoples up to help you much.

And in my machine I can able to install other OS like Ubuntu, Centos, Windows successfully

This operating systems could boot fine on your hardware but FreeBSD or exactly pfSense is not Linux based
or Windows related!

Am having problem with Pfsense I want to install and learn about pfsense for my new project please consider and help me!

So the first thing is to get supported hardware, and then all is running fine for you!

Hello,

I would go with an Intel Core i3 (biggest model) or Core i5 (mid ranged model), 4 GB - 8 GB RAM
and a SSD. The mini ITX boards often comes only sorted with one PCIe slot, so another form factor
should be focused right.

you need two lan ports, so go:

http://www.gigabyte.com/products/product-page.aspx?pid=4918#ov

use at least 4gb of ram. its so cheap that in your place, i would add 8 and forget about it.

32gb ssd is fine. i have not seen anything below 120 on sale. kingston v300 120 is good enough.

case is fine

any itx case with a psu will do it

you may need to laod windows to update the bios on this board, then format and load pfsense

I use a D-Link DSL-321B ADSL2+ Ethernet Modem which is the Annex B & J version the DSL-320B (Annex A).
No problems with bridging at all.

There was a security flaw with these devices about half a year ago. Be sure to use the latest firmware!

Depends on what you are plugging into.

The i350-T4 is a good Nic

Alternatively you could just get a dual port for your wan and a 10gig Nic (secondhand Mellanox or Chelsio for under $50USD) so long as you have a switch with sfp+ 10gig ports

@coachmark2:

Thanks for your thoughts. It doesn't HAVE to be Snort if Suricata can do the same job while being multithreaded. :)

That being the case, I'd still be going with the setup I mentioned above if I had the funds being that it has 128mb of eDRAM with which you could probably cache your suricata rules ;)

I might also consider the new samsung 950 drive on a sled…

http://www.samsung.com/global/business/semiconductor/minisite/SSD/global/html/ssd950pro/overview.html

The bigger question here is are you shooting for low cost? Also, is this for home or for a business?

For people who want to get their Atheros NIC to work on pfsense 2.2.4 (running FreeBSD 10.1) - here's the link: https://forum.pfsense.org/index.php?topic=78932.msg434620#msg434620
arrmo uploaded a file if_alx.ko which works well!. You can dynamically kldload it to test and add it to loader.conf so its loaded on system startup.

My question is this:  can I trust the Qotom equipment to be relatively risk-free

For going this way related to the point of risk freeness you should buy hardware that is really
good supported by pfSense or well known supported by pfSense.

with regards to potential backdoors etc?

How from us should should know this really?

Am I just being too paranoid?  Should I just get some standard mini-itx computers for a couple hundred dollars

There are many small platforms out there ready to go or self made, likes you want.
Qotom Pico this ones?
Jetway NF9HG-2930 Intel Celeron Quad Core Fanless PC
From the pfSense store a SG-2220 or SG-2240 unit should be also a really nice deal!

more and expect them to deal with the size?

Which size you mean. Only the OpenVPN and firewall task, this should be done by many computers,
but then on top this otion, and this function and this packet and, and, and,….. so on, will only narrowing
down the entire speed and throughput!

Are you able to get 1g/1g through the 4860 comfortably? I have ATT Gigapower and Google Fiber coming shortly here and need to start looking to upgrade my firewall. I currently have a 2440 and have read that you can probably only get about 600mb through it. No snort or packages here

This depends also on how you will be measuring this throughput, with Iperf from machine to machine through
the SG-2440 or SG-4860 or if you check a speed test website!

Normally an Intel Core i3 or Core i5 (the biggest ones) will surely be able to push full 1 GBit/s through the WAN
Port, but all things, services, installed packets and activated functions are also narrowing down the entire
pfSense box and then also on top the throughput!

An Intel Celeron G3260T @3,2GHz will be able to push a 1 GBit/s line also if money is rarely!

speechless

@TooMeeK:

I'm writing this after long time period and journey with pfSense versions 2.0.1 - 2.2.4.
Force 10 OS's versions between 9.2 and 9.6 were tested.

Dell Force10 are well supported under pfSense, especially speaking about OSPF routing.
They handle traffic very well, there's no need to do special config except they must be - of course - in the same subnet as F10's OSPF core network is.
Install Quagga OSPFd, set up security and let the F10's take care about routing information for pfSense routers - all should go fine.

Product information is here:
http://www.dell.com/us/business/p/force10-s-series/pd

SWITCH INTO 10Gbit NETWORKS. TODAY. EASILY.

Are you using these to run PFSense or in addition to your PFSense Box? I have HP ProCurve managed switches and I didnt think you could run PFSense on them.

You will need to compile memtest with a separate flag to enable the console output.

See:

http://www.memtest.org/download/1.55/memtest86+-1.55/README

4) Serial Console ================= Memtest86 can be used on PC's equipped with a serial port for the console. By default serial port console support is not enabled since it slows down testing.  To enable change the SERIAL_CONSOLE_DEFAULT define in config.h from a zero to a one.  The serial console baud rate may also be set in config.h with the SERIAL_BAUD_RATE define.  The other serial port settings are no parity, 8 data bits, 1 stop bit.  All of the features used by memtest86 are accessible via the serial console.  However, the screen sometimes is garbled when the online commands are used.

Or just run that command from a script at boot.
https://doc.pfsense.org/index.php/Executing_commands_at_boot_time

Steve

@trumee:

For the benefit of others can you tell us what was the hardware issue?

I was told there was a bad manufacturing run on the board for the 2220.  A solder issue.

Your topic says i3 and you mentioned i5 in the config. It doesn't matter a lot as both i3 and i5 are equally capable.

I know what the loader.conf.local file does.
But I do not have the ahci_load="YES" line in either the loader.conf or loader.conf.local.

So my question is do I really need to line after all, even when trim is working without the line at the moment.