About the only option you have to seriously increase the throughput on the APU is to fit Intel miniPCIe NICs. I've not tried that myself (or even seen it) but one user here reported ~600Mbps. Of course his testing may have have different to yours. They aren't that cheap though and require modifying the case or re-casing etc. 300Mbps does seem low, I've seen reports of 350-450Mbps in real world conditions. Again the testing methods could have been very different. Steve

I was wondering what max throughput rates everyone was seeing with their build? This purely depends only on the used hardware, as I see it right.  ::) I have a brand new intel nuc Celeron with a 2820 processor and 8gb of ram.  With suricata enabled on the wan I'm maxing out at 85 to 90 mb/s. And without IDS/IPS (Suricata)? What get you then? I mean with pure firewall enabled. Normally this would be pretty good, but  my time warner internet is 300 down/20 up so I need to rethink sizing.  Only 7 watts though :o). Nothing from the time warner streaming must be inspected or AV scanned by ClamAV or cached over the Squid proxy. Disable all but not the firewall doing SPI and NAT and see what you get as throughput.

I have experience with x520-da2 adapters in my nas systems. With freebsd 9 i had to load external intel drivers and tweak ringbuffer settings to get it working. When i upgraded to freebsd 10.1 this was all working with included drivers, and needed no manual tweaks. Saw close to line speed with mtu 1500 and iperf, and copy speeds from spinning disk of 828MiB for 25TB volume with zfs send/receive using mbuffer. I saw no need to go to larger MTU, it did not make it faster for me. Only CPU load was little lower (Xeon e3-1220 in the nas units)

I'm pretty sure any Intel Pentium M will work. There are two types: Banias and Dothans. https://en.wikipedia.org/wiki/List_of_Intel_Pentium_M_microprocessors The Banias are earlier (slower) CPU. Dothans are newer, and is able to reach fsb of 533MHz vs the other fsb: 400MHz. The stock Watchguard x550 cpu is Banias.  If you want to upgrade to Dothans just put your processor in and change the dip switches.  If you have the wrong setting nothing will happen, it wont boot. I think the Pentium M 770 (2.13GHz) is the best choice for upgrade. Probably find it on ebay for $5. The fastest Pentium M 780 (2.27GHz) is overprice. About 4x to 5x more in price for 100MHz of speed is not worth it. The motherboard has specify dip switches to move to position for either type. There are two sets of dip switches, one by the north bridge and the other by cpu. Looking at the switch, the settings are listed next to the switch.

I have gigabit fiber coming into my place, and then pfSense running on an APU 1D4 board, and I get a maximum of 330mbps throughput.  I think the APU is the bottleneck.  I have a high-speed gigabit switch and I'm using CAT6 everywhere in the house. So I'm guessing 1D4 WON'T cut it as previously suggested.  But now I'm wondering what I should replace my pfSense box with… cheaply and silently. :)

I'm very late in on this, I only started with pfSense a couple of days ago, but I too had the same problem as the OP. It's a permissions issue. You need to set the permissions on the following 2 files to 0755:- /usr/local/sbin/fanctrld.sh /usr/local/etc/rc.d/fanctrld.sh

Hi, thanks for this hint. Unfortunately my Adapter has also a AX 88772b chipset. Anybody else? KR Itchy2

I have a optiplex 745 slimline GHz ? CPU? RAM? HDD/SSD? How many services, features or options will be installed, offered or used? To come closer a Intel Celeron G3260T @3,2GHz is able to route a 1 GBit/s connection and Snort on top but then nothing more should be coming on top of this because this will be then all slowing down the CPU and also the entire performance of the pfSense box.

This is NOT about POST beeps, but the sound pfSense plays through the speaker after it finishes booting up, and before halting/restarting when issued by the administrator. This tune is not played by Supermicro boards for some reason. It's also not played by the HP t5730 Thin Clients I also have running pfSense on, but strangely I was not able to get Linux to make any sound using the "beep" command either.

Hmm interesting. I will see if my management will go for the SG2440 + 30GB option. Although most of my traffic will be https (which I understand cannot be proxied?), I'm unsure how much Squid would end up storing in its RAM- or HDD-cache. Thanks for the assistance and approach, BlueKobold!

Thanks for help guys..all up and running and working great…time to install some packages :)

-web content filtering Squid & SquidGuard can do  this well. filter out facebook, adult sites, etc Is it possible to force "safe search" on google searches and also content filter youtube?  I don't mind to allow kid friendly video's but filter out PG-13+. Better to open an OpenDNS family Account for this. layer 7 filtering.  How robust is this? Works good but it is "eating" much pwer and narrow down the performance from the entire pfSense box! A really power hungry service!!! An Intel dual core or quad core i3 or i5 would be sufficient to do that job right and delivers also much throughout to your network. VPN - I have an IP camera that would be nice to access from the outside through VPN.  (only one or two max vpn sessions at a time) IPSec or OpenVPN would be no problem. A CPU with AES-NI support is pushing those action much. dynamic dns - have an dyndns account, would like to use this to access the VPN Ok Run wifi access point , probably with captive portal. Is it better to use wifi-card attached to the firewall or use ethernet to a linksys router/AP. If you have fancy new devices or you will need ac support you should better go with an external WiFi AP that can be then using the Captive Portal from pfSense also. Hardware I have: AMD socket 939 opteron 148 (single core @ 2.5ghz) 2GB RAM 128GB SSD currently only onboard NIC but plan to add Intel PCI-E dual nic. Pending on the named services and wishes I would be really looking to an Intel Core i3 or i5 CPU with quad cores or an Intel Atom C2x58 SoC. Since pfSense 2.2.x and above it is a better multi core support that makes it better for us all to profit from that feature. So why not going with a multi core CPU? Older hardware can be really running pfSense as a firewall with SPI/NAT and perhaps VPN jobs but then on top with Squid & SquidGuard & DPI & Snort there will be also mire need of power to get a good throughput out of the box.

Bottom line is there should be estimated calculations on performance.  Netgate even had it for the ALIX and it was pretty accurate to what I got for VPN between 2 alix boxes.  But those were machines that I built and installed the OS.  When buying a system that has been purpose built just like Cisco, Juniper etc..  a company should give statistics on what the box is capable of.  Again everyone states these are estimates but generally those estimates are pretty accurate. Say what you want but the bottom line is I cannot risk my business on a solution that when it comes to the systems performance has a bunch of ??????. Don't misunderstand where I am coming from.  I have been using both m0n0wall and pfsense for over 10 years now.  I have been building them for customers for this entire time and have more than 50 units in production environments.  I want to support the pfSense project buy buying their products rather than building my own which building my own is much more profitable.  But if I am going to do that then I need a complete solution and it should include what the machine is capable of.

There is anything in BIOS… There is another solution to use that port as a normally NIC? In the BIOS or the Firmware of the ILO Port must be something to let this port work likes a normal LAN port, otherwise it is not able to set it up to use as a normal LAN port as I see it right.

Got from eBay? I couldn't imagine ever soldering a device under warranty.

Between tests, the speed will vary between 45-200Mbps. Are the HTML5 based tests not as accurate? They all have one criteria that can not be wiped away, by using this tests for getting a result you will even and only get "something around" numbers about your Internet connection: The quality of cabling infrastructure of your household and during the city you are living in How many peoples are using this test server at the same time? How long is the distance from yours to the test server? Is this test server owner paid by some or more ISPs for good throughput numbers shown to their customers? How many customers of your ISP are sharing together one router on the ISP side? How much is going in the entire internet during this test? Saturday morning were all a sleeping or car washing, or shopping, or cutting the green or…... There will be less traffic on the entire Internet and you will be getting probably better numbers as Friday evening, or am I wrong with this? Just to clarify, you are speaking about the HTML5 sites or all test sites? HTML5 or Ajax based is not the real thing in my eyes, the reaction time is relevant to this numbers what does it mean, having on the test side a HTML5 page loading and the freaking server is overloaded?

Good picture!

Thanks for the reply! It´s not a must that the wifi is internal with the motherboard. It just seemed like a good idea to get one of those instead of installing a seperate wifi card on it. But maybe it´s a better idea to get a motherboard with 2 ethernet ports and no wifi and then use the old wireless router as a wifi accesspoint/extender (don't know what it´s called). ? The specs of the media server is a dual core 2ghz intel core duo with 4gb ram (A 5 year or so old computer). It works fine for HD streaming to chromecast. But I doubt it would be enough power to use it for pfsense at the same time. Especially if I want to use VPN.