On a board such the Supermicro A1SRi-2558F I would be trying out some
tunings points or tips be sure on this! But this is not a must be for me
but if this is something, the system gets a benefit from or runs more liquid
or stable I will use them all or only some. How I said I test them all out and
not inserting them all plain.

pfSense:

enabling Trim support - Supermicro SATA DOM SSD or SATA-DOM or SSD PowerD adaptive or high adaptive mode - Intel SoC increasing mbufs sizes - GB LAN Ports

I would be writing it to a local.loader.conf file because after a reboot this changes would be gone if not done so,
if not I would them make backwards to the default configs.

Squid:

Giving Squid more RAM for caching (4 GB RAM) - (cache_mem 4000 MB) changing memory cache mode (always, disk or network) - (memory_cache_mode disk) set the allowed maximum object size in memory cache to 1 MB - (maximum_object_size_in_memory 1 MB)

There are many many more things such as this for sure, but I really don´t need that stuff at all
and this some points making sin in my eyes to come closer to the point that I only want a stable
and fast system.

Here are some of the websites I get my stuff from if you are interested in:
Squid Package Tuning
Tuning and Troubleshooting Network Cards
SQUID PROXY SERVER: FINE TUNING TO ACHIEVE BETTER PERFORMANCE

I think the intent was going with a cheaper setup.  I ended up using the same setup w/ a dual intel card.

Only Problem is the pcie is x1 and not x2 (aka shorter) which I mistakenly missed that dual intel cards are pcie x2.

So I got hasty and ended up trimming the end of the pcie socket to allow the intel card in (albeit with 1cm hanging out the end) and it works find. I knew you could run longer cards ( x2,x4,x16 etc) in shorter slots… at the loss of the additional bandwidth.

Given that a x1 bandwidth is 250MBytes/sec, I haven't ran into any problems (then again I question if the q1900 would limit it with higher bandwidth).

Other nice thing is you have the original realtek Ethernet as well if needed.

Turned out to be a good experiment, ended up getting the board for $66 w/ rebate and $20 for the intel card used.

Bit of a thread dig, but what?

???

A G3260 (is a Pentium technically for a start) $70 at Newegg.

At tossbuy.com seller is MicroCenter boxed (with cooler) for $45

Cheapest motherboard about $40 at NE

seen here in the forum used one for $20

Cheapest 2x4GB $40+ at NE

seen here in the forum for around $20

16 GB mSATA ~$20
mini ITX M350 $40
PSU $20

So all in all it is around $165 & shipping what would be unreal then when I
suggest something around for $150 - $180, so to be clear I am here in Germany
and would even be getting other prices out as you if we both do research and if some
forum members will be repeating and reporting used and/or refurbished parts are cheap
as told above I should trust them, or not? I was set up this in a good willing related to the
circumstance that often peoples will wait more time to get the best out of those hardware discussions.

For sure it would be really easy to tell three classic evergreens like in other threads, but I was trying to
match you budget so near as I am able to do.

I cannot find anything about that "8x 1Gbit/s" limit, though (in QSA mode)

The it is also only 4 x 1 GBit/s also.

Sad, the XL710 doesn´t support 8x 10Gbe:

As I wrote can utilize QSFP-to-4x SFP+ breakout cables.

4 x SFP+ and not more a

But no NAT offloading support for FreeBSD/PFSense?

Perhaps this would be a function in the firmware of this adapter, other wise if the
most functions would not be able to used, why offer then this adapter for $799?

Perhaps you ask this at the pfSense shop directly as a presales questioin they
would know it better as they are able to insert the NIC in a pfSense box!

PCI Express Gen3 x8
Low Latency
Supports Up to 1M Connections
Full TCP and UDP offload
Full iSCSI, FCoE offload
Full iWARP RDMA offload
Full NAT offload
EVB, Flex10, VNTag
PCI-SIG SR-IOV
Integrated media streaming offload
Traffic filtering & management

Btw, is there any difference between the T580/T540/T520 NICs except the size and port types?

The ASIC on them is the most different thing such as the by side coming functions and then on top the price
at least for sure.

Perhaps the comtech would work with Linux, but it won't work with pfsense afaik

if i go with something like this, http://store.pfsense.org/SG2440/ what are my main concerns?  i want to be able to recommend this to a small business owner and not have to worry about not being able to run certain packages or worry about read/writes if i enable logging for things that are not normally logged.

It has eMMC which should cope with many many writes. If the customer is going to use packages that can write a lot of stuff and/or need more space then buy it with SSD. The pfSense store devices will be the first hardware tested with any new release. Thus you will know that the hardware really works with new versions of pfSense+FreeBSD. Replacement units readily available (assuming you are in a country within easy shipping range of a pfSense store outlet) The extra bit on the price supports the project, ensuring ongoing support and development

I have 3 of these. If you want real hardware rather than VM, then I am struggling to think of a reason not to get the appropriate SG series from the pfSense store.

but you may need fiber or other features that the 300 would bring.

Fiber is also there at the SG200 series, but the SG300 series is capable to route
between the VLANs it selfs without the SG unit and by going to use VOIP functions
it would be the best to proper handling QoS things then.

@athurdent:

@einervonvielen:

2x 1 Gbps to ISP 180000 sessions total of 900 Mbps@1518byte up to 15000 internal clients firewall rules <2000 IPS with 9000 rules SSL inspection support

If you are responsible for 15000 clients you'd better not solely rely on this forum. Why not ask directly @ http://store.pfsense.org/contact-us/ ?

So I did and received an answer: "The pfSense XG-1540 http://store.pfsense.org/XG-1540/ can handle that load."
Thanks all for your answers!

Hi guys,

I had not seen you had been investigating further before today.
Just downloaded the new WGXepc and restarted my auto-speed script.
Let"s see how it behaves now  :)

To prevent to get the gibberish output in the Putty, Kitty or terminal program you are using, you must setting all
three things to the 115200 baud!

Putty must be at 115200 baud Alix Board is at 9600 default, so be changed to 115200 baud And then pfSense comes also with 115200 baud as default so
you will be able to get even a right clear output.

And as I could assume this would not be the last try out to connect
over the console to the Alix Board or pfSense so it makes really sense
to me that this would be changed one times and holds for ever.

What is the difference between running it on a VM vs bare metal? How does it affect the performance?

I personally love more running pfSense on bare metal, but if then you are maxing out the numbers and services
you are in a trap!!! You must then take another hardware, but at a VM you can max up the entire things could
really need to be updated. Let us imagine the following:

E3-1230v3 with 8 ECC GB RAM
Then you are able to upgrade to the maximum as;
E3-1286v3 with 32 ECC RAM this is then the maximum nothing
will be able to insert what gos higher, faster and more!

But if you have a Server such as dual Xeon E5-26xxv3 with a huge amount of RAM
and pfSense installed in a VM you will be able to give the VM more cores if needed
and more RAM if needed! Or plain all Cores and RAM, this would be allow you more
to install.

For sure it would be better to have a Xeon E3-12xxv3 and a miniPCIe or PCIe card
with an on board soldered ASIC/FPGA chip to utilize all the Firewall rules, IDS/IPS rules
and queues for sure. Or let them do anything else it will be code for in the pfSense distro.

If you're looking to get a J1900 board why not spend $25 more and go with the Supermicro X10SBA-L with dual on board Intel i210 NIC's?

I will choose one of these:

TP-LINK TL-SG108E (8 Ports, $20) http://www.amazon.com/TP-LINK-TL-SG108E-8-Port-Gigabit-Tag-Based/dp/B00K4DS5KU/ref=sr_1_3?s=pc&ie=UTF8&qid=1437388589&sr=1-3&keywords=switch+vlan&refinements=p_n_feature_keywords_two_browse-bin%3A7306160011%7C7306161011%2Cp_36%3A-5000&pebp=1437388591690&perid=0X9XJ04RYZ3ESEGV1GAY

NETGEAR ProSAFE GS105Ev2 (4 ports, $39) http://www.amazon.com/NETGEAR-ProSAFE-GS105Ev2-5-Port-Gigabit/dp/B00HGLVZLY/ref=sr_1_8?s=pc&ie=UTF8&qid=1437388589&sr=1-8&keywords=switch+vlan&refinements=p_n_feature_keywords_two_browse-bin%3A7306160011%7C7306161011%2Cp_36%3A-5000

I'm looking for the AP. The cheaper one that I found is TP-LINK TL-WA801ND ($24) http://www.amazon.com/TP-LINK-TL-WA801ND-Wireless-300Mbps-Repeater/dp/B004UBU8IE/ref=sr_1_12?s=pc&ie=UTF8&qid=1437389758&sr=1-12&keywords=access+point&refinements=p_36%3A2000-5000%2Cp_n_feature_keywords_two_browse-bin%3A6569831011%7C6569833011%7C6569829011

Usually a DMZ would be owning another different IP subnet as the LAN owns.

I will configure a VLAN "for each" port:
Switch Port1: AP -> VLAN1 (normal users) and VLAN2 (guests). So, I need mapping VLAN1-SSID1 and VLAN2-SSID2.
Switch Port2-PortX: LAN -> VLAN3
Switch PortN: DMZ -> VLAN4

Thanks!

@Escorpiom:

Got mine from Ebay, it was branded Dell or HP.
No issues at all, just buy from a seller with good rep.

Cheers.

Yeah, Im seeing on eBay the same card even cheaper.

Ill problably go down that route as Amazon might be charging a higher Price for a used card.

I have the Internet connectivity at My Main Office. From my main office I have wireless bridge setup to the Cafe #2.

And I have a Leased Line Internet Connection from a local provider with Dedicated IP. They supply internet connectivity via Ethernet Cable.

Thanks

Thanks Frank  :)

Well that was a fun day. Responses I got:
Best Buy: "we have them on the website"
Small shop #1: "what do you mean? Like hard line?"
Small shop #2: "we carry intellinet"

The intellinet actually worked, turns out it was a Realtek rtl8618b which wasn't recognized by BIOS until I set PCI-E to gen 1. Then I had to turn off the cards BIOS boot override

Config restored reinstalling packages now. I hope someone down here buys me a beer  :P

Shopping for a new box now

The prices will be fairly going in my eyes.

I notice that the SG-2220 at http://store.pfsense.org/SG2220/ says "STARTS SHIPPING 31 AUGUST 2015" so there is a bit of a wait still. From memory it was initially planned for end of July, so I guess something slipped in the supply chain.
I have 2 of the http://store.pfsense.org/SG2440/ in production but they are significantly over your budget.
So it is up to you if you can wait.