@mr-rosh try some options on ali express https://www.aliexpress.com/popular/1u-network-firewall.html

Well, glad you were able to get installed eventually.

Ah, yes not much we can do then. At least that explains it. Steve

@nickehallgren i've been using solarflare 10g network cards with pfsense. they work great. you can find them for cheap on ebay. Don't about EU though.

@nogbadthebad said in Hardware for 10-25 Gbit/s WAN/NAT: A home user will never fully saturate a 25Gbps circuit. Sounds like a home user that needs to try harder. All you need is 25 computers running speed test at the same time... A YouTube video idea was just born.

@attilay2k I have tried a few Linux based firewall distros on Raspberry Pi over the years just out of curiosity. I have rejected all of them because the log files are useless when a large number of entries appear stamped 1 Jan 1970. The RPi does not have a battery backed Real Time Clock so it relies on syncing with a NTP source. However, quite often log entries are made before time sync has occurred. Yes you can add a RTCmodule to a Pi but this puts the cost up further. My preference is to use repurposed thin client terminals. There are a number of low power consumption 64-bit intel based thin client terminals that have been produced by various brands. My favourites use 1.3Ghz intel Atom 3825 dual core CPU with AES-NI. Used prices and models vary, but I often can buy one used and upgrade it with 32GB mSATA SSD, 4GB-8GB or RAM for less cost than a comparable RPi4. The RTC, AES-NI and SSD using ZFS make it far better than a RPi. The only downside is the number of Ethernet interfaces, usually just one. Up until 2.4.5p1 I have successfully used them in 24/7 use cases with USB Ethernet. However, with 2.5.2 and 2.6.0 now with ure driver, reliability on USB Ethernet has gone. Fortunately, for all but a few I have reconfigured them to use VLANs with a VLAN capable switch. You may find this link useful.

Most of those Sophos boxes are from Portwell/Caswell I believe. I'm not aware of any that had bypass NICs but I haven't looked that hard. However when you do have bypass NICs they generally still attach OK but just no traffic. You can see failures for NICs using odd PHYs, like attached to internal switches for example. I don't think that applies to the UTM 320. @Juanesptux You should probably start your own thread unless you are using the same UTM 320. Steve

@stephenw10 Thank you for the response and the explanation. While researching the I219-V problem I found some other forums where users where trying to resolve this issue by compiling their own drivers. I will try and find those posts and mention the 2.6 snapshot as a potential solution instead of compiling drivers and mucking with the kernel config.

@setarcos It's the 4 port QNAP card you first mentioned - the QXG-2G4T-I22 (I purchased it thru B&H). It's sitting in my Dell R220 running v2.5.2. Northbound it's connected to my Moto MB8611 modem and southbound to a Netgear M5300-52G for the time being (I haven't decided on a southbound switch yet). Everything seems to be working fine. I know I am not getting my full speed yet, but that will come in time. Once I disabled HW cheksum offloading only then could I pull a ipv6 address from comcast. I could ping NB ipv4 (e.g. 8.8.8.8), but not much else since DNS still wanted to resolve addresses as ipv6 and I didn't want to start making a lot of changes to the config to see if v4 worked on it's own.

Try these. I can't test them against hardware but they load fine in 2.5.2: [2.5.2-RELEASE][admin@252dev.stevew.lan]/boot/modules: ls bwi_v3_ucode.ko if_wg.ko linker.hints t4_tom.ko toecore.ko [2.5.2-RELEASE][admin@252dev.stevew.lan]/boot/modules: kldload t4_tom.ko [2.5.2-RELEASE][admin@252dev.stevew.lan]/boot/modules: kldstat Id Refs Address Size Name 1 15 0xffffffff80200000 3aea720 kernel 2 1 0xffffffff83f19000 1000 cpuctl.ko 3 1 0xffffffff83f1a000 2698 intpm.ko 4 1 0xffffffff83f1d000 b40 smbus.ko 5 1 0xffffffff83f1e000 344d8 if_wg.ko 6 1 0xffffffff83f53000 137b0 t4_tom.ko 7 1 0xffffffff83f67000 c7e toecore.ko t4_tom.ko.txt toecore.ko.txt Remove the .txt extension. Steve

@hijikta said in Pfsense & Intel card Need Help please: Thank you i will try it . You wrote it works under Win, did you encounter the wrong FW checksum in that environment?

Nothing specific at this time. All the parts need to be in place and tested before it can happen.

@utha Any luck?

That's not anything I'm aware of as a problem. I would probably try the NIC FreeBSD directly. If it fail in the same way there I'd ask in FreeBSD forum. Steve

There's no real danger here because the old kernel module from 2.4.5 won't load in 2.5.2 anyway. If you do nothing it will just use the in kernel driver in 2.5.2 and log a harmless error at boot. You should just remove the loader values anyway to make it cleaner. But, as JimP said, really you should test it first. I expect it to work in 2.5.2 since it did in 2.4.5 but there is no guaranty of that. There were significant changes to most network drivers in FreeBSD, and hence pfSense, between 11 and 12. Steve

Yes, the default WAN port is Eth1 which is RJ45. If you need >1Gbps though you would need to use an expansion card to use RJ45. You cannot use an RJ45 SFP+ module in the on-board ix0/1 ports. Steve

@kr81 said in Watchguard T55: Can ther something be done with the jumpers on the board? Probably not if it's anything like the T70, and it looks like it's exactly like that. What does the pfSense boot log show? You could probably use a similar hack to start the switch as an unmanaged device but that's not really very helpful if you only have one interface! Steve

Several options / ideas.. First solution : why bother ? This excellent tool makes a backup of your pfSense config. The "install USB"is mall, can be downloaded fast, you'll be back on line 10 minutes after you start re installing. Next : Is your pfSense essential ? Use a new drive every 3,4 years, and after that period, use the disk on a less essential place. Related : Use an UPS, and all risks are divided by a positive number N, where N is bigger then 1. Keep a spare drive on the shelves. Next : You have a "server" some where running on the Internet (for your own sites, mails, games, private DDOS attacks and such) Use a data collector tool like Munin - see here - and as soon as one of the values reaches a critical point, you get a mail. Btw : I never received a mail from Munin, the drive was always fine now, and dead 10 minutes later, taking pfSense with it (so - see first point). My Munin example is from my dedicated server, it uses a "Raid 1" using two identical drives. For such a setup, smartctrl has more sense. If one drive fails, the system will continue tu run on a single drive. I will have some time preparing the swap and re sync. Next : Using the new ZFS filesystem, with pools, with a Raid 1 or bigger) a manual, monthly Smartctrl will do. As you said yourself, a basic cron, some grep and mail isn't that hard. /usr/local/sbin/smartctl -H -c -l error -l selftest -l selective -a /dev/ada0 (because my drive's driver name is "ada") This will show a boatload of info. Just 'grep' the possible bad-ass values, and mail them up to yourself. Your mini scripts / cron will be update proof.

Does it work as expected if you add a VLAN without the bridge? The description sounds like broadcast traffic is passed but other traffic is not. Are you able to pcap the tagged traffic? Is it tagged in one direction only? Steve