It may depend on the cost of the downtime. At $xxx per hour how much would downtime cost? pfSense does support CARP for hardware failover so if you did buy another (at each location) the failover could be basically instant. It will sync states if the network drivers are the same on both. There is a caveat for the models with switches, in that as I recall it can't detect if one switch port is disconnected if the entire switch is still functional so you want to use the OPT1 port for the LAN and the switch ports for the CARP sync. pfSense also runs on PC hardware so if you have an old/spare PC and an extra NIC for it that would work as well.

A pfSense 2.5 Snapshot: https://www.pfsense.org/snapshots/ Coreboot updates would from the manufacturer. Though if may be possible to build your own since Coreboot is open source. Actually correcting a problem like this though is.... non-trivial! Steve

@stephenw10 Awesome, will give this a try and report the results

^ exactly! ;) if you found a 8860 at a price point you are happy with - snag it! ;) its prob overkill to be honest, but if your happy with the price.. I have a 4860 on my home network - it is for sure way more than what is required.. But go big or go home works for me ;)

When you say natted no delay you mean between vms behind the same natted connection? Or from natted connection to your gateway.. You can still function with a natted network to your physical network. Other than port forwarding from your physical to your natted devices would be required for unsolicited traffic from your physical to your natted vms.. If you feel your VM solution is adding unwarranted extra delay - then yeah you would need to get with your VM software solution support... This has zero to do with pfsense..

It's not worth putting a hardware crypto card in there. At least none that I'm aware of. Card that might actually be effecttive there are not supported in FreeBSD/pfSense. However it does look like those boxes support 5600 Xeons that do have AES-NI so that might be an option for you. That's based on a brief Google, more research needed! 10 year old hardware though, if it's crashing at all it might be time to replace it. Edit: Those 5600 Xeons are very cheap now though, probably worth throwing some in there as a test. Steve

@eiger3970 you can get used hilink dongles for 20 bucks, they show up as ethernet cards on and are pretty reliable, you need some modules and you can manage these dongles thru browser,

@stephenw10 It seems to have worked! I'll have wait to till I receive the breakout cable to validate that it worked!

I'm running pfsense on an Optiplex 3020 with a i5-4570 and a quad i340 NIC, 8GB of ddr3 low voltage and a 120gb ssd. With Power D set to "adaptive" it pulls 22 watts average while being used, and peaks at 35 watts when booting or doing a full pfBlockerNG-devel reload. I've been very happy with it.

It's still 12 or 13 only so you would be looking at a special build of 2.5. Which doesn't exist so, no, it still won't run. If we were ever to look at RasPi it would be far more likely to be the Pi 4 because of the vastly superior Ethernet on that board. Steve

@stephenw10 Thanks for the info, always interested in the SOHO options

Good to hear. Thanks for reporting back.

@Wezzo switch from 22.x HiLink to 21.x Stick fw (if not done yet) and configure as described here: https://forum.netgate.com/topic/133051/huawei-e3372h-lte-dongle-and-ncm-cdc-mode

@stephenw10 said in SFP+ ixgbe Network Interface Won't Come Back Up: I would say they are stable enough for that. As I said I've had numerous boxes up running 2.5 here for some time without any significant issues. Of course what issues there are might be more significant to you. You can't easily downgrade in place, you have to reinstall 2.4.4p3. But if you have the media and a config standing by that's pretty easily accomplished. If you had to. Steve Well, this issue got me again today. I had been noticing some random hotplug events over the last few days for the ix1 interface in the system logs (maybe once or twice per day), but they only lasted for about a second and the interface came right back up. Didn't make much of it until today when the ix1 interface did not come back up after another such hotplug event. This occurred after about 50 days of uptime. As usual, I had to shutdown the machine, pull the power, and then restart it for the interface to come back. Up until now I had 4 VLAN's configured on this physical interface, but decided to swap those around today with one of the Chelsio physical interfaces after finding this: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=235918 Not sure if it's related, but will see if it makes any difference going forward. Looks like I may end up trying 2.5.0 sooner than later, or going back to an igb interface instead, as those work fine in the current 2.4.4 version.

I believe that's power arch as stated above? If so pfSense won't run on it. You will need to hit the openwrt forum. Steve

Suddenly view this tread. I have many of this netsq u70. There is switch witch is connect to serial port 2. use " cu -s 9600 -l ttyu1" command to configure switch. You can assign ip on the switch and configure everything thru web. You can create vlan for WAN port and use other port for lan. EM0 its connected to port 1.

Hmm, just enabling AES-NI on the i3 end? Interesting, that's a significant step up, more than I would expect there. Steve

Ah, nice result then.

@netblues said in IBM System x3550 M3 7944 server and play with Redundancy and High Availability In pfSense: 1G is one thing, 10G is another. Hardware specified is most probably an overkill for 2-3 1gbit links. 10 g interfaces is another story, since driver compatibility with freebsd is the key factor. Thank You, NetBlues! Could You (or someone else with knowledge with) be so please to point on a hardware from the Netgate Store, nearest by characteristics to this IBM 1U size servers ? All specs of IBM Servers that we plan to play with are in first message in this thread. And about used Broadcom NIC in this Servers are at the end of thread. Thank You!