Thank you very much. I will test this with a cable like you said.

ok. 2pcs.* k9f1g08u0a 128m8bit controlled by Phison ps3002t controller 0_1531677767977_K9FxG08xxA.zip 0_1531677801633_PS3002 CompactMedia Controller Specification.zip It even has PhoenixBios E686, 44pin pata interface which i want to populate with 1 gb flash. the reason to do all this- its nice looking 1U 51Gbit ports with removable soc479 CPU, right now-celeron 370, with 1 DDR upgrade...+ PCMCI support and miniPCI slot and YES, it has db9 female port labelled console...Marvel 88e8001-lkj, Vitesse vsc7385xyv Ethernet Switch 6-Port 10Mbps/100Mbps/1Gbp, Zyxel SecureAsic cip-2001

@stephenw10 Unfortunately, my box has Broadcom NICs and I am in a CenturyLink area (PPPoE land.) We do have a municipal fiber provider (Utopia) but it’s not available in my area yet. They can provide from 250 Mbit to 10 Gigabit symmetric. I am just waiting for them to make it down my street and take my money. Carlos

The problem is that I already have a red box, and that is why I would like to replace the motherboard in it; buying a newer box just to replace the motherboard doesn't make much sense to me, at that point I might as well buy a second hand server such as the Dell R210 with an E3-1220 which already has all that is needed, for pretty much the same price as the solution that I am looking to implement. The issue here is that I am trying to avoid is sending another piece of equipment to the landfill (or at least not all of it) The Supermicro Motherboard boasts an Intel Pentium Processor N3700, which already has the AES support that is required for the latest versions of pfSense. thank you for the tip of the Lanners offerings, I will look them up.

Neither PID listed here 9030 or 9032 are included in the most recent usb device list: https://github.com/pfsense/FreeBSD-src/blob/RELENG_2_4_4/sys/dev/usb/usbdevs So I would not expect it to be detected in either if those modes. It might be detected in RNDIS mode if you load the kernel module since that can seemingly attach to things that reports to be an RNDIS interface. No promises though. It's almost always better to use a device that provides an Ethernet connection if you can. Especially if you want 4G speeds. Steve

@stephenw10 Yeah, you are right. It´s only me who has administrative access. Therefore I dont see a huge risk of exploiting security issues like Meltdown. It is still important to fix those issues because not every setup is different and those issues might be a problem for other users. Cheers, Henry

You can purchase official pfSense appliances from our website. Find the complete list of pfSense appliances here https://www.netgate.com/products/appliances/

I would leave those settings at the defaults unless you're actually seeing issues. Steve

@stephenw10 said in Quad Port NIC not detected: Try the NIC without the riser directly in the slot, if it will fit with the top removed. Try a PCI NIC in one of the other slots, with the top removed. Those are probably 32bit 33MHz PCI slots so limited to ~1Gbps for the slot. You might not need more than that across the ports in it. The bix might not be capable of more anyway depending on what CPU it has. That's pretty ancient hardware. Steve Unfortunately, the card won't fit without the riser : ( I believe the PCI-X slot is 133MHz, but I'm pretty much going to find another box. Oh well, you live and learn. I did gain some FreeBSD knowledge through the experience. Thanks to you guys for your advice!

I agree with has been written here so far. As someone who currently uses D-1518 based setup I can confirm that this hardware is capable or moving 10Gbit/s across the firewall even with Snort enabled, but with standard size ethernet packets (e.g. 1500 bytes). As you decrease the packet size, however, the amount of packets you are able to move across the firewall starts to become the limitation. My thread that @heper linked to provides some rough numbers based on some basic testing I did at 10Gbit. I think for an average case usage scenario where you don't see yourself maxing out the a 10Gbit connection regularly, the D-1518 would probably work fine. Otherwise, I do recommend faster hardware as well, both more cores and cores operating at higher frequencies. More cores should help to process the traffic in the NIC queues - for 10Gbit NIC hardware I have seen that it's possible to use up 16 separate queues (and maybe even more). If you are set sticking with Supermicro, here's an alternative suggestion that looks nice, but is probably a bit more expensive (next generation Xeon-D): https://www.supermicro.com/products/motherboard/Xeon/D/X11SDV-8C-TP8F.cfm https://ark.intel.com/products/136434/Intel-Xeon-D-2146NT-Processor-11M-Cache-2_30-GHz Hope this helps.

Excellent! I will try to get one of this HP's or with Intel chipset, thanks for your help. Robert

I wouldn't load the spectre patches on a dedicated pfSense box. You neuter your CPU performance for very, very minimal risk. As @stephenw10 if virtualization isn't involved Spectre really isn't much of a threat, especially for something as minimal and tight as pfSense.

It's always been a good idea to let a firewall be a firewall, and use other boxes/resources to do IPS/IDS, content filtering, etc. UTM's and pfSense started to reverse that for the convenience factor of having everything in one box, but with gigabit speeds becoming commonplace people once again are running into performance problems. So split the load. Luckily pfSense is an appliance so it's easy to set up additional pfSense instances. I've started to split the load - doing a bare metal pfSense install that just does routing, NAT, firewall and QoS if I need it. For everything else (VPN, pfBlocker NG, DNS, DHCP etc.) I spin up a second instance of pfSense in a VM. It's a bit more work, but I suspect it's the only way you are going to be able to get max throughput on your Internet link, and also be able to do the other stuff you want to.

If you clear that and reboot do you see it again? If not it was probably just temporary during the upgrade when those php libs are updated. Steve

The CF card slot does not support DMA so if you are using a CF card that is UDMA capable (almost all of them) you need to disable it: https://www.netgate.com/docs/pfsense/hardware/boot-troubleshooting.html#pfsense-2-2-and-later Steve

Did you try all three ports? It's not necessarily the first one that provides modem access. Steve

No problem. Thanks for reporting the issue. The memstick should boot both UEFI and legacy, we are looking into it now. Steve

@obloned No problem, glad to hear it worked!