"My internet speed is 100Mbps and I don't see myself upgrading to 1Gbps anytime soon. " And what about local side vlans, or you just going to have 1 lan?  If your going to do vlans on your network then you will be hairpin for any intervlan traffic.  So its not only your internet speed you have to worry about unless your just going to be on 1 lan..

@norg: Do you mean the Qotum Q355G4 with that? seems to fit the specs you mentioned and yep unless I add taxes that's a nice price. Yep, the Q355G4.

Yeah, MIPS is never going to work.

@Finger79: 100+ GB datasets is gigantic, especially if that's every night.  Will you be doing any differential/incremental backups or snapshots?  Significantly reduces the size and duration of subsequent backup jobs after the first one runs. Won't be that much every night and yes, I'm looking at how to shape my backup methodology to minimize the amount of data I have to move.  I've also heard that eventually Verizon will look at what your doing when you exceed 10tb monthly on their GB service.  It's the limited unlimited plan just like many others out there. Roveer

It should be sufficient, the CPU, QX-420CA, has AES support and at least two fast cores.

@coreybrett: I was curious about the Zabbix packages in particular. Zabbix themselves have armhf precompiled binaries, I would not be surprised if this is possible on pfSense as well.

get something with a quad core, and add a ebay dual intel nic

@trottoluccia: Hello, I recently bought a Zotac CI323 as it has it is a low consumtion (6W) quand core with 2 NICs. All seems to be fine with pfsense 2.4 a part from the LAN spee that is indicating 100tx and all my LAN is gigabit (CAT 6 cables and Netger GS108e managed switch). Any idea if this is about the realtek NIC that CI323 has onboard and if there is any way to make it working properly? Thanks, MAX Both Zotac CI323 and CI327 benefit greatly form an updated version (currently 1.9) of Realtek device driver for its Ethernet interfaces. Follow this thread to perform the update: https://forum.pfsense.org/index.php?topic=103841.msg754411#msg754411 You might need to also address some issues with the SD card reader interface. Take a look at the following discussion: https://forum.pfsense.org/index.php?topic=137286.msg753220#msg753220 (CI 323 and CI327 share a lot in common)

Yes, that'll be fine…

@BlueKobold: Has anyone tried a clean install to APU2 (serial console)? It is a must do and not a could do in my eyes, because this is a serial console only device without any VGA interface or port and so it must be a serial console install! The right installer is a the serial amd64 memstick version or image tp write it down on an USB pen drive and install it from there!…. Super! Thank you… I will give it another go. I only have the 8GB SD card at the moment, so will use that. I will boot with the USB stick and install to SD. I keep the Alix with an older PF Sense on it just for days like today. My SLA with the kids is brutal, and penalties severe. ;) UPDATE: Successfully installed using "pfSense-CE-memstick-serial-2.4.1-RELEASE-amd64.img" using USB, onto SD card. Alix goes back in the box and all is good. Thanks again for your help.

@johnkeates: @VAMike: legacy pci slots are half duplex and bandwidth limited for gigabit traffic. you should be able to get more than 200Mbit, but there may be some limitations in the pci bridge. at any rate, pcie is a much better option. Looks like we're seeing this PCI limitation more and more often ;-) Maybe we should put this in the Wiki. Definitely for dual port cards, they really needed the PCI-X extensions (higher clock speed + 64 bits), which have been functionally obsolete for over a decade and aren't found on any current mobos AFAIK. (If there's a PCI slot at all, it's probably a bridge to PCIe, possibly shared with some other legacy stuff, and not really intended for high-bandwidth applications–it's just there for people who have some old serial port or firewire card or somesuch they don't want to get rid of or pay to replace with a new PCIe version.)

Normally this would just be done with a L3 switch.. Guessing you have some sort of budget constraints?  And you happen to have these servers laying around? But jahonix is right on the money with suggestion to make sure you place your vlans correctly on the nics or you could run into some bottlenecks their depending on which vlans see the most traffic, etc.

@DeLorean: I update XTM5 boxes always with a Dual Core cpu @ 3.2Ghz and 2Gb Ram, and with this setup,  1Gbps throughput from WAN to LAN is possible. Thank you!

You should also avoid mobile processors if VPN speed is your main criteria as one of the primary attributes of mobile processors is that their speed is capped to ensure a lower TDP. The description for your selection specifies mobile CPUs… Newegg's information is wrong about this bare bone. Here is the web page from jetway which is showing Socket 1151 desktop CPU and SODIMM laptop memory: http://www.jetwaycomputer.com/JBC153F592.html By the way, this is a very good board except the 16GB memory limit is low if someone want to use IDS/IPS.

I paid $176 from logic supply for my new build. My last pfSense build lasted 7 years, hoping by going skylake this one will last a few good years too.

Here is a bit more detail for a quick test: Create /tmp/LCDd.conf [server] DriverPath=/usr/local/lib/lcdproc/ Driver=sdeclcd [menu] MenuKey=Escape EnterKey=Enter UpKey=Up DownKey=Down As root, start the server: /usr/local/sbin/LCDd -r 3 -c /tmp/LCDd.conf -f Hopefully, you will see some activity on the LCD In a separate session, you can start a real client, for example: /usr/local/sbin/lcdproc -h 127.0.0.1 G K If this works, the driver is functional and you can look into something a bit more permanent. Keep us posted.

Install it from the pkg repo, not from a file.

Asrock J3455B ITX Board = 1 PCIe 2.0 x16 (x2 mode) INTEL ETHERNET i340-T4 PCIe Card = 1 PCIe 2.0 x4 So it should be able to stitch this card directly into the PCIe x16 slot for sure, without any hassle or problems and it should be also be able to place it into that case as well too! So there is no need for a riser cable. I need information what is the best way to fit the Intel card on the motherboard. I read somewhere in this forum that it involves cutting either the motherboard or the nic. If the card is greater then the PCIe slot, it could be a work around, but in your case the slot is greater then the PCIe card and this might be then no problem, insert the card into the slot and all will be fine for you. (Take a look on the attached picture) What is the best way to do it? The motherboard is brand new while the nic is used. Board into the case and card into the slot, that´s the way to go with. I am also open to suggestion on using a riser card if it fits on Corsair 250D but I have no idea what to buy. Why do you think there will be a riser card or cable needed? Perhaps this card comes with a low profile bracket or it is not matching to the slots of the case then for sure you will bee able to went to amazon.com and get the right working tolls to walk around any problems. Here are shown some of them right to buy or go with.       [image: maxresdefault.jpg] [image: maxresdefault.jpg_thumb]

The guide you were following misses one point and that is correct filtering. Usually you filter on each interface individually. There's an advanced option at System Tunables where you can set pfSense to filter on the bridge instead. net.link.bridge.pfil_member Set to 0 to disable filtering on the incoming and outgoing member interfaces. | default (1) net.link.bridge.pfil_bridge Set to 1 to enable filtering on the bridge interface | default (0) Better than using an interface group and way easier to understand when doing changes in 7 months or so.