I have to speed up ..... The power supply has died and is unusual and thus expensive. :-( WG X700 is a thing of the past. It's a pity!

Just throwing this out there. Maybe some low level resource conflict. Try going into BIOS and disabling any ports, etc., you don't need, including the onboard NIC.

@stephenw10 Here for our new gateway of defense : SM SYS-5018D-MF ( + 8Gb ram and a Xeon E3-1240LV3 ). I add also Intel Ethernet Server Adapter x4 LAN, and last but not least i will use SSD (x2 in case of...) Eh voila!

They claim to support FreeBSD though the FreeBSD mlx5 driver doesn't list that card specifically. pfSense does not include the Mellanix drivers by default, you would need to copy the kernel modules across from an equivalent FreeBSD version or compile the drivers if something newer is required for that card. I would test it in FreeBSD to initially if you can. Steve

If virtualization is an option, I'd consider that and a multi-port NIC.

What service are you actually opening on the QNAP device? One thing that will immediately increase security would be to restrict port forwards to an alias of known external source IPs. That may not be practical in your situation, I don't know. Out SG-3100 would do well in that situation. The SG-5100 would be better of you plan to run packages such as Snort/Suricata or pfBlocker. https://store.netgate.com/pfSense/systems.aspx Steve

Hi @ramses-sevilla - I have been using this exact system with pfSense and a symmetric 1Gbit fiber connection since early 2017. Zero problems since then and have been impressed with the performance of the machine. Hope this helps.

It's not an issue, it's normal. ix is the driver. It is a 10G capable chipset and driver, but depending on the actual implementation, is perfectly happy operating at 1G or other compatible speeds/media types/etc. There are ports on the Netgate SG-5100 which are similar. They are detected as ix but the physical connection is 1G, not 10G. It will link up and run as expected at 1G. Think of it similar to a 10G capable SFP port with a 1G module in it. Sure, the chip can go faster, but the media connection is only 1G.

No, atom n270 has a 32-bit instruction set. The current versions of pfsense is 64-bit https://ark.intel.com/content/www/it/it/ark/products/36331/intel-atom-processor-n270-512k-cache-1-60-ghz-533-mhz-fsb.html This is a link for hardware distributed by Netgate that is definitely working with pfSense. https://www.pfsense.org/products/

@sethelyon I just worked through something similar--the tutorial I was following forgot to add the DNS on the new VLAN interface, which resulted in clients showing no internet. I got clued (after a solid 2 hrs of peaking through settings in unifi and pfsense) in when I typed 1.1.1.1 into my browser to stimulate traffic to sniff and it worked. I felt super smart. If you can't laugh at yourself... J

x520 is fine, also uses the ix(4) driver. The NIC will not be the limitation in getting close to 10Gbps, the CPU usually is. But with that CPU... I've never run pfSense on anything that powerful personally. Steve

I see. In that case I'll just continue using the adapter as a bridge in Proxmox and assign it to pfSense that way. That has been working just fine for about a year now. Was thinking about doing hardware passthrough because I want to get rid of my old router and let pfSense handle the PPPoE connection to my ISP and wanted to minimize any potential security risks.

Hi @PhiloEpisteme - my pfSense box is actually based on the Sumpemicro 5018D - F8NT 1U barebones system: https://www.supermicro.com/en/products/system/1U/5018/SYS-5018D-FN8T.php I believe they also make a stand alone or desktop version of this as well (i.e. with the same CPU). With respect to noise, I would not call this system quiet, and the primary reason for that is of course the small form factor. With a 1U chassis you are limited in terms of the types of fans you can use and to get any decent airflow you'll need several small fans operating at quite high RPM's (which means more noise). While this system doesn't sound like a jet plane taking off, one would definitely notice the noise in an office setting. I haven't measured the power consumption on just this system specifically (only on my entire network stack), but with a CPU TDP of just 35 Watts it will be on the lower side. Consider also that the CPU wont' be running at full speed the whole time (unless the firewall is consistently loaded down), but any expansion cards you add will contribute a few extra watts. If you are looking to build a system with this CPU (or similar) it might be a good idea to just get the motherboard and CPU combo and run the whole setup in a larger (2U or bigger) case, which would allow you to use bigger fans. Now having said that, given that your use case involves wanting to utilize 10Gbit speeds between subnets, I would recommend looking at a higher frequency CPU than the Xeon D's as @stephenw10 already suggested. The quad core Intel i3-8100 or newer generation i3-9100 would make good choices and are decent bang for the buck IMHO. Couple that with a solid motherboard (that has appropriate expansion slots), a 4 port 1Gbit NIC, and a 2 -4 port 10Gbit NIC and you'll have powerful system that will also handle OpenVPN quite well. The i3's I referenced do have a little higher TDP (65 Watts) but again, unless the firewall is loaded down the entire time, the CPU will scale back the frequency and power consumption will be lower on average. I hope this helps - please let me know if you have any other questions.

Tanks ... i try to boot from CD and escape to a shell Tanks

Hi, I know this is an old topic, but highly relevant to my problem. Did you manage to fix it? Here is my topic : Sophos SG330

@High_Voltage , I have seen this problem many times with Supermicro motherboards and Intel NIC's. Remove all the extra cards, and configure one of the onboard NIC to login through the Web GUI. Navigate to Diagnostics -> Edit File -> Browse to /boot/loader.conf Add this line in your loader.conf file : hint.agp.0.disabled=1 Save and shutdown pfSense. Now add the extra NIC's and they shall be recognized correctly now. Grtz DeLorean

Its been on for 24 hours. about 22hours longer than it used to be on. It must be the l2tp Interface making it crash. edit: its been up for the whole weekend. Thanks guys. Marking it as Solved.

Yup, x86 only currently. Steve