It helps a lot! Finally a proper answer :) Thank you very much! Best, Nick

Hi Steve, it seems like this motherboard and pfSense ain’t friends at all, acpi issues all over the place... I tried to turn it off in loader.conf but then it just doesn’t boot. I’m going to replace this board with a different one and give it a go. Thanks C

Here are the results before and during the speedtest: Before: 11 root 155 ki31 0K 64K CPU0 0 154:42 98.58% [idle{idle: cpu0}] 11 root 155 ki31 0K 64K CPU3 3 154:30 98.41% [idle{idle: cpu3}] 11 root 155 ki31 0K 64K CPU1 1 154:18 97.95% [idle{idle: cpu1}] 11 root 155 ki31 0K 64K RUN 2 154:51 97.35% [idle{idle: cpu2}] 340 root 32 0 98776K 38364K accept 1 0:02 1.36% php-fpm: pool nginx (php-fpm){php-fpm} 19 root -16 - 0K 16K pftm 0 0:57 0.60% [pf purge] 71606 root 20 0 7812K 4000K CPU2 2 0:00 0.12% top -aSH During: 12 root -72 - 0K 544K WAIT 1 2:17 98.74% [intr{swi1: netisr 0}] 11 root 155 ki31 0K 64K CPU3 3 157:05 76.71% [idle{idle: cpu3}] 11 root 155 ki31 0K 64K RUN 2 157:33 69.36% [idle{idle: cpu2}] 11 root 155 ki31 0K 64K RUN 0 157:20 63.68% [idle{idle: cpu0}] 12 root -72 - 0K 544K WAIT 0 0:38 26.18% [intr{swi1: netisr 1}] 12 root -92 - 0K 544K WAIT 0 0:43 24.11% [intr{irq260: igb0:que 0}] 12 root -72 - 0K 544K WAIT 3 0:32 15.26% [intr{swi1: netisr 2}] 12 root -92 - 0K 544K WAIT 2 0:15 8.30% [intr{irq264: igb1:que 0}] 12 root -92 - 0K 544K WAIT 3 0:13 4.80% [intr{irq265: igb1:que 1}] 11 root 155 ki31 0K 64K CPU1 1 156:40 2.67% [idle{idle: cpu1}]

Yes, I think there was a post in the main xtm5 thread about that some time ago. Try PMing this guy: https://forum.netgate.com/post/731573. He's still active. Steve

If you can get Hardware+Software from the same producer it's always the best choice, they work 100% together and you'll get good support. With HP for example you will have problems with the Gen10 because there are no working FreeBSD drivers yet. I tried myself with some ProLiant DL360 Gen10 for testing ~3 months ago and could not even get through the pfSense 2.4.3-p1 Installer... If you want some 100% reliable out of the Box pfSense without tinker just get one Netgate appliance and be happy. :-) -Rico

You should not have to do anything. Any recent SSD of even vaguely reasonable quality will last many many years. However if you still want to reduce write cycles you can move /var and /tmp to RAM in System > Advanced > Miscellaneous. Also you can remove the swap slice when you install, though if the firewall is swapping it's probably configured wrong anyway. Steve

If your Realtek chipset is among those listed here, I have had very good luck with the official driver. The compiled binary for 2.4.4 is here: https://forum.netgate.com/topic/135850/official-realtek-driver-binary-1-95-for-2-4-4-release I run two pfSense boxes with Realtek NICs and have had no problems at all with them using that driver. However, I'm dealing with 100/10 cable connections. I wouldn't expect them to achieve full gigabit speeds and I wouldn't trust them for enterprise applications, but for home use with sub-gigabit Internet connections they should be perfectly adequate.

Thanks for this information :)

Ouch! Better than some software/firmware bug I guess though. Steve

I have no idea what consoles are on that device but from your description it sounds like there is an RJ-45 serial console port. Note that is not Ethernet. It might have a VGA console too. Possible via an internal header. You would still need an adapter of some type for that. Do you have anything with a serial port? You could conceivably make a console cable using an old Ethernet patch directly. Buying a USB to serial adapter and an RJ-45 console cable is the correct way to do this though. You might be able to remove the boot drive and re-install it in something else depending on what it is and what you have available. Steve

Thanks everyone for your input. It sounds like I should stick to the cradle points and similar in bridged mode. I was hoping to find something a little cheaper for my customers but sounds like it's more trouble than it's worth.

Thanks @stephenw10. As an update to this, I replaced the Intel Pro/1000 VT to an HP NC365T and all issues have been resolved. Thanks!

I did not try putting the MikroTik on another port, however I did try only having two of the Intel interfaces up as WAN and LAN, and I still want up having problems. For fun, I tried installing the ESXi on the machine to put pfsense inside that. ESXi wouldn’t recognize the Intel at all.

@inxsible Got it and point taken. Just to clarify my comment where bigger is better let's say you have a choice between a 12V/5 AH or a 12V /7 AH battery for use in a USP unit or alarm panel or emergency lighting station. For that I’m going to take the higher rated Amp Hour all day long. Same for car battery with a higher CCA rating or electrical panel for your home. Having the extra in reserve for those instances will do no harm. Of course sticking a 200amp electrical service in a 70 year old 800 sq. foot home is probably overkill so there’s that too. I think we could agree in some cases bigger is better but not in all cases as you pointed out. In any case glad to hear you confirmed my new found 80W PS is a better choice. What I’ve just noticed after switching from the case’s original 220watt PS to the Pico setup is the board is system is running a bit warmer. With the original PS that came with the ITX case the temp was always between 36 to 38.0°C and now with the Pico setup its hovering between 42 to 43.0°C which is still good according to pfsense’s default "Zone Warning" presets so not going to panic yet.. The only answer I have for that is fan from the original PS was keeping a nice flow of air going across the board to assist with the lower temp. Thanks again for the part list and feedback, all is good. My next objective is to see if I how much uptime I could rack-up without a reboot. We all need goals right..

Thats fixed it, thanks Jim. [image: 1539637854381-nvme2-resized.jpg] [image: 1539637863130-nvme1.jpg]

Yes this post is WAY old. But in case anyone else runs into this issue with a SG-1000 device, I reduced CPU utilization from near constant 1.0+% to .7 - .8% tops via webui changes: go to Status > Logs > Settings, deselect 'Log packets blocked by Block Bogon Networks rules' and 'Log packets blocked by Block Private Networks rules' System > Advanced > Firewall & NAT, change the dropdown list selection for 'Firewall Optimization Options' from 'Normal' to 'Aggressive'

@syserr_01 said in DIY-Solution or SG-1000 or SG-3100? Home-Office Tunnel for small networks: ... the T620 Plus is a reliable solution? Something that lets me sleep at night? @bfeitell said in DIY-Solution or SG-1000 or SG-3100? Home-Office Tunnel for small networks: The HP thin clients are pretty darn robust. Sorry, have to disagree here. We put a couple of those devices behind touchscreens to work as their brains and connect to the control system. Four out of 5 failed within the first year of use. So reliability score is nowhere as good as expected. This also means that I wouldn't sleep well knowing I rely on these devices. When it's important to you to have the service up and running when you're away then nothing beats new, reliable hardware custom made for this task. Granted, these can fail as well but it's not as likely.

@johnpoz it can push gigabit all day long under linux+iptables. last I looked it was a little slower with pf (800 something Mbps) but as I said above it may be better with the isr deferred config. it cannot do gigabit pppoe, and openvpn speeds are somewhere around 50-100Mbps.