Current have 115/2 but end of this year will have just under 200/80. Hardware plus customs, plus shipping fee plus tax on top of this not so easy to say for Australia. https://www.yawarra.com.au/products/servers/apu-servers/  APU2C4 will this something for you? Otherwise as recommended a Qotom-Q355G4 would be nice and powerful enough, also it comes with AES-NI (Intel Core i5 embedded CPU) and pending on the GHz, RAM, mSATA size and WiFi or not it starts at ~$230 till $340 would be a nice pfSense firewall, but if you end up then with ´customs, tax and shipping fee over the offer named above from Yawarra, I would think about that once time again.

@BlueKobold: ahh okay, great…Intel is prefered, but there is a handful of Qlogic netextreme cards that offer that connection and are supported Many able to get between $5.99 - $30 with 1 to 4 ports actual. And have a 1000BASE-SX interface. That can be more then you perhaps might be imagine. OM1 LWL-Multimode 62,5/125 µm ~220m OM2 LWL-Multimode 50/125 µm ~550m OM3 LWL-Multimode 50/125 µm >550m ~2km LC - MM - 850nm - OM2 LC - MM - 1310nm - OM2/3 I have found an "Intel PRO / 1000 PF Dual Port". As far as I can read, it is supported by pfsense. It also has 2x LC multi-mode 1000Base-SX I would say it is mostly better to start and the other end of the fibre connection end, look their what you will need really and then buy a card that matches 1000%, so you are absolutely worry free. I appreciate your help. I have an OM2 cable pulled up to my rack cabinet. I have a fiber box with  2x lc 850nm 1000BASE-SX connectors

@biggsy: You may not be aware of this forwarding service from Aust Post. I haven't used it but friend recommended it some time ago. They mark up - so basically it doesn't work out that much cheaper anyhow. Although it's nice such a large business is now offering this stuff.

Anyone trying to answer this thread without knowing what you need to accomplish is just flipping a coin, they have no idea. garbage in, garbage out.

I'm looking for something with AES-NI and possible Intel QuickAssist, 4-cores, and low power consumption. I would look for a C2758 (produced later then 12/2016) now or for later this year for a Supermicro board with Intel Xeon D-15x3N SoC that will be stronger and more power using. QuickAssist is actually FINALLY coming soon. The official freeBSD driver has dropped and some tweets have gone out from the Netgate team about integration. Bad news is that it appears to be v1.6. So Rangely C27*8 processors are not likely to be compatible. So don't go to Rangeley, especially with the C2000 bug is my advice. The bug is solved and new boards made since 12/2016 are bug free. Bad news is that it appears to be v1.6. So Rangely C27*8 processors are not likely to be compatible. So don't go to Rangeley,… I personally think that will change at someday, because nearly the entire SG- series from Netgate is based on that SoCs. SG-2220, 2440, 4860, 8860 and the XG-2758 too. Could be that I am wrong with this for sure, but I think there will be changing something and it gets into the source code of pfSense.

GPS pin PPS Scroll down and find the ToDo HowTo.

https://www.freebsd.org/cgi/man.cgi?stress(1)

@VAMike After reading your last post it is now more clear to me why you are complaining in each thread against the presence of QAT in pfSense hardware. For sure all peoples and users who where thinking to get a rocket fast OpenVPN machine based on the presence of QAT in their new hardware will be fairly a bitt disappointed, but each CPU core can hold or drive a OpenVPN tunnel and yes this is never real multi-cpu core usage but better to let run all the tunnels over one single CPU core alone. ….and paid ~20-30% more for the equivalent CPU in order to get the QAT. For sure that is right, but if I am looking at the Netgate or pfSense site, it must be something why they are staying to use this Intel Xeon D-15xx and QAT based hardware, or am I wrong with that and I was mislead only by my own? But to read then something like that thread here and you can get all in one platform was let me thinking "this must my next hardware platform for pfSense for sure"! But often there will be also a second feeling that tell you is it right or is it wrong? And if someone opens a thread such this here, I feel once more again that this could or must be the right road to walk on. Who knows? I'm very confused about who's being prevented from talking about what. This was only pointed to the circumstance that each forum thread about QAT and pfSense I was watching, you were against that or I was thinking you were speaking against the presence of QAT in that or this hardware. Nothing more! I guess it's just one of those perennial pastimes on the net that someone has to be oppressed? From my point of view it was more in that direction that even if someone or more were talking about QAT you were running against this "wall" or argument that this will be a nice to have thing. But as said once more again after your last post this is now more clear and acceptable. Or are you trying to prevent me from talking? It's super unclear I will never do something like this, not to you and to no one else here and everywhere! I am only a guest here! I think mostly peoples could misunderstood things based on my poor English language skills.

I currently have a 1gbit internet connection on a dell poweredge 1850 server with pfsense - 2x Xeon single core 3.0ghz socket 604 8gb DDR2 ECC - So basically very old hardware. It can be that the CPUs are powerful enough for that but I had to guess, you're being limited by your DDR2 ram speed more than anything. The packet filter, the IP forwarding parts, and even NAT (part of pf, but run at a different phase) all hit the memory system. It's likely not that your CPU can't keep up, it's that your memory system is saturated. Gigabit routing hardware I will soon get an upgraded internet connection with 4gbit, so i think it is about time to replace the old router with some newer hardware - But I'm really in doubt how much CPU power i need to handle 4gbit. It will be at first more interesting for me, how that line will be offered to you by your ISP! And how it comes out of the wall at your location will be the second important question? If you are the lucky one you could get that Internet connection using MLPPP as a service from your ISP that would be luckily the best option in my eyes to get it working well. The other one will be, if it is only one cable out from the wall at your location you should better take a 10 GBit/s NIC or port to handle that line speed reasonable. In normal or real life you will get out of a 10 GBit/s Port or NIC something around 2 GBit7s and between 4 GBit/s as raw speed, for sure protocol and service used pending and based on. Initially i was thinking about getting a Pentium G4560 with a server mobo (c236 chipset) and 8gb DDR4 ECC rams, but after reading the recommended requirements I'm thinking that it might not be good enough ? So maybe ryzen 3 series could be a good option ? For electric power saving and horse power a small Intel Xeon E3-12xxv3/v5 will be the best option in my eyes. It can be also a refurbished one but with enough RAM if it comes to NIC tunings and/or other things so 8 GB to 16 GB would be nice to see or own. I'm gonna use simple services like captive portal, some monitoring and TCP dump with 200-400 users on the network. Perhaps, and for also pending on the offered services and used protocols you may be also lucky with one Intel Xeon E5-26xxv3 and >3,0GHz let us say 4 - 6 Cores. I'm planning to use two intel pro/1000 pt quad port network cards with link aggregation - I already have those on stock anyways - Are these cards good enough for my use case ? A Link Aggregation Group will be a thing with two ends! And this must be then on the ISP site and your site!! Please don´t forget this here in that case. I'm planning to use Two intel pro/1000 pt Quad cards - so 4x1gbit in LAG for WAN and 4x1gbit in LAG for LAN For the LAN you will need something on the other end that is also supporting the LAG and for sure that is not different if you will switch that LAG to the WAN site!

That's a bit of a bummer, as it will limit my performance at home to around 600Mbps, and I have a 1Gbps/1Gbps link. Would you please so friendly and tell me what is the normal or ordinary WAN speed what you get normally together with your SG-4860 pfSense unit? It would be not really pointing the theme here but it would be for my own interest to know it, thanks for taking the time to answer.

This is probably fine. As long as it works there isn't all that much to worry about. The driver, chip and functions should be right. The only remaining concern would be reliability, but only stresstests and time will tell about that.

When version 2.5 arrives, all the cheap Thin Clients that now are used for pfSense become totally useless, unless you keep version 2.3.4 using. Even the nice XTM5 boxes will be useless then. The Thin Clients that have a AES-NI supported cpu, are at least 2 or 3 times more expensive, at not so attractive anymore for the use of pfSense. Grtz DeLorean

yeah EIST has minimal affect on temps and power consumption, c-states is where the real gains are. If you have a cpu that has turbo mode tho, then you need to enable powerd (and eist) to utilise the higher clocks, I personally run my unit with powerd set to the stock clocks as the min speed, so basically I get turbo mode alongside no throttling.

if you want to have least impact on performance with best power efficiency I wouldnt let the cpu go to idle clocks, but keep c-states enabled, c-states save's far more power than eist and c1,c2 are both very quick and cheap for performance. c3 is a jump up from c2, but a trick is to only enable c3 on say half the cores, so half the cores will still respond instantly for interactive stuff, whilst c3 will still wake up quick enough to deal with loads that need all cores.

Thank you for the update. I was given this NIC and thought I would investigate the situation. I have another operating Intel NIC in production but might try the Intel Pro 100 / VT and see if it will operate in that environment.

@johnkeates: @peehoo: Don't get that APU, it has no AES-NI. wrong, APU HAS AES-NI check this https://www.pcengines.ch/apu2c4.htm

@TheHermit: I think I have set this up wrong. Also under WAN within the pfSense Terminal I have an additional "/24" at the end of the WAN Address. I don’t know what that means. /24 is shorthand for a 24 bit subnet mask.  On clients, you'd typically see this as 255.255.255.0 They are the same thing.  For the most part, it means there are 256 addresses available in that subnet.  It does a few other things like specifying broadcast and network addresses, but you can read up on that from the link below. Further Reading:  https://en.wikipedia.org/wiki/Subnetwork Reference for the Future:  https://www.aelius.com/njh/subnet_sheet.html

You can get the PCI IDs from the pfSense command line by running: pciconf -lv Steve