Cisco SG300-20 Don't know about retail or used-place prices though.

@VAMike: @RazorUK: I was a little concerned on the PSU as well, but saw in this thread https://forum.pfsense.org/index.php?topic=127757.msg707310#msg707310 someone else using that same power unit. Oh, I'm sure it will work, just in the worst case under sustained load the power brick might melt. Yeah, we definitely don't want that! I'll just step the power supply up a level or two.

@mattlach: I did wind up going with AES-256-CBC and SHA256 just because I could as my router is overkill, but honestly, I didn't notice much (any?) CPU load difference between the two, so might as well use the stronger one, even if it might not be necessary. Anyway, with AES-256-CBC and SHA256, loading up the connection in one direction (it peaks at about 135Mbit, due to my traffic shaping rules) I only get about 9-10% load on the CPU.  So, under a theoretical full load in both directions I ought to hit 18-20% somewhere. I'm glad to have some room to grow should anything change, but this little i3-7100 has definitely outperformed my expectations. @whosmatt: I also use AES-256 and SHA256 on my PIA tunnels and have never noticed a tangible performance difference between the two.    I'm still on AES-128 and SHA1 on my personal OpenVPN server, mostly because I set it up that way years ago and haven't felt the need to change.  SHA1 is approaching deprecation anyhow as far as I'm aware.  Anyway, thanks for the update. I should follow up with the fact that since my initial tests (just speedtest.net) I have succeeded in getting the CPU load up much higher. I was under the impression that OpenVPN CPU load was really just dependent on raw throughput, but that doesn't seem to be the case,  More connections at the same bandwidth use more CPU it would seem. Downloaded a new Ubuntu ISO today using rtorrent, which resulted in downstream maxed, and a little upstream.  This was about 38% CPU on the router.  Still very respectable, but I wanted to update you guys in case someone takes my earlier results too seriously.

In pfSense any interface can be either an external or internal interface. It only depends on whether you set a gateway on that interface. Only the LAN interface has any firewall rules on it by default. That is to make it easier to get started. All other interfaces will block all traffic by default. I'm sure you can use em4 to connect to the gui for management if you wish you simply need to add a firewall rule on that interface to allow it. Steve

No't need to "reinstall" Shutdown –> Replace --> Power ON --> Reassign

@kejianshi: I think the Netgate SG-1000 is just ok.  Pfsense needs 2 or more processors really.  something like the Netgate SG-1000 with 1gb ram or more and with 4 cores would be really nice, but attention needs to be paid to the throughput that the NICs are capable of. Yep, this is right and there will be some or later a second device from Netgate. Netgate R1 Other device would also matching well for pfSense as a target and they will also be powerful enough too as I see it right. ClearFog SolidRun Base & Pro Turris Omnia

Excellent suggestion. Thanks, everyone, for the replies.  Most helpful! –cro

@Larrikin: What does the title of this thread say?  :) It's a bit of an understatement.  I think what people are trying to tell you is that there is no scenario where your hardware choices for a pfSense appliance make sense to any of us.  Of course you can build a system that outclasses the SG-4860 (or nearly any device you can buy off the shelf) as far as raw performance is concerned.  You could have done that for probably 1/4 of what you spent. If you want to actually put your hardware to some good use (rather than it sitting more than 90% idle nearly 100% of the time) consider running a hypervisor on it.  You could have pfSense + an entire home lab's worth of other VMs running with no performance penalty to pfSense.

I've been testing pfSense throughput vs some GNU/Linux router distros, and the results are a little shocking, TBH. Please try out iPerf from client to server and set it up to use 8 streams or more, then you will perhaps seeing other results and you may get other numbers, because the LAN line will be saturated. I love the features of pfSense, but that's one hell of a performance tax we're paying for them :( As above told, the hardware requirements for reaching 1 GBit/s at the WAN are given by the pfSense team shown under the link named some posts above by me, so there will be not really a need to complain about, because the APU is only serving ~1.0GHz at the CPU and > 2.0GHz are needed. For sure in the near future this can be really differ, by using multi-core CPU for the igb(4) driver, the entire pfSense system it self and perhaps more or less one of the forwarding (netmap-fwd, try-fwd, fast-fwd) methods that can change this.

I think you need to investigate 4G-LTE modem speeds on pfSense&FreeBSD, They are not so fast. Plus beyond speed lacking I think you need to consider -How is your cell provider going to like you sharing service with many clients in a commercial setting? I use a handful of client machines behind my mobile broadband but I hesitate recommending it for a business setting. I would consider Sierra LS450 the fastest cellular solution. A business solution you can tie into your pfSense HA configuration. https://www.sierrawireless.com/products-and-solutions/routers-gateways/es450/ Cradlepoint makes a cheaper business model which works good too. https://business.verizonwireless.com/content/b2b/en/solutions/cradlepoint.html

Perhaps… just remove the nvidia card? I see no reason to install a consumer hardware on a server. If this is about the dvi kvm use an adapter or the vga port on the console. You have the idrac, serial port, ssh, webgui, to be honest you won't spend too much time on the pfsense screen once is running.

Try use SATA HDD + SATA/IDE converter (3$) from ebay. This is best choice in any time.

The T520-SO-CR was plug and play on my system. I powered down pfSense, installed the card, fired up pfSense, reassigned the LAN to one of the SFP+ ports on the card and everything worked. Couldn't be any happier. Good luck.

I was able to make it work by doing the following; At boot press option 3 enter  set kern.cam.boot_delay="10000" press enter then boot press enter Everything installed correctly. P.S. Installation was done through usb port, that's why the extended boot delay.

To anyone who might be following this topic, the upgrade to version 2.3.4 resolved the beeping problem. Nobody could explain why it was beeping, but it's gone after the upgrade.

@Kimbie: So got around to opening up my x750e and there is a blue IDE port soldered onto the motherboard, can this be used at all? Yes, this can be used to hook up a 2.5" IDE HDD or a SSD (need extra IDE to Sata adapter). You reach the same goal with the black connector right beside the blue IDE connector. The only benefits of running pfSense from a HDD or SSD is that you can run the full installation, and have better support for installing packages that require many read/write actions (Squid , Snort etc….) Also the bootup time is faster compared to a CF card. The throughput speed stays same. Grtz DeLorean

That's exactly the sort of thing that is commonly broken with USB NICs and why we generally recommend not to use them. The driver/hardware reports it is capable of checksum offloading but it's actually broken. Steve