Just thought I would update this. The box with PFSense installed is still running strong and VERY low usage.  I've installed SquidGuard on it and I have using NZB files I am consistently hitting my 30mbps limit on the internet connection. Overall for the pittance I paid for the hardware, I'm very pleased with both the hardware and PFSense. Thank you

@jimp: If you're referring to Netgate vs pfSense store the BIOS is the same either way (depends on the board) Yep, this is what I was asking about. I have 4860s from both sides. Thanks Jim.

Thanks guys, perfect answers. 8)

Yes you can do that.  Yes you can do that via a vm.  As long as your switch supports vlans it will not be an issue.  Unless your understanding of vlans and how tags work is limited.  Then yeah might as well be trying to do brain surgery after taking a cpr class ;)

And wich you think is the better configuracion for this purpose? only one interfaz coneected to a DMZ net? Any reference or tutorial for those?

2U case (Rosewill?  Aren't too many good manufacturers out there). CPU:  Intel Xeon (Haswell) quad core @ 3.1GHz. Mobo:  Some SuperMicro server motherboard.  4 Intel i250 Gigabit NICs.  Separate IPMI port. RAM:  16 GB ECC Kingston DDR3 (Japanese Elpida chips). Storage:  64GB Crucial SSD I had lying around. PSU: Seasonic 80+ Gold.  Can't remember the output. With that hardware you will be able to use pfSense as a full UTM device! With Snort, Squid, ClamAV and pfBlocker-NG. To this day, it's been overkill for my home setup.  The 16 GB of RAM isn't even close to touched.  The CPU isn't even close to utilized.  The machine idles at maybe 50W, possibly due to the case fans.  I'd like something that barely sips power (<10 Watts) and maybe go with fanless.  The 2U case is too big: I'd rather go with 1U next time or even a SOHO sized unit like the 4860 that isn't rack-mount.  It's hard to DIY for 1U unless you buy the case and mobo together (Supermicro?  Dell?) high up the mbuf size to 1000000 increase the amount of RAM for Squid if it is in use set more RAM for RAM disks if in usage Hold that machine and after a longer time you will be the lucky one of us! To be fair, I haven't really fine tuned Snort or done much more basic firewalling and pfBlocker with lots of rules for malware C&C blocking (and Spamhaus DROP, Abuse.ch, and other IP block lists).  I just enabled FreeRADIUS for a WPA2-Enterprise EAP-TLS setup. What about Squid & SquidGuard or Dansguardian and ClamAV and Snort? I plan on building or buying a lower power rig and migrating to that hardware.  The 4860 in the pfSense Store looks nice and has 6 ports, which would come in handy so I can have separate DMZ and Internal Server zones, WAN, LAN, Guest Wi-Fi, Dev/Test zone, etc. Please search first the forum for reaching full GBit/s over PPPoE if you use it! But the unit looks fine for me. Here is another one for ~$700 (Supermicro SYS-E300-D8) But I don't need that much CPU or RAM.  Until the day I get Google Fiber as well as have some kids or something. A powerful CPU able to drive pfSense as a full UTM and much RAM likes 8 GB or 16 GB will be not a bad thing as I see it right it is more for long time usage and installing more packets if wished or needed in some days and if electric power is cheap where you are living it may be a real gain to go a long time period with that set up! $700 : 120 month = ~$6 a month for a full UTM device is a really cheap price in my eyes!

Go for an APU2c4 kit and add an msata SSD or another mini pc with integrated intel nics. Cheaper, better and smaller. Limited to 4gb ram, but by the time you reach that limit you would be out of cpu power.

Google 'add hard disk pfsense' and that will fix you up.  Squid just needs you to edit Services - Squid - Local Cache - Squid Hard Disk Cache Settings - Hard Disk Cache Location.

@YipYip: In your XP do the mobis play as much a part in problems as the NIC's ? Thanks YipYip Honestly, in the 10 years I've been acquainted with pfSense (and running in production for 8 years) I've never really had a hardware problem. But I'm also not running at the edge of performance. In general, any hardware that runs FreeBSD runs pfSense, so if you're on the fringe, look at the supported hardware list for FreeBSD.  I've run on Intel, AMD, and Via CPUs and Intel, Broadcom, Realtek, Via,  and Marvell NICs without problems.  Running both virtualized on VMware and on bare metal. Not sure this is the answer you're looking for, but unless you're on bleeding edge new hardware that isn't supported by FreeBSD, any issues are likely not caused by the hardware (unless it's defective).  EDIT:  or unless you're pushing the envelope of what the hardware is capable of.

Well i found out what the problem is from TP-Link forums From one of their forum users "We worked with TP-Link technical support and discovered that there is an issue that was only able to be resolved by removing the earth connector from the plug on the TP-Link power supply, and voila it works!" and TP-Link response "After the testing, we have confirmed the conjecture before, the NIC in the Asus motherboard does not isolate the MDI from the frame ground according to the IEEE802.3 requirement. As we said before the power adapter of the TL-SG2210P does not isolate as well and then the incompatible problem happens when they work together. The adapter of the TL-SG2210P and Asus motherboard are both to be blamed for this problem. We are deeply sorry for that and we have already begin to apply new energy efficiency power adapter which will solve this problem perfectly. Thanks for your understanding in advance!" Full details here http://forum.tp-link.com/showthread.php?85051-Switch-shuts-down-when-connected-to-modern-Asus-motherboards&p=188035#post188035 Something to keep in mind if you're buying this switch and have these motherboards brand/gen. I'm hoping TP-Link will issue a replacement for AC adapter soon.

Derelict, thanks for the help. I did all that but it didn't work. FSCK never listed a problem. What worked was re-installing. Thanks.

Hey @seniorpine, I have the exact same device, and I'm tryin with nanobsd version, but still no luck! Did you just wrote the installer to your CF and installed to the HDD from it? If so I will also try that. I just want to use this box as the firewall in our office.

Ultimate is subjective, no? There are so many other things responsible for the network to be amazing. The reality is that without purpose built from user experience UI all the way to the gateway device there will always be headaches and unforeseen scenarios that the user ultimately comes across for whatever insane reason. This really is a Frankenstein's monster of hodgepodge tech where most of us just cross our fingers and hope that it works.  I'd wager that no one knows every single facet of the technology they're using.

Not supported. The processor is not x86 See : https://forum.pfsense.org/index.php?topic=43574.msg435635#msg435635

@josh4trunks This is a very old threat here and this problem is resolved in or since pfSense version 2.3 Redmine Bug #4397 The fix above noted in "do control plane MTU tracking" is in 2.3/10-STABLE and works, which fixes this.

That was kind of my thinking as well. Interesting to tinker with but impractical in the long run.

@Philip7: Would it work to take a NUC and add a StarTech USB Gigabit NIC (chipset ASIX AX88179) to create a fast OpenVPN pfSense box? My Zotac CI 323 works fine but the cpu is still the bottleneck when downloading via my VPN provider (17 MBps). What is the speed of your line? What is your VPN provider? My mini PC with the same processor of your Zotac CI323 (Celeron N3150), which runs the latest version of pfSense, is able to reach full speed line (100Mbps) connecting to PureVPN or PIA. It's capable to run snort, pfBlocker and a couple of OpenVPN clients smooth as silk. Snort is the process that takes more CPU resources under heavy load, while downloading to 100 Mbps the CPU usage barely exceeds 90% if Snort is active, and 40% if Snort is off. I don't know your needs, but maybe the problem is in the client configuration or in your VPN provider. Here something about the OpenVPN performance: https://forum.pfsense.org/index.php?topic=115673.0

Well right before a workout I had no internet connection.  After making my way through the house to my horror this machine was loop rebooting. I just started a diet and let's just say my mind isn't 100% atm. Anyway - I reconfigured an access point to be a router while I went to the closet and pulled an old machine off the shelf. I took the same quad nic that was in the t3500 and put it in the "shelf" computer.  I loaded the lastest iso cd of Pfsesnse and with a usb stick including the /conf/config.xml the pfsense rig was up and running literally within 10 minutes. Gave me time to figure out that the t3500's PSU died. Something to note about this particular computer is it doesn't require a proprietary PSU and I slammed in something I had in a closet. (cooler master 750)  Works great! Yes it's a mess in there - I was in a hurry! [image: boneyard.jpg] [image: boneyard.jpg_thumb]

About 100 users It might be more interesting to know how much traffic they are producing! Multi-WAN (load-balancing) scenario with 3 connection of 500Mbps each Might be more tended to the rest of the clients and services that are offered! Load balancing can be done in three different ways such; policy based routing (many clients in/out sending) service based routing (different services by different ISPs in usage) session based routing (server session based and more for many devices in the DMZ) Router redundancy: I would need extra Ethernet port and 2 servers Ideally two identically units such 2 x 4860 or 2 x 8860 and using CARP then OpenVPN server: roaming and point-to-point Also an Xeon E3-12xxv3 system or an Intel Xeon D-15xx platform will be good then Snort or Suricata IDS Captive Portal Squid (possibly, not sure yet) 50% - 50% I will say it is not really even clear to me what services are running, what protocols are in usage and how many and what exactly of traffic will be generated, in some times it will be wise to buy and go with a SG-4860/SG-8860 unit from the pfSense store and/or a self made Xeon E3 unit that will be for sure hard and strong enough plus you may be able to add some RAM later on top if really needed!! So it would be more or less a question what is really going on in that network. I would assume that also the SuperServer 5018D-FN8T or the SuperServer E300-8D would be ideally together with two D-Link DGS1510-24 layer3 switches! enough power enough ports enough space enough RAM capacities Intel Xeon D-1518 4 Cores / 8 Threads up to 128 GB DDR4 2133 RAM M.2 socket, mSATA or SATA-DOM 2 x SFP+ & 10 x  GB LAN Ports Intel based Cool solution in my eyes.