Yea, it was 115 F. And it wasn't momentarily either, it was for a few hours at the least.

I doubt your box of sarcasm would last long if I had access.  :)

@BlueKobold: Hey there, ive finally decided to put a build together but I am very unsure of what parts to get. This is mostly pending on many things and not only one or two things. installed packets used services offered functions turned on options I think low power consumption is quite important but here are the speeds I will need the box to handle: 1gigabit wanspeed and 1gigabit LAN speed. For 1 GBit/s at the WAN port it is useful to know what connection art you are using! PPPoE static or dynamic address FTTH/FTTC or coper connection I will have around 20 users. wired or wireless clients? Greateful for recomendations. I have thought about the ASRock C2750D4I boards but I am not sure. This is based on an Intel SoC called Avoton, this comes together with AES-NI and TurboBoost, the other Intel SoC called "Rangeley" is coming together with the AES-NI and Intel QuickAssist that should be more for firewall and router usage, the other one is more produced for running servers and NAS appliances. This board is at ~420 € here in Germany and the SuperMicro A1SRi-2758 (Rangeley) is about ~370 € if this is not really yours, I would suggest two other things you should be lucky with. ASUS Q87T This board is supporting many different CPUs and you will be able to upgrade it if you need and want it. And it is also accepting up to max. of 16 GB of RAM and one mSATA and one WiFi miniPCIe card, together with an Intel i3, i5 or E3 it will be surely able to route 1 GBit/s at the WAN port with ease. Together with an Intel dual or quad port network adapter it will be surely route the traffic well for you. Cisco SG300-20 Switch This switch can handle the entire LAN and VLAN traffic with "wire speed", not really cheap but really long in usage for you!!!! Yeah,actually the motherboard you have seems to be the one i looked at the other day?, what I am concerned about is which AP to buy and if I need to buy an extra NIC cardto get Intel NICs, i wouldn't want anything less than gigabit speeds over LAN. I currently sit at around 50-60 at best and that's shameful. UBNT WiFi APs are doing a good job and will be cheap and on top a free of charge wireless controller software that can be used to configure and manage them right. What kind of boot device should I get? mSATA from crucial with 60/80/120 GBs As far as installed packets I plan on using network wide adblock for one. I plan on using 8 gigs of ram and a 16 or 32 gig SATADOM. I am thinking to use my old router ASUS RTAC66U as an AP but I don't really know how to demote it to an AP but that is something I will have to figure out. One other thing ive thought about is having my servers on a separate VLAN than the wireless devices. I would also like to monitor useage and see statistics of how much is used. Sorry for my very alte reply. I would like to use both squid and snort. Is 8 gigs of ram enough? Also, I have downsized to 15 clients in total. So a 10 port CISCO Switch wouldn't be bad. Should I get the 4 or 8 core version?, I currently use 1 Gbit/s.

Depends on what you intend to do with the box, but in general, not a bad start for a cheap home setup. Similar to what you can do yourself, but someone preloaded it, only thing I might ask about is the Trendnet card added in. Might like to have a good picture of the inside to make sure the MB isn't showing signs of being cooked. Only better price would be something similar from a source local to you via Craigslist or whatnot to save shipping. Just my $.02

An SG-2220 would be perfect for that. If you are going to run squid I would advise getting the additional storage.

very thank for your reply, brother.

@edwardwong: J1900 definitely able to deliver 1Gbps NAT (my friend has 1, but his board with Realtek chip can only do 600M under pfsense, but with Linux 1G is good, so in terms of CPU J1900 should be fine) @BlueKobold: Please need some advise could a J1900 core do this ? The 200 MBit/s for sure, the 500+ MBit/s I really don´t know it, but all together with WLAN and Squid and perhaps pfBlockerNG or Snort on top it will be very unrealistic to me that an Intel J1900 can handle that load nicely. More a SG-4860 would match in my eyes to that. Only looking on the GBit/s at the WAN port and not seeing or counting then the rest of all installed installed packets om top of this and/or running services might be sounding good, but is nothing in real life if things went to the south. For commercial AP like Ubnt, Aruba, Mikrotik, 50+ users on 1 single AP should be fine (except for large area or too much blind spots due to concrete walls) I am counting 20 users for normal WiFi APs and as highest number 30 for each WiFi APs controller based from the enterprise class as the highest number for getting a good and fair throughput or connectivity for all users. Only by using Xirrus WLAN APs this is not the case, all others are mostly promising more then they are able to deliver later! Well wifi are a bunch of ap to cover the whole area. And this is the good way walking with UBNT and/or MikroTik devices they can be bought step by step and over their mAP or UniFi WLAN Controller they can be managed all at one time, also for home users and customers. These are connected to a switch which is hooked to pfsense

Trying to boot from the built-in SD card reader, but it aborts with an error 19: Mounting from ufs:/dev/ufs/pfsense1 failed with error 19 Mountroot doesn't see any GEOM managed drives, and when trying to install to it form a usb, it also doesn't see it… Anything I can do to make it work, or am I out of luck on the built in SD reader?

@BlueKobold: I'm getting stuck with each NIC only loading a single core as it is and the interrupt queue basically saturates the entire core at 1 Gbps. In the version 2.3.1 this could be now working as a so called workaround but in normal this might be not really true, or am I wrong with this now!? Not sure. MSIX is working but for what it's worth, I can't seem to get the IRQs to go beyond a single core per NIC.

@karaznie: Why don't You consider GA-N3150N-D3V with additional Intel NiC PCI card? "Good" old PCI limits the throughput to around 800 Mbit/s total (i.e. 400 Mbit/s per direction if running full duplex), so putting a NIC there isn't very useful.

This box originally started with pfsense 2.2, but has since been upgraded to 2.3.1 (Patch 5) along the way. Perhaps something was strange during the update or upgrade process or plain was going wrong pending on one or more packets that where installed on your pfSense box. I would try to install version 2.2.6 clean(without any packets), fresh and full (mSATA, HDD/SSD) and see if there will be a problem or not if all is fine running and working well it could not based on that version Then after trying out that I would try out then to install the latest version 2.3.1.5 but also clean(without any packets), fresh and full (mSATA, HDD/SSD)and if there will be any kind of problems then you would be clear to say from where it comes And then you might be sure to say with which version you might be going along the next time until it will be updated and/or a newer version will be there, so you can test this from time to time until you will be seeing any changes in the support, stability or other things.

pfSense is a x86 based firewall and if there is a x86 hardware inside you might be having luck to install pfSense on it without any issues. Here are two success stories about that doings; pfSense on Astaro ASG 320 (english language) pfSense on Astaro ASG 110/120 (german language)

yes, max 32GB but 4GB is not enough? Yes but together with 8 GB RAM you will be able to high up the mbuf size if this is needed and then you will be having much free space or amount of RAM for other things such like; Squid default RAM usage high up more RAM for heavily traffic and VPN sessions running Snort or Suricata and they need (eats) also some RAM Much RAM can´t be wrong if a small amount is enough and since you will be able to high up the mbuf size to 1000000 you will never end up in a booting loop based on to less RAM inside.

Its not the traffic we are talking about, it is the number of CPU cores that will be used in each case. together with PPPoE only one cpu core is used for the WAN interface Not using PPPoE and all CPU core will be in usage for the WAN interface So if PPPoE is single CPU core threaded you get perhaps lower throughput at the WAN interface, but you might be thinking that this is pending on other circumstances or points! So you say that because of the low cpu speed my throughput is lower on the wan side. But why is my upload speed correct? I did the testing with a freshley installed APU and only lan en wan configured this is the result: [image: c6038b6dda3fb57356cd575215cff860.png] Update: [image: d8b2f11ac874e661db896709d26e5811.png] So there is then a modem in front of the WAN interface from the pfSense ? No only an NTU they call it here. It's just an Fiber to Ethernet converter. When I place PfSense behing the FritzBox: [image: 4831801c97caa5dd0e439cf13d78f71b.png]

If the budget will be expandable to something likes ~$350 - $399 I would better go with another set up; Jetway NF9HG-2930 ~$200 2 x 4 GB ~$40 mSATA ~$60 WiFI ~$40 M350 case ~$40 PSU ~$15 – ~$395 with WiFi and 60 GB mSATA SSD -- ~$330 without WiFI and 32 GB mSATA SSD and only a $10 PSU No AES-NI and Intel QuickAssist, but powerful enough to built a strong small UTM device that is power saving and silent or fan less. It is able to route without PPPoE nearly 1 GBit/s at the WAN and together with PPPoE nearly >500+ MBit/s and running Squid, SquidGuard, SARG and Snort will be also on top of this able to realize without any pain! OpenVPN and IPSec is not really pimped or tuned by that hardware but nearly ~100 MBit/s - 200 MBit/s would be enough for sending taken photos from the smartphone or camera to the home network NAS or storage. It comes with 4 Intel LAN Ports (NICs) and works well with PowerD (hi adaptive) and TRIM enabled. The mubuf size can be highed up to 1000000

Well darnit! If nobody can tell me, I guess I'll have to do it, just for the sake of getting the numbers!  :o

Cheers, folks. I appreciate the response. Sounds like I need beefier hardware for 1gbit nat. Off to migrate to Hyper-V I go! Thanks!