@sparky_3: @BlueKobold: I have a Netgear 728TPP. Can you please link me to that switch model from Netgear I couldn´t find it over Google.de http://www.netgear.com/business/products/switches/smart/GS728TPP.aspx It is a L2, L3 "Lite" switch that I believe does support VLAN routing.  The Web GUI is awful and if you click on certain options I get locked out and have to to back to the initial login screen to navigate.  It also gets very warm and is the loudest thing in my rack.  But it does support 24 gigabit ports, POE, and 1U configuration. @BlueKobold: If you have the money, I would recommend you go for the C2758. It will definitely last you 5+ years given the WAN speed remains under 1 gigabit. On one side this might be right, but in another thread here in the forum there was talked about the really poor inter VLAN routing speed or power of that board too. And if this may be important for him, because he owns not a real Layer3 switch what is able to route between the VLANs with nearly wire speed, its worth to talk about. My home is just my wife, our toddler, and I.  I don't think I would be doing heavy VLAN routing with the exception of maybe video.  I plan on setting up IP cameras and a NVR. In the NVR I could use two NICs in the NVR so that one is on the VLAN of the storage server and the other is on the VLAN where the cameras are located. That would negate the routing from the pfSense router or the L3 switch. We also watch movies, but really no more than one movies at a time.  The toddler doesn't get screen time yet. Cool Switch (GS728TPP) from Netgear, then I would let it routing the VLANs it selfs and you can also go with the smaller APU2C4 for that WAN Speed. I am leaning towards a Supermicro c2758 build (5018-FTN 4) or a PC Engines apu2c4. But if oyu want to install more packets and you will need more horse power for the entire system (pfSense) you should also be fine with the Supermicro C2758 variant. Its small, power saving and fast on top.

Thanks.  I did contact support and they confirmed the chassis was a prototype and that changes in FCC regulations prevented that design and integrated wifi going forward.  My location is very small and my current wifi is in the rack and works fine.  If I move though, then I will look at the ubiquity.

@edwardwong: I don't think so, DC-DC PicoPSU is also a kind of switching regulator, just like what I mentioned before, the efficiency will be somewhat lower when your output is far below from the designated load. It's a lot better than if you use a conventional supply. It's a bit difficult to explain the intricacies of it all (especially once you involve double-forward regulation and such) but it's built to actually handle low loads and you're more likely to be in the 'efficient' region by virtue of the fact that the PicoPSU is rated at much lower power ratings. For example, if you had a system that needs 30W and you use a 300W PSU, you are at <20% loading. A PicoPSU would start at 60W where your loading is 50% and even if you go up to the 120W model, you are still at 25%. As mentioned, most PSUs are certified for their 80+ ratings only at 20%, 50%, and 100% load.  Drop below 20% load and there are no guarantees on the efficiency anymore.

@edwardwong: And to avoid failover, if mission critical, building one more set of firewall and let them work in CARP failover model would be definitely better than running only 1 firewall. Absolutely.  I run 6 pfsense firewalls at work.  Four sites, with only 2 of them having enough IP addresses for CARP.  Where it's available, it's invaluable.

I'm getting a full gbit line and well wanted to buy a 2558 board but it seems to be getting EOL. Here in Germany the C2358, C2558 and the C2758 are all to get the hands on! From where you are (country)? so speed 1000/1000 over PPPOE. Then go with an Intel Core 2 Duo or Intel Core i3, i5, i7 (embedded) or Xeon E3 CPU that is handling that speed with eases and more on top. at least 2 intel ports minimally 100mbit VPN preferably higher. packages like snort and squid. Then a qaud core CPU or SoC might be the better option for you! It might be better for all together I mean the 1 GBit/s, the Squid and Snort on top. now I have 2 roads I can walk 1 is Celeron G4400 with a Gigabyte GA-Z170N-WIFI board You are prisoner of your own mind, you have more options then that, but often not in the same price range like the named by yours. This one might be to low or not string enough. The other is Supermicro X10SDV-4C-TLN4F Xeon D1518 The difference is that the 1st option is 3x cheaper. This board is able to get here in Germany for ~597 € + shipping fee ASUS Q87T ~150 € 2 x 4 GB RAM ~60 € 1 x mSATA 120 Gb ~80 € Intel i350-T2 ~120 € mini-ITX case ~60 € or 1U case + PSU ~130 € 1 x Intel Core i3 @3,0GHz ~200 € All in all nearly ~800 € and able to serve your network as you need and wish it.

I've used one for over 5 years and it's been great.

Vlans  OK  read this thread  https://forum.pfsense.org/index.php?topic=113392.msg631783#msg631783

64-128GB SSD is enough for you. I suggest you to install squid as well, 150 devices accessing internet would be beneficial from squid proxy in general, especially when you only have slow ADSL connection. I did it once 8+ years ago, only 2M+5M ADSL and my pfSense with squid was serving 150-200 users without any issue, not to mention that I was still using spinning HDD as cache drive at that moment. @jhancock: Hi, I'm looking to purchase a SG-4860.  I don't know if there is any value to having a 128GB SSD instead of the standard memory card. The device is to be used for our medium sized office firewall/vpn.  Around 150 devices internal. I may want to eventually use some traffic/source database to filter malware.  I will certainly want to log traffic for purposes of understanding usage trends so I can decide on sensible bandwidth shaping policies.  I do not need to keep logs long term for audit/policing purposes. So I'm asking if there will ever be a need for such storage?  I haven't used pfSense in about 6 years so am not familiar with the disk usage needs for common features. thanks, Jon

@BlueKobold: I fail to see the need for trim on something with as few writes as pfSense.  Just some log entries now and then. Together with squid and snort or squid as a caching proxy it would be speeding up many things if you are going with a mSATA or SSD and yes also TRIM can be interesting then. Why not using the actual given features and options? I didn't bother with trim on mine, as it really isn't necessary .  Heck even an SSD is not necessary.  I used to boot pfSense from a USB stick and it worked just fine. But running Squid as a caching proxy you might be not able to realize with that set up. Not going to do that with a 16GB SSD anyway :p That being said, squid proxies are not very effective anyway.  Most traffic is effectively cached on the local machine.  Only if you have very many machines on the same network all downloading the same OS updates does it really make sense.

This was owed to the Squid usage as a caching proxy and not the syslogs! I haven't read pretty well your post about squid, I edited my last post as well saying about 120gb should not be enough for caching? Here is a dual 19" rack mount case for ~60 € that can hold two of this boards with ease Wow that rack is very cool, thanks for the link!

I've had much success running pfsense in VMware on cpus ranging from older Core2 based Xeons to the  X5550.  I would not use any of them for a 1Gbps connection in a VM.  I'd suggest running all your other workloads virtualized and get a dedicated box to run pfsense.

@khorton: @Sekrit: I tried Jetway but decided to return it.  Instead, I changed my server to XeonE3-1245 and supermicro X11 motherboard with a 4 port intel LAN and running pfsense on Vmware under Windows 10.  Addons are snort, pfblocker and Squid proxy. It has been very stable and fast for 6 months. Which Jetway board did you have, and why did you decide to return it? I had a Jetway JC320U93W-2930-B Intel Celeron N2930 Dual Intel LAN Fanless NUC It generated too much heat. SO-DIMM was defective or the motherboard was causing memtest errors. SSD I received was DOA. The USB drive that I was using temporarily eventually failed too.  I had enough problems.  I wanted to give it a shot to vmware installation and never looked back.

Hello, you could try that: https://forum.pfsense.org/index.php?topic=106078.msg630826#msg630826 it works on my AC785S and it's the same idVendor and idProduct good luck

@Jailer: Looks like it's supported by FreeBSD so it should work. thank you i didnt think about looking here thank you so much thats good

@Aluminum: ECC on the system ram will mostly just give you higher potential uptime between random flipped-bit crashes IMO, it can't hurt but no big deal. Yeah, that is what I thought, but it doesn't hurt to confirm with others on occasion. For me uptime has never been an issue.  My uptime is always governed by the need to reboot for a hardware/software upgrade, one power outage in the last 10 years the times I moved, never based on system instability :p

@whosmatt: The SG-2440 will be more than enough for that usage. Yes.

I was getting errors until I bought a new switch.  If you have another around, give that a shot.