APU wall mount replacement for the new APU cases Usage only on your own risk.

SG-4860 is a 64bit capable Atom D2558 with AES-NI and Intel Quick Assist. If this will be a original SG-4860 from the pfSense or Netgate Store it is a real 64Bit  hardware. And if this is a real SG-4860 it is based on an Intel Atom C2x58 SoC and a custom pfSense image should be installed on it, that is available after creating an account in the pfSense store and registering that unit likes @jimp was mentioned before. In former days many admins where thinking of installing a 32Bit version to get out more "bang" using the 64Bit hardware, because the need and use of the real 64Bit image is more then the 32Bit! But this days should be over for now and in the future.

@mattlach: 3.)  Do you really trust the VLAN implementation of your managed switch?  How often does the switch firmware receive security patches?  Are you running on the latest?  I love my managed switch (HP Procurve 1810G-24), but I'm not convinced I'd want to expose it to my WAN.  You'd be surprised how much the typical WAN connection gets hit by various attempts, if you turn on and examine verbose logging… So, long story short, it's certainly very possible to do this method, but it's not necessarily best practice. If you configure the switch properly, at least where the WAN VLAN(s) are concerned, the switch core shouldn't interact with the WAN traffic other than an ASIC level tag-untag.

As it turns out, we unracked it, and tried it.. it powered on, and then we re-racked it and it powered on. Maybe the moral of the story is to leave it unplugged from power for more than a few seconds.

You can take a look to APU2C4 platform, it should work for you.

@pffffSensing-N00b-3485901: I'm experimenting with pfSense (meaning that I'm cursing it frequently :o).  One of the things I'd like to do is a caching proxy to ultimately function like an ad blocker.  I think there's a package for that; either Squid(?) or Snort(?).  In effect, something like Privoxy, though I hear that Privoxy and pfSense don't play well together. I believe that the caching proxy uses HDD space though (I've been testing with the embedded USB image).  I haven't been able to find requirements or guidelines or how much hard drive to put into the machine or if I need RAID or SSDs.  For a few PCs and smart phones in a home environment, what kind of specs and gotchas should I be cognizant of? I've currently got a dual core AMD AM2 with 4GB of RAM and 2x PCIe Intel NICs running my soon-to-be production machine. I've got hard drives lying around.  Do I need to install pfSense to the HDD, or should it be separate?  Do I need the speed from an SSD?  What size do I need? Squid cache doesn't require much resources if you use it as caching only (interceptiing proxy is another story) Apart from disk storage, your AMD with 4GB RAM will work fine for just a few clients, 8 years ago I built pfSense 1.1 with squid cache to serve 150-200 office users, that PC was just a core duo CPU with 2GB RAM. If you look into squid user forum, you can see people building PC with 16G ram to serve 1000+ users. Disk space, you only have a few people, a few gig space will work, but the speed of storage will be more important as the cache supposed to have high hit rate (if the hit rate is too low which means squid doesn't fit into your environment) and therefore SSD will be better.

@railstream: So I built my own Supermicro setup bare bones kit with the C2758 CPU and motherboard that supported 1600Mhz Ram. So I installed 16GB ram and a 120GB SSD. Wow.  Holy overkill Batman! All of my pfSense boxes have only used ~1GB of disk space. I've also never seen it use more than a few hundred megs of RAM

If there are no issues with this card and it works likes expected I personally would not really change anything. But if you want to do something that is not really effecting this system and enough memory is there you could try out to high up the mbuf size to 1000000 if you want.

Hi dear proffesionals , we have a couple  of ZyWall 110 hardware PfSense is a x86 based software firewall and the ZyWall is not hardware compatible to that piece of software. and i want to run it in pfsense, the zywall 110 runs in  Cavium OCTEON II processor, The Cavium OCTEON II CPU is from the CN68XX family and that are MIPS64 CPUs and not really x86 hardware like. It can cbe used in smaller devices as a CPU only and in other devices as a add on CPU for doing the encryption and compression workload. So it can be a single CPU or as stand alone and also as a CPU on an add on card or as a co-processor in greater systems. i will read that freebsd 10.x supports  that processor, It can be that FreeBSD is supporting it, but not as a main or system CPU! Only on add on cards or as a co-processor it might be recognized. if pfsense 2.3 support that processors and possible run pfsense  on zywall110 series pfSense has no MIPS64 fork at this days.

As far as I know, there should be a chip that can assist with encryption on this board. There is not a really extra chip for it, but more a CPU or SoC register that offers AES-NI and over that it would be able to speed up the IPSec performance if the AES-GCM mode will be chosen. How do we enable this? Where in pfSense 2.3.1 can we set it up? I think in the version 2.3.1 it is an issue about that and so I personally would be more looking to go with the version 2.2.6 (64Bit) instead of the version 2.3.1.

Although not on the official list it may work on FreeBSD: The Mellanox cards work well under FreeBSD so I assume they would work well under FreeNAS. Worst case you may have to drop into a shell and install the Mellanox drivers, but the good news is they do provide them for FreeBSD (and so FreeNAS). They also work well under 2012 R2 in my experience. I'm running a MNPH29D-XTR in the FreeBSD box and a MNPA19-XTR in each of my 2012 R2 hosts. https://www.reddit.com/r/homelab/comments/34qb64/cheapest_route_to_10gb/ But… with regards to pfSense, there are some bad news: Sitting here now, PFSense cannot recognize my Mellanox MNPH29D-XTR ConnectX-2 EN. Couldn't install the drivers either as PFsense has removed build tools from the base system. Trying FreeBSD 10.2 now, looks I will have to compile the drivers first and we will see. They work in Linux though. https://forums.servethehome.com/index.php?threads/pfsense-to-build-switches-with-10gbe.7044/page-2#post-66200 Good luck and make an informed decision before deciding on buying (or not). Regards, Jorge M. Oliveira

I would avoid the 10 port J1900 model if I need all of them to run at high speed. Jetway board usually comes with 2-4 ports and some models support the expansion cards, but the connectors will be an issue, just like my NF9HG-2930, the expansion slot is just a pci-e x1 slot, if you try to run full speed with 4xLAN add-on then you will experience packet drop when all of them running at high speed.

@Jailer: About the only thing that would concern me is the lack of 64 bit support. And concern may be a bit strong of a word to use. pfsense will eventually be going 64 bit only and 32 bit hardware will leave you with a dead end as far as an upgrade path goes. But for the price you got this board for it's worth it. Yeah, it does. I was looking into the ASRock AD2550R/U3S3 but it's a bit pricey…

thank you, I just ordered it

Confirmed, it was the cable.  BAH!  Always check layer 1 first.  Thank you

Sorry for the delay replying here - I have bce cards and yes also using IPsec.  We've managed to live with it for the time being (we can get crashes 2 or 3 times a day, or go a week and works fine) - hopeful that 2.3.1 will resolve the problem. Fingers crossed it's released this week. Peter

Hi Frank, I live in DE. Thanks for the hint with the rack enclosure. Seems to be a reasonable alternatives to buying a new server. The APU2 might be the next step. I hope my apu sticks not to much on the standard enclosure..

What board and what fan are you using? Most boards can automatically control the fan speed provided certain parameters are met. E.g. You may need to use a 4-wire PWM fan, and connect it to the CPU Fan header. Then activate the fan control in BIOS.

Thank you for the reply. I have since found out that the blocking of private networks is most probably why this fails. The modem seems to set a 192.168.x.x as a 30s lease before it hands out the real IP after some time. So I am good now. Thanks again.