@ddarlington36: OK I was thinking of taking a shuttle barebone DS81 combine it with Intel i3 4170 an adequate ssd The config should be fine. @ddarlington36: An run pfsense from a vm as there will be multiple VM in my setup. Apart from the typical "not to do it in VM" reply, for an i3, I would not recommend VMs. I have tried it and you will not be happy with the response times, unless the other VMs are not too CPU intensive. @ddarlington36: I was thinking  the main os/ should be windows server 2012 r2  and from there through the VM hyper-v dedicate pfsense to assign both  lan / vlan    along with a VPN and a freepbx on the same box. Would I be able to assign the physical wan nic(ISP) to pfsense in this scenario using hyper-v/esxi 5.5 as the vm Doable but, as I said above.. don't expect it to fly @ddarlington36: This is just my own setup here just looking for the easiest solution to meet my needs Shuttle ds81 dual 10/100/1000m RTL 8111g CPU Intel i3 4170  picked mainly for AES-NI for VPN ssd crucial mx200 250gb ISP 100m/20m Would this be capable of this type of load for the hardware chosen? Capable.. yeah. You can throw SQL Cube configs on it. It would provide you the results.. but not speedy response. You also didn't mention the RAM on it. Your config would be good (with 4GB RAM) for a pfSense installed directly on the SSD. For VMs I would recommend at least i5/i7, preferably Xeon with sizable RAM to accommodate the number of VMs you intend to host. Look into vmware rather than Windows VM.

I like this approach because many modern hardware although they have onboard speaker, or at least they do have speaker header connector, they don't play any sound at the beep command. It's somehow related to the onboard soundcard. For example, on an HP t5730 thin client, you don't get any beeps - using beep command (not even in Linux) unless you keep the onboard soundcard enabled on BIOS.

ac WiFi is not supported under pfSense!

1. Which device is recommended for my application? 2220 or 2440? I assume 2440 because of the ability to add extra storage for Squid, but I'll let the experts chime in. Building a fully UTM device, for ~14 users, with VPN & gaming on top and a future climbing up Internet connection till 1 GBit/s is not really the point, but more how many throughput you will get out after passing all this things!? So if i am in your situation I would more deal with the SG-4860 or SG-8860 or alternatively; Netgate RCC-VE 8860 (budget hint) self made SuperMicro C2758 self made Xeon E31225v3 self made Xeon D-1518 or D-1528 2.  Purchasing from Pfsense direct offers two support calls - Does it also include access to the 2.1 book that comes with Gold?    While I am not clear on its content, my hope is it include some 'recipes' for setting up and tuning configurations.  Most of what I've done has been based on Google-fu and forum reading, and I'm sure the book will cover topics not found easily in search. The most you will get out of the pfSense Docs because they are even maintained and a book get fast outdated The 2.1 book is available to get hands on The older book will be also nice to dig out informations about pfSense Also nice to have and getting much out of this Squid performance tuning 3.  Will the AES-NI of these devices help VPN clients on the network, or is it just for pfSense-based VPN?  Same question applies to the future implementation of QAT. Just for pfSense based VPN with best results using IPSec (AES-GCM) Intel QuickAssist is actual not present in the pfSense code or activated, but could be a real gain. 4.  Futureproofing is top of mind for me, as I expect line speeds to increase from my provider. Routing the 1 GBit/s will be not so far away, at the moment the PPPoE part is only single threated but not for ever and they are working on this I am pretty sure, because many peoples are getting 1.000 MBit/s or plain 1 GBit/s at the moment. I've spent a good part of the past two weeks reading about the SuperMicro 8-core builds, which the general consensus is it's massive overkill for my needs, I am not really sure about what we are talking here now, but let me explain it backwards for you. Please go and Google-fu for UTM devices and their price if they are able to deliver 1 GBit/s after passing the following tasks; NAT firewall rules Snort (IDS/IPS) http proxy (squid) AV Scan (CalmAV) And then we should talk once more about what is overkill or right sorted to handle this for; 14 users (likes a small or SMB company) Gaming, VPN, streaming, QoS, VLANs (perhaps) firewall, Proxy, IDS, AV scan (full UTM) tasks And then on top perhaps 1 GBit/s routing at the WAN port would be not really overkill to go with a 8 Core Intel Atom SoC in my eyes. Others might see it different. but my concern is when I do get gigabit and want to run all these services - will I need to upgrade again, No you don´t must do this, but if then only 200 MBit/s - 500 MBit/s throughput are there you must live with this. or would these devices keep me in firewall/content filtering bliss for years to come? Could be or not, this is not so easy to answer, because the development team is really hard working on the pfSense code!!! It could be that you were better gone with an Intel Xeon E3-1225v3 or, and this is the part no one could answering you today; netmap and DPDK will speeding up the entire routing process massively really CPU multicore usage also on the PPPoE WAN part will be jumping in Intel QuickAssist will be enabled to speed up OpenVPN & other VPN connections AVX/AVX2 registers will be used for some other parts to be acting faster or more strong Other unknown things are occurring and pushing the entire system based on there capabilities Again if I would be in your situation I would really thing about first or twice and the decide to go with something what is really nice, power saving, but strong enough to handle all this load and tasks! My favorite would be a SG-8860, Netgate RCC-VE 8860, Supermicro C2758 or a self made Intel Xeon E3-1225v3 system that is able to handle all of your wishes and fitting your needs. Being future proof I would suggest to go with AES-NI and Intel QuickAssist or on top ready for DPDK enabled software.

To all of you: Thank you for your replies - very useful. It looks like the SG-2220 is just what I need. I will order it one of these days from Voleatech. Thank you again. Vargr

Thank you for all the support. You guys come to rescue when ever I am struck. All these while I used to install using CD, typically it used to take ~20 min. And with this particular motherboard it completely failed. As recommended by BlueKobold I installed from USB pen drive and zoom it went with out any issue. It took just 90 sec for the whole installation. Thank you. Ashima

If you are really unsure, I would go with the M350 because this is 1000 times used to build a small router or firewall with success by many customers or users. You can´t anything wrong with it. Wise advice - I'll order the kit tomorrow !

No you shouldn't be concerned. We have 320's being brutalized as zfs-cache drives in "el-cheapo" archive servers and even with that workload they're handling that very well in the scope of being a consumer drive. @ddaniel51: Always take the erase-block-size of 256 pages (of 8k) into account. A block write on a ssd is not simply a written block as it is on a harddrive. https://en.wikipedia.org/wiki/Write_amplification

There is no WiFi ac support in pfsense at this time.

That didn't change between 2.2.5 and 2.2.6, there are no driver changes between those. The linked FreeBSD bug dates back 4 years. Your best bet, outside of getting better quality hardware, is trying 2.3 since Pyun noted there were improvements in FreeBSD 10.2.

@BlueKobold: Don´t spend $4500 for this! pfSense-store XG-1540 pfSense appliance with Chelsio dual 10 GbE NIC (LAN usage) fully offload VLANs ~$3050 with Chelsio dual 10 GbE NIC (WAN usage) fully offload NAT ~$3598 Would be in my eyes a really better deal for your company as you will be going by hardware from Dell. This might be more network related and is 100% running pfSense. Only my 2 cents. Thank you for your reply! The problem is that my company is located in Denmark, so if i purchase a box from pfSense, which will be shipped from the US i would have to pay import taxes in Denmark, and then the box would cost me $4500 anyways. The plan is to run a 4gbit through our new firewall as a start, so the Dell server would be more than powerfull enough. And we would be able to equip the Dell server with a Quad Port 10GbE card more if necessary. But do you know if the aforementioned hardware would work? I will under any circumstances consider to buy the pfSense box, so thank you for that information

Any use any of this hardware for expanding your port capabilities? Considering using a Tiny Box or Laptop with single port.

From the manual of the intel Atom C2000 (Rangeley) series from Supermicro it was be named better. C2000 Series SoC I354 built-in Quad-port GbE control-lers (MACs) w/Marvell 88E1543 Transceiver The LAN Ports so are definitive Intel ones (i354) and also Intel drivers would be used to run this LAN ports and not Marvell drivers are needed. The Marvell 88E1543 Transceiver or also called Marvell Phy or alternatively switch chip is transporting and coordinating the data flow, but there fore no driver is needed, it works total transparent in my eyes. Same as reported by www.servethehome.de in one of the earlier reports over the intel Atom C2000 platform here you can read it, search the document for "Marvell", please. Link The OS requires a driver to operate a device (i.e. NIC). Yes this is right but the Intel LAN ports only requires an Intel driver for the Intel i354 NIC and nothing more. IIRC A1SRi-2758F has a Marvell controller however Supermicro has an Intel driver posted on its website. SuperMicro are the vendor and producer, they should know what was soldered on the board and what kind of hardware is needing what kind of driver.

@RAND0M1ZER: Those Axiomtek boxes look really nice but unfortunately availability doesn't look too great Go to there website, have a look under resellers and go there or call them directly, I know some one here in the forum from Germany was getting on this way during 4 - 5 work days the NA342 (J1900) for 229 € and the NA342 with the other dual core cpu for 289 € and on both pfSense is running and performing well.

If it is a ZTE MF823 then it should work. Theoretically :)

Hi Guys Can anyone confirm that the Sierra 320u 4G Telstra USB Dongle is compatible with Pfsense 2.2.6? Thanks

If you have a C2758 1U appliance it could not be strange to test then the new Chelsio NIC out!!! Perhaps one prt will fit your needs and the LAG (LACP) is not really needed. The best bet related to the better driver support as an Intel 10 GbE NIC would be the Chelsio at this time it would be my first choice pending on this better driver support. You could fully offload the entire VLAN handling by using this Chelsio NIC. Would be nice as I see it. The processor can handle 10Gbe fine…? If not, they would not sell the XG-2758 appliance but no one knows what they have tuned or pimped or customized for getting a smooth and liquid working 10 GbE network This only can be answered from the pfSense developers or driver guys that where fiddling it out or was creating the appliance. https://store.pfsense.org/C2758/ I want to get this to replace the 4xgbit card https://store.pfsense.org/Chelsio-T520-SO-CR/ Fine thing, so you could save your configuration and try it out, the Chelsio might be configured to fully offload the entire VLANs. And before I would not try out anything likes a LAG (LAG) to be sure that the LAG is not the issue maker if something is not really working. Or something similar like intel card or whatever.  Doesn't matter, as long as it's 10Gbe and goes into the SFP+ ports in my Cisco switch.  Will make a LACP Lagg of course. Go with the Chelsio one, it is not more expensive then another 10 GbE NIC but is better driver supported. If nothing goes, or something can´t fiddled out by yours, I really don´t know your budget and the rest of your network set up or pfSense usage, but then I would hold the Chelsio NIC and sell the C2758 1U appliance at the time where one of the new Intel Xeon D-15x8 boards are out and available. They can handle 10 GbE connections with ease. There are three launching dates for the Intel Xeon D-1500 platforms and also three greater acting fields and 4 more detailed acting in fields! So you could also have a dedicated look on this platforms if nothing goes really as expected. One of this appliances is not so far away from the price for one XG-2758. But then you might be getting more choices then now, for nearly the same price.

it's a baremetal install :(

Hi, We have changed the Lan mode to normal but no go. We will try the beta and let you know the results also if its not ok we will submit a ticket on; https://redmine.pfsense.org/projects/pfsense/issues