If it doesn´t work with the Mellanox cards, would the Intel X520 DA1 be a better option ? I would say yes, but the best option for 10 GbE at the time is to get your hands on a Chelsio adapters like this ones from the pfSense store, they are best driver supported at these days.

Intel PRO/1000 Pt Dual Port Server Adapter ~$45 Seller: Bets Part Inc. Intel EXPI9402PTBLK PRO/1000 PT Dual Port Server Adapter - Network adapter - PCI Express x4 ~$25 Seller: AMTECH Intel PRO/1000 PT Dual Port Server Adapter - network adapter - 2 ports (EXPI9402PTBLK) ~$75 Seller: Digicom Technology LLC. Intel EXPI9404PTLBLK-1PK PRO/1000PT 4PORT - OEM SINGLE 10/100/1000 GBE PCIE LP QUAD NIC ~$56 Seller: AMTECH The last one would be my choice to go for pfSense, with 4 Ports and to this adequate price no problem! Cheap knock offs you will be able to get from everywhere, also fakes can be sold everywhere, but the RMA policy from Amazon.com is better then the one from eBay as I see it right!

WRT54GL is a Linksys rooter which can run linux. If works with Tomato, OpenWrt, and DD-WRT firmware: http://www.linksys.com/us/p/P-WRT54GL/ I've on the Wifi forum that power management is mostly never working, even if the option is available, so I'll stick with my Linksys AP.

Does anybody have a working setup with the I219V? Its pretty to new I think.

I scaled back to 8gb, which I know is still overkill, but it was super cheap. pfSense is using 2 GB together with Snort 4 GB will be right Set up a higher amount of RAM for Squid then the default 256 MB likes perhaps 4 GB increasing the mbuf size to 1.000.000 each pending on the number LAN ports and CPU Cores would need also something around 4 GB - 6 GB So I count 16 GB is well for a very fast pfSense & Snort & Squid, why this should be overkill? For sure if you only set it up and don´t tune it the whole RAM will never be used it is worse.

@power_matz: Yes, I have this fix installed. Do you think that this might cause the behaviour? I just checked to see if my box still had the mod as Its 30 miles away being used by friends.  It does so Id say that it seems to make no difference.  I am running a faster 533fsb 2.2 Intel(R) Pentium(R) M processor 2.26GHz on this guy with 2GB of ram. Clue?    Full install on HD but that shouldn't matter. $ dmesg|grep LED mskc0: <marvell yukon="" 88e8053="" gigabit="" ethernet="" (led="" mod="" 2.2)="">port 0x8000-0x80ff mem 0xd0020000-0xd0023fff irq 16 at device 0.0 on pci1 mskc1: <marvell yukon="" 88e8053="" gigabit="" ethernet="" (led="" mod="" 2.2)="">port 0x9000-0x90ff mem 0xd0120000-0xd0123fff irq 17 at device 0.0 on pci2 mskc2: <marvell yukon="" 88e8053="" gigabit="" ethernet="" (led="" mod="" 2.2)="">port 0xa000-0xa0ff mem 0xd0220000-0xd0223fff irq 18 at device 0.0 on pci3 mskc3: <marvell yukon="" 88e8053="" gigabit="" ethernet="" (led="" mod="" 2.2)="">port 0xb000-0xb0ff mem 0xd0320000-0xd0323fff irq 19 at device 0.0 on pci4 skc0: <marvell gigabit="" ethernet="" (led="" mod="" 2.2)="">port 0xc000-0xc0ff mem 0xd042c000-0xd042ffff irq 16 at device 0.0 on pci5 skc1: <marvell gigabit="" ethernet="" (led="" mod="" 2.2)="">port 0xc400-0xc4ff mem 0xd0420000-0xd0423fff irq 17 at device 1.0 on pci5 skc2: <marvell gigabit="" ethernet="" (led="" mod="" 2.2)="">port 0xc800-0xc8ff mem 0xd0424000-0xd0427fff irq 18 at device 2.0 on pci5 skc3: <marvell gigabit="" ethernet="" (led="" mod="" 2.2)="">port 0xcc00-0xccff mem 0xd0428000-0xd042bfff irq 19 at device 3.0 on pci5</marvell></marvell></marvell></marvell></marvell></marvell></marvell></marvell>

@neggard: But what make a CPU good for firewall use. I use Geekbench for my desktop CPU http://browser.primatelabs.com/geekbench3/4514496 If you go to that page you se alot of parameters test. What parameter is most important for pfsense in standardmode What parameters should be good when I use VPN or Squid? If we know that, people could choose the right CPU for their system and be more satisfied. What makes a CPU good for firewall use is the same thing that makes it good for general computing.  Faster (clock speed) is better, if you're comparing CPUs from the same family.  More cores?  Sure!  You can run pfsense on a server with 32 cores and 512GB of RAM and it will be a very fast firewall.  But that's clearly overkill. My most heavily loaded pfsense system is a VM (actually two of them) in a failover pair.  They each have a single virtual CPU running on Intel Xeons in the 2.2Ghz range (they're on different hosts with different CPU familes).  They each have a single virtual NIC.  The hosts have bonded NICs  (one has four 1Gbps, the other has two 1Gbps).  They route traffic between 6 subnets internally and the internet externally.  They  also host IPSEC and OpenVPN tunnels between four sites.  The WAN at this site is 100Mbps symmetrical.  With careful network planning, they are never a bottleneck. Once again, figure out your requirements first, and you'll be much closer to an answer.  Choosing hardware for pfsense is not like buying an appliance.  It's a general computing platform that happens to specialize in firewalling and routing.  The Cisco ASAs we use for client VPN access are old and run on (I think) pentium 4 technology.  But they work just fine in the context they were designed for.

Here are the Summits. They look good but around 3 years handles start falling off and other fun stuff. http://www.summitmt.com/product-category/manual-lathes/

and hundreds of thousands of people use UFS without incident, too. ZFS is in the system for a reason, and I'm not exposing it just yet.  (cmb was going to take it out, and I said, "No".) cmb is right in that it's not a good fit for a typical pfSense box.

@rippz: As I see it external WiFi access point is the way to go. The thing is all these "Access Points" you can buy nowadays are actually routers with a WiFi interface (at least the non-enterprise hardware). The only thing I found that supports the AC standard is: http://www.broadbandbuyer.co.uk/products/19129-cisco-smb-wap371-e-k9/ Not sure if this is available where you are but some of the "range extenders" from SOHO hardware manufacturers can function strictly as access points as well.  The  D-Link DAP-1650 http://us.dlink.com/products/access-points-range-extenders-and-bridges/wireless-ac1200-dual-band-gigabit-range-extender/ comes to mind, and includes a switch as well.

How about Intel "Driver  Health" I spotted in the BIOS on the Jetway??? Never heard of it? Maybe an ethernet watchdog?

I contacted pfSense support directly and they noticed that the configuration file set the serial speed to 9600.  I changed the value of serialspeed to 115200 in the XML configuration file and it works perfectly now. Hopefully this will help others in a similar situation.

Which NICs are you using on the Firebox? The box clearly doesn't fail entirely since it's still sending CARP advertisements preventing the Secondary taking over. It's not reachable on any interface? That's an odd failure condition. However, unfortunately, as Chris says the age of the capacitors in those boxes means unreliability can creep in. I'm running 2.2.X on the fireboxes I have FYI. No real issues upgrading other than the switch to DMA by default which can be worked around. Steve

the board is superb…works and feels damn powerful :) Tons of CPU settings that i never thought they exist  :P

@BlueKobold: For sure they will have their own charm and would be perhaps also chosen by the pfSense store and ADI to assemble some new boards for us, pending on the circumstance that this boards a capable to support both new functions, AES-NI and Intel QuickAssist. Perhaps we will see some interesting new versions of the XG-15xx appliance in the pfSense shop. I would be glad about to see something new coming in this direction. This https://store.pfsense.org/XG-1540/  is the early version, getting ready for this: http://www.adiengineering.com/products/bcc-ve-board/, and, quite frankly, this: http://www.silicom-usa.com/PE310G4DE488BS3_Quad_10GbE_Broadwell_DE_SoNIC_Network_Adapter_93 If you think we've not been involved in this since nearly day 1… you're mistaken.

I had thought that too but if you look at the video I posted, you can see the dash value is actually updating, it's just staying steadily elevated. I think I am missing the FreeBSD mojo to dig into what is causing this… interrupts??

I have changed NICs and get the same result. $ ifconfig lagg0 lagg0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=8009b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,linkstate>ether 00:21:9b:fc:d4:fd inet6 fe80::221:9bff:fefc:d4fd%lagg0 prefixlen 64 scopeid 0xb inet 192.158.25.19 netmask 0xfffffc00 broadcast 192.158.27.255 nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect status: active laggproto lacp lagghash l2,l3,l4 laggport: bge1 flags=0<> laggport: bge0 flags=0<></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,linkstate></up,broadcast,running,simplex,multicast>

Awesome!  thanks again, works a treat

Mainly for reliability. On my past experiences with raid software used as boot volumes, when a disk is breaking, the entire systems becomes unstable or there are unexpected behaviours, until the disk comes marked as broken. Also, during boot process could be a trouble, overall when is broken first hard disk, the system could refuse to continue to boot from second hard drive. Anyway, I have to admit I could be wrong with newer pfsense 2.x versions. Update: I have looked for better, and i found that Perc 5 is supported: https://www.freebsd.org/releases/10.1R/hardware.html#support Just scrolling down, close to line "[i386,ia64,amd64] The mfi(4) driver supports the following hardware: ". So the trouble could be from different origin…  :'( :'( :'( :'( :'( :'(

This is good kit, have one myslef :- http://linitx.com/product/linitx-apu-1d-4gb-3nicusbrtc-pfsense-msata-firewall-kit-black/14244 http://linitx.com/category/linitx-firewalls/1086 Alternatively just look at what these are built from i.e. APU 1D System Board with 4GB RAM.  TBH, you'd get away with 2GB RAM.  I have this setup, and with 50Mbit going via the firewall, with Snort & pfBlockerNG, it's around 50% CPU utilisation. http://linitx.com/product/pcengines-pc-engines-apu-1d-system-board-with-4gb-ram/14344 Stu