@shehan31: @cmb: You'll have to switch to 64 bit to have 4 GB of usable memory. You're nowhere near using the 2 GB you have so not sure there's a pressing need to bump it to 4 GB. Still would be a good idea to switch to 64 bit assuming it's a 64 bit CPU. So what will happen if I plug other RAMs. You end up with more unused (wasted) memory.

Probably 9 - I've already got the back up config saved ;)

I know the amount of packages you're using affects the performance (throughput) you can expect, but on a hardware-level, what performance can you expect from what kind of hardware? This is owed on so many points that it is really hard for someone to answer this question right now! Which packets are you running and what is your config? You have no need of massively DPI usage but I am using this and so we both have a 100 MBit/s Internet connection up and running and I am running a Intel Xeon E3-1286v3 @3,4GHz and you only an Intel Atom D525 and we both gets around ~60 MBit/s - 80 MBit/s throughput, but on my side the DPI is running and on yours not!!!! Thats it. Please have a closer look at pfSense hardware Overall it's really hard to find any performance numbers on pfSense-boxes, like some kind of sizing-guide… I have found http://www.firewallhardware.it/en/pfsense_selection_and_sizing.html which is an interesting read, but there's a big difference between for example their UTM4 (INTEL Atom Dual-Core Processor D525 (45nm,1.80GHz,1024MB L2 Cache)) and their Power UTM (INTEL Core i7-3740QM Processor (6M Cache, up to 3.70 GHz)): performance numbers are about 50% higher, but the CPU has double the amount of cores running at double the speeds. A router is not a firewall and a firewall is not a UTM device! Comparing them against is like; pfSense only and 1 GBit/s WAN connection = Intel Celeron G3260T is sufficient pfSense SPI/NAT/Firewall only = Intel Atom C2358 is sufficient pfSense & Squid & SquidGuard & Snort = Intel Atom C2758 would be sufficient pfSense & Squid & SquidGuard & Snort & HAVP (ClamAV) = Intel Xeon E3-12xxv3 would be sufficient Each firewall rule, each DPI usage, each IDS/IPS usage and HTTP-Proxy or AV Scan on top is slowing down the entire pfSense firewall. My box has gigabit NICs, but what does affect the attainable speeds? The CPU? The amount of CPU-cache or cores or clockspeed? All together want to make it a round thing! The RAM: the amount or the clockspeed? Unix, BSD and Linux cant have enough RAM, if you install much packets and activating much services and then you feed it with multiple GB WAN connections, both is really urgent. The best at these days is to go with ECC RAM at 1600MHz or 1866MHz 2 GB Firewall only 2 GB - 4 GB Firewall & IDS 2 GB - 8 GB Firewall & IDS & Proxy 8 GB - 16 GB Firewall & IDS & AVScan & highing up the mbuf size & using a greater amount for Squid 16 GB - 32 GB all above and massively VPN connections from road warriors. Running from CF vs HDD vs SSD? CFCard = read only = more secure HDD = cheap + huge storage and fast SSD = more storage and super fast In my setup, there are two WAN-connections (up to 100mbit) connected to my pfSense box, there will be NATting, port forwarding, WAN loadbalancing and failover and some rules to direct traffic through one or another WAN-link. Dual WAN & Load balancing service based session based policy based An Intel Celeron G3260 @3,2GHz, 1 SSD, Intel Quad Port  server adapter and 2 x 4 GB should do the job fine, perhaps snort on top will also running smooth and liquid. On the internal side, connected to a gbit switch there are some internal VLANs defined with firewall rules between them. I assume that's nothing exotic. Can I expect to reach that 1gbit speed internally? For hwo many and what art of clients this must be running? How many data will be pumped through!? Why not buying a Cisco SG300-28/48 switch and let him do it in wire speed? Why all the firewall or router must do it? This on top and the Celeron G3260T is not able to do as I see it right! What if I want to do IPSec in the future: are VPN-cards still the way to go, or are AES-NI-capable CPU's a better way? This is quite and still easy to answer for you and me and the most peoples here in the forum it will be the AES-NI solution, at work we were starting setting up VPN servers based on CentOS & SoftEtherVPN with de-compression cards and VPN crypto accelerators to get the last bit out of any connection. So if I see it right you should go with an Intel Xeon E3-1231 or 1241 with Intel Quad Port Server adapter Intel Core i5 but then the greatest you can get your hands on with Intel Quad Port Server adapter Intel Atom C2558 or C2758 The SG-xxxx units from the pfSense store could also something for you!

@BlueKobold: If you have a Core i3/5/7 or E3 or E5 CPU system it would be enough to run virtual pfSense on Hyper-V or ESXi, today there is no need of this cards for visualization, As above - Modern enterprise grade hypervisors are very secure, there is no need for a pci-single board computer these days.

I am really fond of the 1220L. A 20W chip with AES-NI…Cost is like 5x more though. So depends on usage. If your using VPN or loads of packages use the 1220L. If just a starter box I would use the G1610T unless you are seeing your cpu usage at high levels..Are you using a headless arrangement? 20W with good speed. http://www.cpubenchmark.net/cpu.php?cpu=Intel+Xeon+E3-1220L+%40+2.20GHz 35W and slower http://www.cpubenchmark.net/cpu.php?cpu=Intel+Celeron+G1610T+%40+2.30GHz

Have you ordered this yet? If yes..Same one I am looking for…Can you please share links where you purchases? ...Thanks

According to some pictures online the riser card in that thing is PCI so you'd be limited to PCI expansion cards for additional LAN ports. But if you have a hard drive laying around that you can throw in it for $20 I'd try it out.

@BlueKobold: All it takes is taking to units and performing an actual test across a gigabit switch… This way I don´t love to see, because this is then not really interesting. Better to go by a 1 GB line and see what between two boxes would be able to handle is a right way in my eyes. Performance numbers on data sheets are almost always in "ideal scenario" environments. If they're measured the same way as the non-AES-NI numbers, they are a good comparison. So… since 2.2.4 is released in the mean time: any update when these numbers can be expected?

The http://store.pfsense.org/SG-4860-DUAL/ without the second unit might be a low noise option that is rack mountable.  It still has the power supply external. They would have to be special ordered. It might be possible to qualify a "premium" – quieter fan for the chassis, if there was enough interest.  We'd have to stock a second set of fans and run a thermal qualification test.  There might be a minimum order quantity requirement, depending on if there was enough interest.  The downside I see with this, is that the current 1U offering is designed for maximum thermal performance, most things that can be done to decrease the noise are going to decrease the maximum operating temperature. When you have a firewall mounted in a cabinet/rack in a closet, that has no air-conditioning it can get very warm.  We've seen units in the field that are reporting 120F/48C,  The "official" rating for the 4860-1U is 50C ambient temperature.  It can probably safely run a fair bit more than that.  The CPU is rated to safe operation up to its thermal shutdown point of 100C, but the CPU is always going to be warmer than the ambient, and the power supplies are not rated to 100C, so things get complicated quickly, designing a system.

Nope, it's more like SG-2220 starts to be available now. At the Voleatech store you can pre-order them.

Motherboard.. This is the main component of any PC , Server or appliance! The CPU, RAM and drives and all other devices are connected to this main component. Small means the CPU, RAM, PCIe card, miniPCI(e) card SSD/HDD. @queens: Thanks for the help! I'll be trying it soon. You should not wait as I see it right, do it now, there is no other trick or tip to surround this situation.

Has anyone benchmarks? If you use a PC Engines APU 1D4 board you might be enabling the PowerD (high adaptive) option that might be realizing more throughput by using the CPU in another way.

No issues at all in my main PC. em0@pci0:4:0:0: class=0x020000 card=0x11bc8086 chip=0x10bc8086 rev=0x06 hdr=0x00     class      = network     subclass  = ethernet     cap 01[c8] = powerspec 2  supports D0 D3  current D0     cap 05[d0] = MSI supports 1 message, 64 bit enabled with 1 message     cap 10[e0] = PCI-Express 1 endpoint max data 128(256) link x4(x4)                 speed 2.5(2.5) ASPM disabled(L0s)     ecap 0001[100] = AER 1 0 fatal 1 non-fatal 0 corrected     ecap 0003[140] = Serial 1 001b21ffff95f5fc   PCI-e errors = Non-Fatal Error Detected                 Unsupported Request Detected     Non-fatal = Unsupported Request Now that this bit is sorted I guess this is where I go silent and find a way to get it working on the intended hardware. Thank you.  8)

I think you've nailed it. Our setup is: Internet –- ISP --- Cisco Router --- transparent pfSense --- LAN Switch Running in transparent mode is perhaps a so called fine thing, but bridging ports together brings often more then one failure or problem in the game, likes; port flapping packet loss packet drop We have a single 100Mb/s link from the Cisco router to pfSense. This is in my eyes then the bottleneck here in the game. It's only the link to the LAN switches that had the LAGG, which was 2x 1Gb/s links in LACP. Try as suggested the round robin method for filling the pipe constantly. I'm guess it's this mismatch that is throwing things out. I'll wait for the router to be upgraded first before testing matching LACP LAGG on both sides. Would be the best in my eyes too! Or go by 10 GBit/s from the router to the pfSense and then with 10 GBit/s from the pfsense to the LAN Switch, it would be better in my eyes. I'm going to remove the LAGG group from our LAN to go down to a single NIC both sides of the pfSense bridge. Ok

Unfortunately, the ad went down two days ago and I didn't recieve any feedback on shipping. Has anyone had their card(s) shipped? EDIT: After asking the seller whether he'd ship the card, in less than an hour, ebay has decided to interfere and refund me in full. Whatever this guy was doing, ebay didn't appreciate it…..

It's also silkscreen printed right on the PCB next to the power connector :-) 7-18VDC, though the text specs say up to 20.

How do I configure them to present a standard SSID to the house? Wireless Interfaces

Yes it's overkill and more power but it gives me more options For sure it will! You will be able to run all packages you want and with a sufficient SSD drive this will be a really hardcore pfSense box! You can be; under performed = nothing goes right performed = all goes but with small or no headroom over performed = likes "right performed" but for a longer time of usage What's a good Intel quad NIC? I see a lot on eBay, some Dell branded, etc. Intel NICs would be the best choice! $18.99 Intel i350-T4

@BlueKobold: In our company we had not only one times a problem with this boards or their IPMI LAN Port Maybe you just don't know about the problem. https://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_July_2014 https://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013