@stephenw10: The reasons you might use an appliance like this do not include having recent hardware.  ;) They include the nice rack-mount enclosure, LCD and cursor controls, large number of interfaces, very cheap! Exactly the point im after… Most of which can be re-used even with a new motherboard / processor combo which in one way or another increases the "muscle" There are still significant people using the Firebox X-Core boxes and those have a Celeron from the Pentium 3 era for the above reasons. Steve Fair enough Steve, but im pretty sure this is a viable ( $$$ ) option even after and upgrade as it has multiple slots available at the back which comes down to what you want to throw into it and what pfSense supports as far as hardware. @bryan.paradis: Expandability is one thing. You only have 1 x 16 and a mini-pci on the mitx board I mentioned. Impossible to squeeze in much more. Still that is a quad port pci-e + 2 additional gig ports off a mini pcie to low pro slot. Full ip kvm, serial over lan and other features are nothing to sneeze at. Especially when the i5-2520m could run pfSense in a VM and still beat the snot out of older hardware. There is also power consumption to look at thought maybe that isn't a concern for you. I have a dedicated 16port IP KVM in the rack, but for what is worth i rarely ever use it as most of the servers have RDC or ILO present which i can log into and view it what way. The way i look at it is the case and power supply is probably the only thing that is going to remain untouched ( maybe not even the case ) as for what im looking at even a single 3GHz Duo Core Xeon will do more than i will ever need it. And then i can still add in a 10GBe Myricom card as well as 2 quad port HP NICs. For $100-150 you cant even find a decent rackmount case as Steve has mentioned it…

Thanks for following up. That's odd that they misbehave even with a jumper to disable the bypass.  I could understand if the BIOS code was somewhat buggy but a jumper?  :- One possible cause, and this is purely speculation, is that there is significantly more exposed conductor and potential bad contacts due to the relays and jumpers. This might mean the connection quality is lower on those ports. It shouldn't be though. If that is the case you may find them perfectly stable at 100Mbps if you force that. Steve

When you added the additional interfaces did you add a gateway? You should not have done if you did. Go to System: Routes: Gateways:    You should have only one gateway there, the WAN gateway. If you have more remove them from the Interface setup page and them make sure the WAN gateway is set as default. If you have any problems try posting a screenshot from the Status: Interfaces: page. Steve

Ok, thanks for this info. Maybe I found an distributor for the TP-Link card…..... ;D So I hope I can build up my 3 AP's with these cards. As soon as the new pfsense 2.2 is available, I will test it..... 8) Oh, "it is ready, when it is ready" is much more better, than beeing "fast". Mozilla and others accepted this, too. Some others not, but this is an different topic. ..... ;) Regards SNR

Supermicro PDSMI+ with a Xeon Dual Core 3070 is a spiffy little system for under $50. Its FAR from a great system but its cheap and fits in a 1U case. Dont remember if its ECC or not. EDIT: Yes its is ECC capable. Up to 8Gigs.

@dreamslacker: Just setup a MSI H81i board with pfSense 2.1.  Same issue with the AsRock board - AHCI has to be disabled in BIOS or else GEOM won't see the drive. It'd appear to me that Gigabyte is the only one (for Haswell) without this issue at the moment (I don't buy Asus due to warranty issues - lousy distributor here). I had no problems with achi and my asrock h81-dgs with 2.1.1 prerelease

Attaching pictures… [image: WP_20140226.jpg] [image: WP_20140226.jpg_thumb] [image: Capture.PNG] [image: Capture.PNG_thumb]

This might be a stupid question but can you fit two FW-7541 side-by-side in 1U? It's possible with the Alix and was possible with one previous Lanner product (it seems they "lost" the feature with their current line)… While the FW-7541is definitively more powerful, it would "eat" 1U more in the datacentre if you want a pair of them.

@midacts: I think it might be nice to have a few more options for pre-built appliances like that. The pfsense store does not offer that many pre-built solutions, so many having a few more option, may help those that are new to pfsense or are intimidated by it to give it a try. … yet.  8) 8) 8)

@bryan.paradis: Are you running in a virtual machine by chance? No I do not. Regards

@Jason: The problem with Chinese knockoffs is that even if those are actual Intel controllers they're not likely to be first stock chips or contain other substandard parts. Surprisingly, the units that I've gotten are using decent electronic components.  I do agree that they might not be using top yield controllers though I've not encountered any issues so far. It must be noted that what I've got isn't a knock-off/ clone so this wouldn't apply to those units that are actually direct knock-offs.  It's actually designed by their own engineers (not sure if this is a good thing but their PCB layout does seem rather decent).

IMO, if someone posts, "I need a <foo>", and someone has one to sell, they can contact the wantee off-forum (or PM, or whatever). I don't want to turn the forum into a swap meet.</foo>

It is not a need… It is more of concerns about the uncertainty of the issue.  I am a little concerned that something might come up and I do need to manually switch to the backup without physical access to unplug a cable to work around it.  I worry more that the problem might show up in a way that I have not tested yet since I do not understand the real cause of the problem. I have some i350 cards coming in to test instead of the Quad Intel ET2 cards but since they use the same igb drivers I suspect I will have the same issue. EDIT:  Keep in mind that high load as I defined it above is only a single TCP connection taking up 600mbit of traffic which is something that could happen somewhat frequently depending on what is transferred between interfaces at times(backups, file shares, deployments to production servers, etc).  It is the manually disabling Carp that would be infrequent of course.

Indeed, running pfSense virtualised is a good option on massively overpowered hardware. At least you can then use it usefully for something else and you can very easily allocate more resources if your requirements go up. The two options you have suggested are at the two ends on the hardware scale. The Dell is massivelt over powered, the Alix (current model) is not powerful enough. The performance of the new Alix APU board is largely unknown but it will firewall/NAT 110Mbps. It may not run Squid and Snort at 110Mbps. Steve

If you search the forum for 'v120 firmware' you'll see a few pages where I've mentioned it. Also there is quite a long thread on the Plusnet forum discussing the V120 and various firmwares here: http://community.plus.net/forum/index.php?topic=95503 Steve

So basically to do that you need the Squid webproxy, Squidguard web filter and ClamAV anti virus packages. To get all those running is probably going to take some tweaking and reading of various how-tos. If you are ad-blocking at the firewall it may well cause tracking problems, usually that's a good thing! I find it far easier to run adblocking locally in the browser. That way I can easily whitelist sites that I don't mind the advertising on (like this one!) or disable it when I get to some site that doesn't work at all because some thing is blocked. Increasingly Ebay works less and less with stuff blocked unless you carefully train the filters. There is little point in having a huge cache in Squid especially for a relatively slow home connection, you won't see much increase in speed. It would be better to give a large RAM cache, which will be much faster. Caching Windows updates can indeed be a problem. They use a CDN so the update files may not come from the same location making it difficult for Squid to know they are the same file. There are various threads and docs on that. Yes that's exactly how VPNs work. Though you could configure some stuff to connect directly. You may have some issues with an 8111F. I can't remember quite what the current support is but I believe it wasn't supported by 2.0.3.  :-\ Hmm, have to check that. If it is supported you should see any loss at 30Mbps. If you use a wireless router as an access point you usually have to use one of the LAN port the connect to it leaving only three but, yes, those are then usable as a LAN switch. Some firmwares allow you to add the WAN port to the LAN switch getting around that problem. Steve

I had an Alix 2D13 running 2 WANs on the physical WAN port, by VLANs, 3 VLANs on the OPT1 port for various local subnets and the real LAN port being an ordinary LAN (I did that just so that I can always easily get to the webGUI by connecting physically to LAN, even if all the VLAN switch configs are gone). No trouble running VLANs on that. With multiple WANs I have trouble during failover - with 2.1.* at lot of stuff fires up at once failing over OpenVPN server/clients, doing DynDNS updates… and it sometimes runs out of the 256MB in real time. That means some process/es implementing the failover changes get killed, and so some things in the failover do not always implement. I believe this should be better in 2.2. Anyway, just saying that in a multi-WAN scenario on 2.1.* 256MB is not quite enough memory.

Well a pci-e NIC is always going to be marginally faster than a PCI NIC but at 50Mbps it shouldn't make a measurable difference. Some low quality NICs report having various hardware offload capabilities when in fact they don't or it's broken. You could try going to System: Advanced: Networking: and disabling the various offload options. Or just leave well alone since it's now working.  ;) Look to get more Intel NICs if you can for reasonable outlay. Many people are running Realtek with no problems though. Steve