No.

@dreamliner: I'm looking for a solution that will allow me to restrict up/down bandwidth speeds to all devices on my network with an exclude list for a handful of addresses.  I'd also like monthly bandwidth reports. I bought a Buffalo router running DD WRT and that allows me to limit speeds to all connections and then add an exclude MAC list for other devices to get full speed. It doesn't have bandwidth reporting capabilities and uTorrent doesn't seem to be stopped by the global DD WRT bandwidth limiter. So I'm looking at pfSense. I was originally going to buy an ITX based system but the cost was over $300 and I wasn't sure if I needed all that or if pfSense will even do what I want.  I have an old Dual Core Athlon 64 system but it only has 1 10/100 onboard network card (its a Dell e521). I was looking for a Dual gigabit ethernet card when I came across some older atom thin clients with 3 gigabit ports on ebay that are preconfigured with pfSense for $108.  I'm wondering if they will have enough horsepower not to run into any problems and if they'd work for what I need. Here is a link to what I was considering: http://www.ebay.com/itm/Pfsense-2-2-HP-t5740-Intel-Atom-N280-2G-RAM-2G-Flash-SSD-3gig-NICs-Wireless-/261805580029?pt=US_Firewall_VPN_Devices&hash=item3cf4d41efd I don't really mind spending more money, but I'd hate to buy something I don't need. Thoughts? the question is: what's the intended throughput you would like to achieve? This affects the way you choose hardware. I saw from some other threads that platforms like Atom D525/D2550 can do somewhat 500-600Mbps NAT throughput. And I just bought a USD250 Celeron 1037U (with 6 x Intel GbE) which showed me 940Mbps NAT throughput (tested by iperf, link here).

Hello folks, But my question is if it can handle 100 Mbit/s through VPN aswell? For sure it can handle it, but as recommended to you it is also a very expensive solution.

Hi folks, there are often two camps if someone is talking about running pfSense VMs, the only ones love this and consider but the other ones hate it and don´t want drive it in productive networks. @kroberts Did you perhaps thought about installing OpenBSD and let pfSense running in a jail? Could be a solution for as I see it right. Intel CPU Intel Xeon E3 or Xeon E5 or the new one D-1500 would be great to know at first for us to come closer to the point and guess you something. For what exactly this pfSense appliance should run? Tasks? Users? Throughput? Intel nics – 2 of them.  I wouldn't mind more being present but don't intend to use them right now. Tyan S5530 ASRock D-1500 Platform Supermicro D-1500 platform 4g RAM, preferably can max at 8 Using ECC RAM can be good because the VPN keys are generated in RAM. Alix APU 1C4 - little dog Soekris net6801 (Q4/2015) - small bear Lanner FW-8895 - great beast Use embedded image, log to another box. In some cases related to the security it will be good, but then you can install as recommended pfSense on one "normal" box and the Squid, snort, logging and AV tasks on another one. At least one 8-lane pcie-v3 slot to handle a 10gbps nic just in case my scenario changes. HotLava Systems Multiport NICs High port density and much power by using original Intel chip sets can savemoney and PCIe slots as I see it right. Cheaper than QuickAssist hardware Ok at this point I want that we both think about what you really want and/or what you really need! The word "cheap" contingent on 10 GBit/s is here clearly a thinking false of yours! 10 GBit/s is not cheap and will not be cheap. related to the backside of the pfSense, I mean the connection to a DMZ or LAN Switch it will perhaps going, but 10 GBit/s at the front side, the WAN side I mean, we are talking about two different things and both are not cheap! pfSense is still OpenSource but this means not it can handle every stuff on a 35 € hardware. 1u or possibly desktop, 1u preferred Probably going to be Linux As a Squid Proxy with AV, SquidGuard, snorting and logging ok, therefore Linux will be also great, perhaps ClearOS or CentOS based. But this is not related to the pfSense hardware you are asking here. How urgent is vpn encryption in your scenario? For how many peoples you have to set this box? What kind and how much traffic is running through this Box? Is a smaller Box for pfSense and a greater one behind this box as a Squid, Snort, AV and logging proxy better for you?

Hello, The problem I have with them now is, that all I can do is sending them back for a replacement or buy new ones. For sure you have to do this also if you are using other brands, as I see it right. However soekris being based in CA and I sitting in Germany makes this somewhat difficult. Not really, you are able to buy them here in Germany also, did you know this? Tronico - Soekris dealer Passman - Soelris dealer Varia-Shop - Spare parts dealer I also can not effort to have one spare box in storage for any occassion when I just want to run a small office. But you could run pfSense on two boxes simultaneous by using the pfsync over CARP or VRRP so you would never standing alone there! Otherwise if a box dies it is not related to the brand on it. Dead is dead! Alix APU and Lanner FW-7525, 7535 or 7541 Will do the job also good enough for you, if crypto support for vpn is really important I suggest to go with the Lanner boxes, they are quiet silent and sufficient enough for a home usage up to 50 MBit/s VDSL or 100 MBit/s VDSL Vectoring. They can hold soekris vpn1411 cards or comes with native crypto support (7725).

Hello HodKenneth, this year you would have good luck and many choices to realize this project. But it is in mey eyes more owed to the circumstance what this Firewall must handle out for you. Soekris is bringing out at the Q4/2015 a new net6801box and you will be able to add 2 quad port NICs so you will get 12 GB LAN Ports at total! Is this sufficient enough for you? If not or you want to go by an X86 device that is more powerful and/or you need more GB LAN Ports I suggest to go by an Intel Xeon 4 Core likes Intel Xeon 1286v3 3,x GHz and a multi port HotLava Adapter, based on the total WAN speed of 300/30! Otherwise two different vendors are bringing out new Boards, shown at the CeBit in Hannover this year, at the moment they where no prices out for those both boards but they can fill the space between the Atom and real Intel Xeon, here are two links to them, right to buy at Q2/2015. Supermicro  X10SDV-TLN4F and X10SDV-F ASRock Rack D1540D4X Both comes with dual 10GbE LAN interfaces and would be powerful enough to handle your WAN stream. Like want to go, from top till down: Intel Xeon E3-1286v3 / 4 Core Intel Atom C2758 2,4 GHz / 8 Core Intel Xeon D-1500 2,4 GHz / 8Core Intel i5 / 4 Core Take one SSD or more as share see above at point 1 or go to Supermicro an serach the site for chassis No Squid, AV, Snort and other things it would be enough but as I see it right you can also pimp many boxes by and mSATA or SSD later with no problems, also.

Try TP-LINK TL-MR3020 and put OpenWRT on it.

@edwardwong: @mevans336: @edwardwong: My 1037U also come with case + PSU (not just a mobo), with CF card installed. But I have to agree that price on AliExpress is not that attractive (because the one I bought from Taobao is only USD 150) I guess we just need to wait for x86 to catch up. :) They do, look at those Rangeley platforms (C2358/C2558/C2758, some of them are selling in pfSense store), they are targeted for communication and really a good one, but too expensive, and that's the reason I built with C1037U instead. Hello, in the Q4/2015 Soekris will be placing his new net6801 model also with an Intel C2758 (8 Core / 8 GB) this could do this job also silent as I see it right, if you want to have a look over here is a Link to them Soekris net6801

ok thanks, I have emailed them to see what I can do Thanks

Righto, I'll give that a look later. I've switched to Hybrid actually (you'll see reasons why in a DM is sent you). Thanks :)

As far as I know the existing driver(s) only add support for the leds and reset switch. No other gpios. You would have to modify the driver or probe the gpios directly. Steve

for $400 just buy something from the pfsense store.

Just did another test in early morning, I can see that it's pushing to the limit (during speed test CPU usage bumps up to 50-70%) [image: speedtest.jpg] [image: speedtest.jpg_thumb]

If your home is wired for Cable TV, use MoCA for either another wireless access point in a better location or to plug into directly.

For anyone that might find this thread again;   - after a complete reload and more careful install of the various FireBox add-on's the box appeared to have become stable again, at least with no traffic load on it. The only conclusion I can make, which isn't very scientific, is that during the first install I must've gotten something configured sideways, or my particular box has a hardware issue, or that the network interfaces hang after load. Unfortunately, I couldn't risk another freeze like that and because I don't have enough time to troubleshoot it properly I ended up just switching to different embedded appliance I had laying around. Thanks to those who offered input.

@Pidjey: By the way, there are many linux services I would like to use (not avalible in FreeBSD) 'many' : Any of them something you should be running on a firewall appliance? Or not already available as a package format? "load balance with one wired and 2 wireless connection". That just sounds as a recipe for disaster! But if you insist on using WiFi as WAN connections : < I would personally never use a setup like this for anything resembling business use / high uptime required > I would plainly use "stable" AP's/receivers that receive the signal, and move it down the line by wire and feed it into your firewall. Your wifi is no longer bound to FreeBSD drivers. Signal/noise ratio will be better in almost every case (range of most USB wifi dongles are f* horrible). No USB adapters (really, why even try..). 1 onboard nic / 1 dual port NIC expansion and you are set. or vice versa. As to your opening post. Hyper-V seems to be functioning quite well for some people. A usefull thread might be : https://forum.pfsense.org/index.php?topic=75549.60 You will loose performance in any case. Especially on lower end hardware. And I would still recommend against the use of USB adapter of any kind, let alone combined with a hypervisor / virtualisation layer.  3G/4G is a different matter.

I can confirm the onboard broadcom nic on the N40L does get detected.

You have powerd running on the cooler laptop. Steve