Finaly after thne change hardware the firewall is not crashed, its working with Xeon 5570 dual cpu and 64GB memory. This day we have received an attack again with 1 GB traffics everything is working fine… For now i should be get snort packages with session limits per ip base...Could you pls share us config types?

You are unsure if 1000mW is legal in the US? You can always use a very bad antenna! The legality of the rig is the combination of the output power and the antenna gain. You can still be over the limit even with a low power card if the antenna has sufficient dB gain. The driver has a setting to limit the output power anyway so you could just turn it down. Steve

Ah, OK. Since you haven't altered the bridge sysctls they will be set to filter on 'bridge members' and not the bridge interface. What firewall rules do you have and where are they? Steve Edit: Look's like Wallabybob's got your back in the other thread.

The CPU is just sitting idle. It never peaks - eg I can sit there in console with vmstat and not see anything significant. I'm using a power brick from an old Linksys modem - I forget what it's delivering, exactly, but it's right/above what the ALIX was designed for (I double checked when I started using it). I don't have access to the modem. I've not been able to get into the interface yet, like I have been able to with different modems in the past. Latency isn't really a "problem" - it's "normal" for what can be expected for around here, maybe even a little on the good side (30ms average for in-state type connectivity, 50-80ms for elsewhere). Statistics on the WAN interface right now (9 day uptime - I have it scheduled to reboot twice a month on the 1st and 15th) are: Media 100baseTX <full-duplex>In/out packets 67722571/67602120 (53.00 GB/46.54 GB) In/out packets (pass) 67602020/67949144 (52.98 GB/46.54 GB) In/out packets (block) 120551/100 (14.90 MB/7 KB) In/out errors 0/0 Collisions 0 I've never seen an in/out error that I can recall. I can ping eg. google.com all day without any packet loss and 60-65ms latency. Even with a larger packet size (eg ping -s 512 google.com) - I still have low enough jitter for VoIP to be usable. 54 byte packets: –- google.com ping statistics --- 137 packets transmitted, 137 received, 0% packet loss, time 136181ms rtt min/avg/max/mdev = 62.516/68.732/155.162/17.354 ms 512 byte packets: --- google.com ping statistics --- 145 packets transmitted, 145 received, 0% packet loss, time 144199ms rtt min/avg/max/mdev = 62.938/65.415/138.578/6.573 ms (Ironically, the larger packets have a shorter round trip... which makes sense due to prioritization I suppose.)</full-duplex>

Wow… sorry for this late response. Thanks for the answer. More RAM is what is (probably) what is needed. I am not to sure what to look for in the logs. But I can say that even though they do not log graphs from time to time then these boxes run dead stable.

@stephenw10: @m4f1050: Why the "N" support? 802.11N is not just more speed.  ;) Your X700 has only 10/100 ports anyway. The maximum throughput is also less than 450Mbps. (less than 300Mbps?  :-) I believe there are cards which support 'Super G' mode if you have compatible chipsets at both ends. Steve At first I wanted less devices on my network but FreeBSD 8 didn't have 802.11n support…  What I wanted out of 802.11n was to max out the 100 of the port connected to my gig switch, but if it's not going to reach 100 with FreeBSD 9 then it's not even worth it anymore to go internal wifi.  Why I am going to do the N900 on my internal network and leave the pfSense just for what it is, a firewall.  :)

Hmm, I'm quite surprised by that. I would have assumed a 200W PSU would be fine. Also I'm surprised you can get 25A through a barrel connector without it melting!  :) Steve

When you tether by USB your phone MIGHT be recognised by pfSense as a USB ethernet interface. Please tether your phone then give the pfSense shell command``` usbconfig show_ifdrv PfSense is not yet well equipped to deal with intermittently connected devices. You will probably find that pfSense doesn't reboot cleanly on the first reboot after you have configured your phone.

A search of the wireless forum for ar9285 showed a number of entries reporting experience with different cards using that chipset.

I changed it from AHCI to IDE and it still was no go.  Btw I just tried the daily builds pfsense 2.1Beta1-pfsense it worked!!  Now I need to do some testing and lock it down like my Cisco ASA 5510.  ACL's suck

check logicsupply's rugged pc's.

It was not based on speculation (not mine anyway)  ;) @https://twitter.com/pfsense/status/309519811950571520: 2.1-RC1 coming soon and a new edition of the book. stay tuned! I completely agree that the pfSense team is very good at resisting pressure to release before it's ready, and that's a very good thing. Steve

Also the SIA210? Where did you order yours?

@xVxSemperFi: BUT I recognized a problem after my first reboot. The Stick was not found, and the config was lost. After I repluged the stick I could configure it again. So the device firmware will be available to the device driver BEFORE the root file system is mounted, you need to add the line``` runfw_load="YES"

That works fine, it wouldn't stomp on the boot portion of the device.

What change did you make? Steve