PfSense firewall appliance build - encrypted

  • On the public build list is called: "pfsense firewall appliance?"

    For $535.51 I've put in an Intel Celeron 4-core processor released in Q1 2016 with AES NI support (J3160)

    16GB DDR3 Kingston RAM (2 x KVR16LS11/8)

    64GB CFast 2.0 from SanDisk Extreme Pro with a SATA adapter ( CFast Card to SATA Adapter with 2.5" Housing - Supports SATA III (6 Gbps) - CFast Memory Card Converter - OS Independent (CFAST2SAT25) )

    Dual NIC PCI x1 card with Intel chip (10GTek with Intel 82576, off brand) (would the card be supported by the em(4) driver?)

    The power supply comes with the motherboard and is rated for 65W. I think that might cut close to power requirements assuming the NIC takes 20W and the rest takes 39W. However, I have no idea how much power the NIC will draw.

    …and fanless case

    The ASRock mITX motherboard (J3160DC-ITX) has a TPM header. My question is: can one encrypt the pfSense install on the CFast card to boot from it? (I have experienced theft at this location.)

    The 16 GB RAM is for lots of packages and rules. Also, a possible VM setup to encrypt the install if pfSense doesn't support encrypted install.
    If VM is created under Ubuntu 16.04 I think splitting resources in half would work for the VM of pfSense.

    Your feedback is appreciated.

  • ok, I've just seen this thread on encryption:

  • Netgate Administrator

    That's a really old thread. You might want to check out 2.4 with ZFS options. For example:


Log in to reply