Will this hardware run pfSense and support 300 Mbps with IDS/IPS, DNS over TLS and pbBlockerNG

  • I have been SA for years but I have never dug into network security (never needed to) and I am new to pfSense. Please go easy on me.

    I have been wanting to implement a whole house FW to protect my server and everything else at home. I was going to buy Netgate's SG-3100 but I have a spare desktop PC lying around that I thought I could put pfSense on.

    Before I do, I wanted to make sure it can handle my use-case, specifically maintaining 300+ Mbps. My internet is 200/35 but I might upgrade it soon. I'd actually love to know the max throughput this setup should be able to handle.

    • Motherboard: Intel Desktop Board DG33BU
    • CPU: Intel Core 2 Duo E7500 @ 2.93 Ghz
    • Memory: 8 GB DDR2 SDRAM 800 MHz DIMMs
    • HD: 640 GB
    • Video: EVGA GeForce 210 Passive 1024 MB DDR3 PCI Express 2.0 DVI/HDMI/VGA Graphics Card
    • Chipset: Intel G33 Express Chipset, consisting of:
      • Intel 82G33 Graphics and Memory Controller Hub (GMCH)
      • Intel 82801IH I/O Controller Hub (ICH9DH)
    • LAN Card: Gigabit LAN subsystem using the Intel 82566DC Gigabit Ethernet Controller

    I would, of course, buy one more LAN card so I have one for my cable modem input and one for my existing router output. Not sure which LAN card to get so if there is any advice/recommendation on that please let me know. Or, if the onboard LAN card is no good, I can get two since the MB has 2 conventional PCI slots and 1 PCI Express x1 slot.

    At minimum these are the things I know I'll be configuring:

    So, two questions I am hoping the community can help me with:

    1. Is my hardware powerful enough to do what I want?
    2. Are there other packages/configurations folks recommend/advise?

    Thanks in advance!

  • The current CPU doesn't support AES-NI though. :(

  • Netgate Administrator

    pfSense 2.5 will not require AES-NI in case you missed it: https://forum.netgate.com/post/823904

    That hardware will be fine for your 200Mbps connection. It will pass 1Gps but possibly not with Snort/Suricata, it depends at lot on what ruleset you have loaded and how it is tuned.

    You have it already, try it and see. It will be good experience either way. I would pull that graphics card in favour of the on-board graphics to free resources and reduced heat in the box


  • @stephenw10 Thanks. To test it I would need one more LAN card. I want to avoid buying things I don't need. I'm caught between using this desktop, buying an SG-3100, or holding out for Ubiquiti's Dream Machine (https://www.reddit.com/r/Ubiquiti/comments/b0s5ig/unifi_dream_machine_added_to_earlyaccess_store/).

  • Netgate Administrator

    Well you could test the throughput with just the two cards you have. Add a third interface once you know it will handle that.


  • @stephenw10 Two cards? I only have one ethernet port right now. I have a wifi adapter I can plug into it just to see what the pfSense experience is like and to see if its too complex/confusing for me. Thanks!

  • Netgate Administrator

    Ah, sorry I thought that board has integrated Ethernet and you had a card in there also. I assume those are same thing then.

    Using wifi is not going to help your experience! Especially if that's not as an optional interface. Better to use VLANs and a managed switch or even a USB NIC (which also isn't recommended). But Gigabit Intel NICs are common and cheap grabbing one of those would be best.


  • @stephenw10 Agreed. Plan is to install pfSense just to get a feel for the OS/experience. My networking knowledge is not great so if I can't figure it out then I want to know before I buy a new LAN card. I've seen some videos online with screenshots and those screenshots had many terms I don't know so I'm a little worried. Just created the USB installer so I'll see how it goes.

Log in to reply