First time Pfsense build

  • After upgrading my gaming PC, I know have a i7-7700K and z270 motherboard lying around doing nothing. I have a burgeoning interest in learning about networking and I'm wondering if it makes any sense to turn these parts into a Pfsense build. I have seen a lot of concerns about power consumption in many threads and I have no idea if this would be a good or bad thing yet. I don't plan on running this 24x7, but I would be interested in having it up when I'm using my main PC. I currently pay Comcast for gigabit internet. I'm also thinking about buying a 4 gigabit Intel NIC for use in whatever I create. Does anyone have any recommendations on the path I should take or whether there or more hardware options I should consider? What about wireless access points? I see a lot of good things listed about Ubiquiti AC Pro/Lite, but is it compatible or configurable with Pfsense? Any information is much appreciated! Thanks!

  • LAYER 8 Global Moderator

    Be it the box uses 5w or 5000w would only matter to you and your power bill.. If your ok with it using X watts then your fine with it using X watts..

    Put a killawatt meter on it, when its running and do the math to see if your happy with it being on either 24/7/365 or just the time you want to play with it for a while, etc.

    Yeah a 4 port nic is prob a good idea, you can really never have 2 many interfaces for your "router" ;)

    What AP you use has zero to do with pfsense, pfsense doesn't care nor can it tell the difference between a wired IP or a wireless IP, etc.

    I use the unifi AP on my home network - very happy with them..

    Only thing else I would suggest in hardware would be a smart switch (one that can do vlans) if you do not already have one - since if your going to start playing with this stuff, and you will have AP that can do vlans so you can segment out things you want to different networks, your going to want/need a smart switch.

    They range in price from like $30 to 300, or even more depending on the number of ports and features.. But a decent get you started smart switch will run in the 40 USD price range..

  • @johnpoz Thank you!

  • LAYER 8 Global Moderator

    NP - to be honest when I first saw your nick.. I was thinking this spam ;) And look to see if any attempt at hiding some sort of link in the post..

    Kind of an odd choice of nick, hehehe

    Lots of people here willing to answer any questions you might have on pfsense - feel free to ask away!

    BTW - do you currently have a switch? What is the make and model if you don't mind can see if supports vlans. Technically if you can plug the AP directly to port on your new pfsense box you could do vlans on it - but wouldn't suggest that unless all you wireless networks were going to be different then your wired networks connected to your other pfsense nics.

    Having a smart switch will exponentially increase your ability to do whatever you want with vlans be it wired or wireless networks.

  • @MaleSensitivity said in First time Pfsense build:

    Ubiquiti AC Pro/Lite

    I use these a lot and i do like them. The whole controller thing takes a bit of time to get used to but works well.

    Make sure to use the 5Ghz band if you are in an built up urban area, you notice lots of 2.5Ghz signals, the 5Ghz is much cleaner and gives better throughput as a result.

    Android app for checking wifi channels:

    In regards to getting into Networking, get a decent book and work through it, a lot of people who learn without books i find tend to not understand layer2 (switching) very well.
    Not saying you should get this book or even a cisco book but you are looking for one that covers Switching and Routing its important to understand both.

    For hardware why not buy a SG-1100 from Netgate? Cheap and works well, will probably give less trouble than a home built machine.

  • @johnpoz I understand completely 😂. From reading through previous forum posts, I gathered that most folks are not putting this much CPU on their builds. I literally just got the idea yesterday after realizing my TP-Link Archer c3200 software doesn’t have a firmware update button:).

    I’m about 10 years behind the curve when it comes to understanding I can do many things myself with a book and some patience.

    I don’t have a separate switch yet, but I do wonder if I can get by with a cheap $20 switch (something like a DLink DGS-105). Or do I need to dig a little deeper?

  • @conor Thank you for the book recommendation! I’m studying for the CISSP and this will be a nice edition to my library! I’m debating looking at a Netgate device. I was hoping to bring new life into old parts, but I’m also realizing that I may be spending way more than I actually have to just to learn. This will be an interesting journey indeed!

  • @MaleSensitivity said in First time Pfsense build:

    I don’t have a separate switch yet, but I do wonder if I can get by with a cheap $20 switch (something like a DLink DGS-105). Or do I need to dig a little deeper?

    Stay clear of TP-Link switches IMO, I use the POE+ version of these:-

    Like @johnpoz and many others I'm a Unifi user as well 👍

  • LAYER 8 Global Moderator


    That is just dumb u need dig about 20$ more

    Make that 13 se
    D-Link 8-Port EasySmart Gigabit Ethernet Switch (DGS-1100-08)

    On amazon for 33$

  • @johnpoz Fair enough...Thanks for the link! What is the added benefit? What features am I missing on the $20 version?

  • @MaleSensitivity said in First time Pfsense build:

    What is the added benefit?

    The added benefit is you can make a better (more efficient) network - like segmenting different ports on the switch to virtual networks you create on the pfsense box, some you can turn on and off the switch ports, some you can aggregate (LAGG/LACP) together for more bandwidth or redundancy, some you can turn into a mirror port to snoop on or monitor network traffic, you can prevent STP errors when one end of a patch cable gets plugged into the same switch (that's a bad thing), and LOTS more configuration options.

    A simple (dumb) switch offers none of that, everything is on the same subnet and all ports are able to talk to all ports with little to no configuration. If none of that stuff above matters to you, go ahead and get the cheaper switch. But, these days, with all the different gear that's possible on a modern network, it's NOT a bad idea to instead get the smart/managed switches.


  • LAYER 8 Global Moderator

    Yeah - if your going to buy a AP that can do vlans, and have pfsense that can do vlans... Only have a dumb switch defeats really the whole purpose of the firewall and AP that can do vlans.

    Without the switch that can do vlans you might as well just stick with your off the shelf soho wifi router..

    To be honest that they even sell dumb switches at all these days just rubs me the wrong way... Just sell the smart ones - users that have no use of any of the features can just use it as dumb which is how it comes out of the box, etc.

    Buying a dumb switch today makes zero sense - they are couple of bucks more..

  • @johnpoz That makes complete sense. Thank you for walking me through this!

  • @MaleSensitivity said in First time Pfsense build:

    I see a lot of good things listed about Ubiquiti AC Pro/Lite, but is it compatible or configurable with Pfsense?

    Forgot to comment on this part, sorry.

    Yes, totally 100% compatible. It's not "configurable" with pfsense, since pfsense is a firewall in this case. You have to configure the UniFi gear with a controller piece of software on your computer, a UniFi gateway/security box, or with their cloud controller they sell as extra.

    I run 8 of these access points in our building, along with the controller, and they all work wonderfully, along side pfsense.


  • @akuma1x I’m amazed at the amount of YouTube videos there are describing those APs. I may opt to just dumb down my TP-Link and use that as my access point once I get comfortable with PFsense. I also probably won’t use the 7700K. I might just pick up a Athlon 200ge and throw a NIC at it and experiment for a while.

  • LAYER 8 Global Moderator

    To be honest if you have hardware sitting there, why not just play with it... If the box is over powered - use it as a VM host, and run some other stuff on it as well as pfsense.

    I kind of miss the days when use to run pfsense on VM, since it was so easy to just play with snapsnots of dev versions - quick snapshot of the vm, and didn't have to worry about something going horrible wrong on upgrade, or F up in config, etc. Could always just rollback to last snapshot... I think in all the years I have been playing with pfsense that maybe happened twice.. And it was on some really early alpha snap, and not paying much attention to upgrade instructions, etc. etc. But it is kind of piece of mind sort of setup..

    But now that on actual hardware (sg4860 at home) I love that I can reboot my nas and other vms and not loose internet ;) so trade off..

    The unifi AP are great I have a LR, a Pro and a lite in my house.. I am really wanting to pull the trigger on nano HD model.. But hard to justify it to the budget committee (wife). heheheh

  • @johnpoz All of these devices are making my head hurt 😂. There is so much to learn! I’m going to do exactly that. Thanks again for your help!

  • LAYER 8 Global Moderator

    So many devices? there is a router, a switch and AP... Do you mean there are so many options to choose from - and you don't know which one of the unifi AP models to get?

    Comes down to budget and your clients really.. The AC lite prob a good starter AP and will give great performance..

    Pro is 3x3 mimo, while the lite is only 2x2... But what clients are you using, how many.. If your clients can not do 3x3 and don't have that many clients then you really wont see much difference between lite and pro model.

Log in to reply