Planning a New upgraded pfsense build

  • I’m working on building a new pfsense firewall for our business, probably in abit over my head here. Currently using and old PC with pfsense installed. We have it set up to allow “email only” but are looking to add filtered browsing on select devices on the network.

    Should mention current setup offers pretty slow browsing/download speeds the few times it is allowed.

    But I’m wondering what would be my best route to start new.

    Update network cards and add a different pc?

    Or get one of these: (not sure if is serves the same purpose) QOTOM Q330G4 Barebone Mini PC - Core i3, AES-NI, 4 Intel LAN, 15Watts, Industrial Mini PC Firewall Gateway Router (Q330G4 Barebone) [link removed]
    Any help is greatly appreciated

  • @Wijet What internet speeds?
    How is the lan structure.
    What filtering?
    Pfblockerng is needed?

    Describe your situation in more detail

  • internet speeds: we have a dedicated 10 gig download speed. And 4 gig upload

    Structure: our system is set up as this: internet connection thru pfsense router which then gets bridged to about 7 different buildings.(about 10 pc’s total)
    (Yes I know my description sucks)

    Filtering: basically want to block social media, adult context, basically anything not business related.

    Allow for example- google but no YouTube
    Not familiar with packages much, up till now we’ve simply blocked all ports but what was needed to send/receive emails

    Also having issues with VPNs currently as well (I know they are tricky to block) @netblues

  • @Wijet 10g, 7pc, no internet access so far.
    One wonders what for.
    Certainly handling and filtering 10g speeds will need a xeon processor and 10g interfaces. But is this what you need for 7 pc?

  • Netgate Administrator

    You actually mean 10Gbps down?

  • the plan is to add internet access, but with strict filtering. I have no idea what I need for network cards, that’s why I’m asking, a guy built a pc for us recently and added that specific network card, I suppose I could post the specs of the pc I will be using to check which card would be best suited, as mentioned, the setup we got right now offers very terrible network speeds, and we want to improve that. @netblues

  • yes, we recently purchased and installed dedicated 10g speeds, where having to many issues with network speeds fluctuating during the day, after 6pm and such @stephenw10

  • Netgate Administrator

    Ok, well that Qotom box won't come close to 10G. It doesn't even have an option for 10G NICs.

    A 10Gbps connection for 10 PCs is crazy huge! Unless you are moving huge amounts of data. Are you absolutely sure you have a 10G connection and not 10Mbps for example?


  • That’s the thing, we’ve had these network speed issues in the past, and purchased this 10g package, with a pretty high price tag. thinking it would dramatically improve things, but it hasn’t, so now were want to improve things on the hardware end more. Yes, we defiantly have these speeds. shows the same.

  • Netgate Administrator

    What speeds do you see when you test?

    What specs is the hardware you are currently running pfSense on?

    I would confirm you can get the expected speeds when connected directly before investing in 10Gbps capable hardware.


  • @Wijet said in Planning a New upgraded pfsense build:

    That’s the thing, we’ve had these network speed issues in the past, and purchased this 10g package, with a pretty high price tag. thinking it would dramatically improve things, but it hasn’t, so now were want to improve things on the hardware end more. Yes, we defiantly have these speeds. shows the same.

    Can you show your speed? 10gbps down? thats nuts. 4gbps up is even more crazy. Im with steve on this one are you sure its not 10mbps ? and 4mbps? even if they was playing up the speed would be crazy

    Here in the U.S., from what limited research I conducted on Google, the cost of a 10 gigabits/sec Internet connection is $6,000 US dollars per month or more, and that rate requires a long-term contract commitment and dedicated fiber optic infrastructure to your facility. Also, no ISP I am aware of offers a 10 gigabits/sec connection to customers outside of a data center COLO. In other words, nobody here is offering 10 gigabit service to homes or mainstreet businesses.

    I think most of us here think you have your data rate multiples confused. Maybe you mean 10 megabits/sec or 100 megabits/sec. The fastest speed generally offered in the U.S. to homes and mainstreet businesses is 1 gigabit/sec (or 1000 megabits/sec).

    It takes specialized hardware to handle a 10 gigabits/sec network connection.

  • Netgate Administrator

    Mmm, there's a lot weird about this! I still find it very hard to believe.

    A 10GB data allowance maybe...
    Though that seems low.


  • LAYER 8 Global Moderator

    If you look at the IP he came from - he is using a ISP in CA, that offers a SAT 10 plan, which is

    up 10 Mbps download²
    100 GB monthly data
    plus a one-time installation fee of $99 + applicable taxes

    Even their business lines that says runs on their 10 gig fiber network only offer
    "Symmetrical speeds from 5Mbps to 100Mbps"

    If you look at his other IPs, also from CA it has a gig connection plan that says its 940/940... Which would be a sweet connection for sure!

    So no he not on on some 10gbps connection ;)

    Curious minds may never know - since he hasn't been back since his last post on jun 28th

    We have a couple of 10g lines into our DC into hou, and no they are not freaking cheap - and no you wouldn't use them for 7 PCs ;)

  • Yes. It’s a 10mb connection, as y’all seem to have figured out, sorry, my bad got it up and running fixed all my previous speed issues

  • LAYER 8 Global Moderator

    10mbps - yeah you prob handle that with a fitbit watch if it had interfaces and could run pfsense ;) hehehehe

    10mbps - wouldn't it just be faster for users to use their own LTE connections on their phones? Not sure why anyone would want to use internet, especially if shared on a 10mbps that was heavily filtered.

  • @johnpoz lol what’s a LTE?😂... kind of in a rural area here, just outside of fibre and LTE connections. That 10mb connection costs a fortune as well.

  • LAYER 8 Global Moderator

    Well yeah depending where your at - guess 10mbps could be screaming ;) I would go insane...

  • Netgate Administrator

    Thanks for coming back and clearing that up. ☺


