Need advice on a pfsense box


  • [update]

    Looks like i will have to go with Haswell since the 3gen pentium only supports DDR3-1066 memory.


  • Yeah 32watt is very low and good,  2.6ghz so not bad either.

    Yeah the xeons would fair better for 24/7 use and more powerful,  but if your looking for low noise/power,  I like the haswell set ups.

    • you can an onboard gpu,  with xeon you need an gpu…

    why would you need faster ram for your pfsense box ?  not unless you got brought the ram already,  even then is not the faster ram suppose to work backwards compatible...


  • @Fevan:

    why would you need faster ram for your pfsense box ?  not unless you got brought the ram already,  even then is not the faster ram suppose to work backwards compatible…

    1066 is too slow, since i plan to run some packages that are heavy on ram + the store i'm buying from only has 2gb 1066 ram modules.


  • ouch on 2gig

    Well when you get finalized with your build and hardware,  let us know how the performance is :)


  • well i am deciding between these two builds

    1. 1155
    CPU: Intel Pentium G840 or  Intel Core i3 2120
    Mobo:
      option1: http://www.asus.com/Motherboards/P8H61MX_R20/
      option2: http://www.asus.com/Motherboards/Z77A/
    RAM: 2x4GB ddr3 1333
    HDD: 2x WD RED NAS 1TB SATA 6Gb/s 64MB
    NIC: 3x pcie Intel PRO/1000

    2. 1150
    CPU:  Intel Pentium G3420 2x3.20GHz
    Mobo:
      option1: http://www.asrock.com/mb/Intel/H81M-GL/index.us.asp
      option2: http://www.asrock.com/mb/Intel/H87 Pro4/
      option3: http://www.asus.com/Motherboards/P8B75V/
    RAM: 8GB(2x4) ddr3 1600
    HDD: 2x WD RED NAS 1TB SATA 6Gb/s 64MB
    NIC: 3x pcie Intel PRO/1000

    What do you think?

    I've also been looking at HP ProLiant ML310 server. It's a bit more expencive but it has reliability, don't know if it supports pfsense…


  • I like setup 2 due to haswell,  how comes such a massive hdd though ?

    If your running it via virtualbox pfsense are you doubling it up as a download box or media box ?

    I was planning on a 64gig hdd but many on here gone with an 8gig ssd just for their pfsense boxes.


  • @Fevan:

    I like setup 2 due to haswell,  how comes such a massive hdd though ?

    well i prefer WD HDDs and i chose the wd red because it's designed for 24/7 operation and 1tb is the smallest they got.
    And didn't people have problems with SSDs because they started dying after a few months?


  • Oh and another thing, is ECC ram important to have or can i stick with a non ECC-system?


  • ECC ram is good for reliability which is why its more recommended for server machines ie xeon cpus etc

    However its more pricey and again only works on mobos for servers like x79 mobos or xeon socket mobos and similar.

    If you look at some of the new socket 1150 mobos no mention of ECC support,  so I guess they only take the normal Ram.

    Yeah SSDs can die… any hdd can also.  Your Nas drives are better suited to run 24/7 however I feel its total overkill for pfsense which takes what 1gig,  people often suggest small 8gig or 30gig SSDs.  Even a 64gig maybe overkill.

    If your using pfsense packages though people do suggest more ram like 8gig since they soak up ram I hear.

    I figured since you mentioned you were installing 2x2TB WD reds,  you would be using it for other reasons other then pfsense.
    I see pfsense system requirements is it takes 1gig hdd space anyhow so a 4tb is kinda overkill to the max.

    if am wrong someone would correct me however!


  • @Fevan:

    I figured since you mentioned you were installing 2x2TB WD reds,  you would be using it for other reasons other then pfsense.
    I see pfsense system requirements is it takes 1gig hdd space anyhow so a 4tb is kinda overkill to the max.
    if am wrong someone would correct me however!

    well first of you got the size wrong it's 1TB not 2 :P, but the only reason why i chose those disks is because they are supposed to be for 24/7 operation, and like you said i don't need space but 1tb is the smallest from the red version even any other brad of HDDs don't go lower then 250GB (unless you mean ssd disks)

    the reason why i said 2 is because i was thinking of setting them up in RAID.

    but i have been thinking about getting the HP ProLiant ML310 server for the box, it would only cost a bit more. but i don't know if it supports pfsense and it has intel Vpro which i would rather stay away from.


  • Go for a 1155 system. i3 with 8GB is perfect.


  • yes on the 1tb,  I still feel its total overkill for pfsense,  more so with 2 x 1tb in raid and then installing a 1gig program on it.

    If your desperate for nas class drives why not get this instead ?

    http://www.storagereview.com/wd_red_25_1tb_hdd_review_wd10jfcx

    Its smaller and more energy efficient and server/nas class.

    But yeah I guess with raid setup you can enjoy it even if one dies you could mirror it,  I get what you are trying to do and its still a good idea perhaps more costly though…

    The hp servers are good,  more so if you can get cash back offers on them and pick them up cheaply...

    Still a good set of hardware is good and future proof.  I don't think I can go with intel cpus their low end to mid end cpus don't support AES which is important to my pfsense build I have in mind,  I need something future proof to work with VPNs

    You could if your bb connection is not overall powerful try a test run on an old pc and see how it works out before leaping on am expensive purchase,  just to get the feel and speed of it.....


  • @Fevan:

    The hp servers are good,  more so if you can get cash back offers on them and pick them up cheaply…

    Still a good set of hardware is good and future proof.  I don't think I can go with intel cpus their low end to mid end cpus don't support AES which is important to my pfsense build I have in mind,  I need something future proof to work with VPNs

    well for the moment i think i will go with the haswell build any i3 CPUs or the hp server looks like a total overkill for what i need and i also imagine the server makes loud fan noise which could turn out to be anoying.
    i just dont wanna mess up and get equipment that will keep crashing because it's not made for 24/7 stable running (server equipment)

    The AES support is for:
    Sandy bridge: all from i5 up
    Ivy bridge: all from i5 up and some i3
    Haswell: all except Pentium and Celeron

    so if you plan to do a haswell build you can just get an i3.


  • @super_8:

    And didn't people have problems with SSDs because they started dying after a few months?

    Some people have these problems.
    The ones who use cheap & crappy consumer SSD.
    Very few do have any problems with reliable SSD from reputable manufacturers (think: Intel, Samsung).
    Again: Don't choose their bleeding edge consumer series, and don't let yourself fooled by maximum transfer rates
    SSD wear is a very overrated problem.

    @super_8:

    well i prefer WD HDDs and i chose the wd red because it's designed for 24/7 operation and 1tb is the smallest they got.

    Mechanical hard drives are way more likely to fail than a reliable SSD, in my experience.
    I'd believe there might be a greater variance amongst SSD models / manufacturers.
    While some bad SSD might be more prone to fail than mechanical HDD, good SSD tend to have lower failure/return rates (than any mechanical HDD).


  • @Applied:

    @super_8:

    well i prefer WD HDDs and i chose the wd red because it's designed for 24/7 operation and 1tb is the smallest they got.

    Mechanical hard drives are way more likely to fail than a reliable SSD, in my experience.
    I'd believe there might be a greater variance amongst SSD models / manufacturers.
    While some bad SSD might be more prone to fail than mechanical HDD, good SSD tend to have lower failure/return rates (than any mechanical HDD).

    i don't know there are a lot of topics here on how SSD disks have failed, i still think a NAS HDD will last longer since it's designed for that type of use + for the price of a quality SSD i can get 2 HDDs.


  • @super_8:

    i don't know there are a lot of topics here on how SSD disks have failed, i still think a NAS HDD will last longer since it's designed for that type of use + for the price of a quality SSD i can get 2 HDDs.

    I beg to differ.  ;)

    From my own job experience.
    And from any sane stats that I can find on the internet.

    @super_8:

    well i prefer WD HDDs and i chose the wd red because it's designed for 24/7 operation and 1tb is the smallest they got.

    The 3.5" is the smallest 3.5" they got (there's a 750GB 2.5").
    By the way, if you're hell-bent on getting mechanical HD from Western Digital  ;)  and the 1TB is just "the smallest they got", maybe you'd like to consider the WD Re series?
    The 250GB Re should be about the same price as the Red - though it is slightly louder at up to 30dba and seems to use a little bit more power, it is advertised as having better reliability - and has the longer warranty to boot:

    Target market:
    WD Red: "Designed and tested for small scale RAID environments / Personal/Small Office Home Office"
    WD Re: "Durable capacity storage for high-availability deployments / Medium-Large scale Enterprises"

    MTBF (hours):
    WD Red: 1,000,000
    WD Re: 1,200,000

    Non-recoverable read errors per bits read:
    WD Red: <1 in 10^14
    WD Re: <10 in 10^16

    Warranty:
    WD Red: 3 years
    WD Re: 5 years

    WD Red: http://www.wdc.com/wdproducts/library/SpecSheet/ENG/2879-771442.pdf
    WD Re: http://www.wdc.com/wdproducts/library/SpecSheet/ENG/2879-771444.pdf


  • @Applied:

    @super_8:

    i don't know there are a lot of topics here on how SSD disks have failed, i still think a NAS HDD will last longer since it's designed for that type of use + for the price of a quality SSD i can get 2 HDDs.

    I beg to differ.  ;)

    From my own job experience.
    And from any sane stats that I can find on the internet.

    @super_8:

    well i prefer WD HDDs and i chose the wd red because it's designed for 24/7 operation and 1tb is the smallest they got.

    The 3.5" is the smallest 3.5" they got (there's a 750GB 2.5").
    By the way, if you're hell-bent on getting mechanical HD from Western Digital, and the 1TB i just "the smallest they got", maybe you'd consider the WD Re series?

    Target market:
    WD Red: "Designed and tested for small scale RAID environments / Personal/Small Office Home Office"
    WD Re: "Durable capacity storage for high-availability deployments / Medium-Large scale Enterprises"

    MTBF (hours):
    WD Red: 1,000,000
    WD Re: 1,200,000

    Non-recoverable read errors per bits read:
    WD Red: <1 in 10^14
    WD Re: <10 in 10^16

    Warranty:
    WD Red: 3 years
    WD Re: 5 years

    WD Red: http://www.wdc.com/wdproducts/library/SpecSheet/ENG/2879-771442.pdf
    WD Re: http://www.wdc.com/wdproducts/library/SpecSheet/ENG/2879-771444.pdf

    The 250GB Re should be about the same price as the Red - though the first is a bit louder at 30dba and seems to use a little bit more power.

    Hmm..weird, didn't look at the MTBF for the HDD-s but it seems low, in that you are right the samsung 840 ssd claims to have MTBF of 1.5 million.

    I don't have much experience with SSD disks but i have HDDs that were used a lot and are over 10 years old and they still work without a problem, but they are loud when the head is moving :P


  • @super_8:

    i have HDDs that were used a lot and are over 10 years old

    So your 10+ year old HDDs have been alive and kicking for longer than SSDs have even been on the market at all?

    Well, these sure don't make for a good comparison. ;D

    (PS: Just saying… I don't mean this as an argument for or against anything)


  • @Applied:

    @super_8:

    i have HDDs that were used a lot and are over 10 years old

    So your 10+ year old HDDs have been alive and kicking for longer than SSDs have even been on the market at all?

    Well, these sure don't make for a good comparison. ;D

    (PS: Just saying… I don't mean this as an argument for or against anything)

    I probably should of said that They were used in a pc system, so they weren't running heavy 24/7, if they were they would die years ago :)


  • I was thinking of getting the Corsair http://www.corsair.com/cmx8gx3m2a1333c9.html or kingston value http://www.kingston.com/dataSheets/KVR13N9S8K2_8.pdf.

    are those any good or should i get a different brand?


  • Regarding my haswell choice and core i3,  I think its too costly and not worth myself going down intel route.

    An AMD build I can literally pick up the mobo +cpu for under £100 even and can't argue with a 4ghz (65watt) cpu (dual core) with AES Support and 1xpci express 4x and 16x slot.  An 364 hp intel quad Nic for £40-50 can be had also from ebay.  I will custom build it so its using a large silent heatsink + fan and a silent 92% energy efficient p/s.

    Regarding the SSDs,  agree with other poster who mentioned intel or Samsung for reliability factor…. many people on forums still selling there ones after 3-4 years.

    We can assume in 3-4 years also technology will be so small and energy efficient to the point our current Pc builds require binning ;)

    It is tricky to get the hardware right to strike a balance between energy efficiency and price.

    One could look at this new haswell/dual nic/100% silent and 35watt build that came out today:

    http://www.atlastsolutions.com/fanless-thin-mini-itx-pc-core-i7-haswell-8gb-128gb-ssd-asus-q87t/

    But then who knows if pfsense will support those nics,  most likely realtek anyhow so best to avoid.

    You have this also:
    https://www.amazon.co.uk/Shuttle-DS61-Barebone-Socket-SODIMM/dp/B00BFOFA78

    pfsense works and supports these nics,  but then the cpu needs to be put in separate some guys use a celeron low power or xeon but this adds to the cost.

    Guess the pfsense builds are endless you just need one and once set up hide it away,  you see people on here using p3 and p4 high electricity builds just running 24/7,  but they not fussed you get reliability and all the features and support that puts even the best router on the market today to shame (apart from pfsense wireless side,  routers still beat it for that)


  • whatever works out for you :)
    Personaly i rather stay away from AMD CPUs + you can get a i3+mobo for only a bit over £100


  • You can but not with AES support ;)

    I do actually have an core i5 3.2ghz/AES and micro ATX already which would be good for a pfsense build but that cpu is 95watts.

    Its that balance once again….


  • @Fevan:

    One could look at this new haswell/dual nic/100% silent and 35watt build that came out today:

    http://www.atlastsolutions.com/fanless-thin-mini-itx-pc-core-i7-haswell-8gb-128gb-ssd-asus-q87t/

    But then who knows if pfsense will support those nics,  most likely realtek anyhow so best to avoid.

    One of those is an Intel i217 and the other is a Realtek 8111G.  Neither are going to work with pfSense until it moves to FreeBSD 10.

    Do yourself a favor and stick with Ivy Bridge.  The slightly lower idle power consumption and slightly better performance per clock of Haswell isn't worth the hassle of compatibility problems.


  • @Jason:

    @Fevan:

    One could look at this new haswell/dual nic/100% silent and 35watt build that came out today:

    http://www.atlastsolutions.com/fanless-thin-mini-itx-pc-core-i7-haswell-8gb-128gb-ssd-asus-q87t/

    But then who knows if pfsense will support those nics,  most likely realtek anyhow so best to avoid.

    One of those is an Intel i217 and the other is a Realtek 8111G.  Neither are going to work with pfSense until it moves to FreeBSD 10.

    Do yourself a favor and stick with Ivy Bridge.  The slightly lower idle power consumption and slightly better performance per clock of Haswell isn't worth the hassle of compatibility problems.

    or you can just buy seperate nic cards and you don't have to use the onboard one, speaking of which will a pcie x1 nic work in a pcie x16 (graphics card) slot?


  • yes it will work

    http://forums.anandtech.com/showthread.php?t=2218693

    looking at some benchies the amd cpu I liked is pretty poor performer,  so you were right to suggest intel cpus.

    May just stick with my core i5 sandy set and transplant to a micro atx case after all :)

    Good info on the ivy cpus was not aware of that….


  • well i will go with the pentium, 1150, 8gig corsair 1333 and a ssd, it's more then enough for what i need :)

    As for the i5, i don't think it uses a lot when it's not under load.


  • yeah was concerned with the power,  but they do not use that much thanks to the speed step and power efficiency :)

    Pentium/1150/8gig and ssd sounds great.


  • Sorry to resurrect an old thread but did you has well build work for you? I was looking at building something similar but with an i3 4330t because its 35w with aes-ni.

    I'm afraid a haswell board is going to have problems working with pfsense 2.1. it looks like it may be a while before v2.2 comes out.


  • @midacts:

    Sorry to resurrect an old thread but did you has well build work for you? I was looking at building something similar but with an i3 4330t because its 35w with aes-ni.

    I'm afraid a haswell board is going to have problems working with pfsense 2.1. it looks like it may be a while before v2.2 comes out.

    The newer Intel NIC drivers that were included in 2.1.1 have been pulled because they were flaky as hell.  I wouldn't buy a Haswell system at this point unless you intend to use only add-in NICs which use an older chip.


  • I would be fine if the onboard NIC is not supported as long as a quad port NIC in a PCI slot would work fine?

    As long as a Haswell CPU (preferrably the i3-4330t) would work, along with the board itself, im fine.

    Am i wasting my time/looking in the wrong place going the Haswell/i3 4330T route if im not worried about the onboard NIC?

    Thanks for your reply.


  • @midacts:

    I would be fine if the onboard NIC is not supported as long as a quad port NIC in a PCI slot would work fine?

    As long as a Haswell CPU (preferrably the i3-4330t) would work, along with the board itself, im fine.

    Am i wasting my time/looking in the wrong place going the Haswell/i3 4330T route if im not worried about the onboard NIC?

    Thanks for your reply.

    I've setup 2 sets on Haswell using pfSense 2.1.  One using the Gigabyte H87M-D3H & one using the Asrock H87M-Pro4.

    The Realtek NIC on the Gigabyte works fine in pfSense 2.1.

    The latter does have some caveats:
    1)  Disable AHCI mode on the SATA port or GEOM won't find the disk (I didn't try playing with loading AHCI module).
    2)  The onboard NIC is an i210 which isn't supported in 2.1.


  • That's good to know. Maybe its better to go with that Gigabyte board then.

    -So as long as the Haswell motherboard works (like the Gigabyte H87M-D3H ), I should be able to use any LGA 1150 CPU with it (preferrably the i3-4330T)

    -Do you think there would be any performance reduction by not being able to run in AHCI mode on the Asrock motherboard. Maybe not so much since it might only be affecting something like the HDD/SSD.


  • I was looking at your asrock and gigabyte boards and they are both MicroATX. Is there anyways I will know if a mini-itx board will work?

    I am just paranoid that ill get a motherboard and it will not work with pfsense 2.1


  • @midacts:

    I was looking at your asrock and gigabyte boards and they are both MicroATX. Is there anyways I will know if a mini-itx board will work?

    I am just paranoid that ill get a motherboard and it will not work with pfsense 2.1

    If the onboard NIC is not a concern, just get any of the 8X series ITX boards with a PCIe x16 slot.  Throw in a PCIe Intel dual (or quad) port NIC like the PT Dual port and use it instead.  The 8X chipsets will handle the NIC in the PCIe slot just fine concurrently with the IGP.

    I'm running the NanoBSD VGA build (embedded) so I can't comment on any loss of performance in terms of SSD/ HDD.  My Kingspec SSD is a real slow poke though so I doubt I can get anything out of it.  As I mentioned, I've not gotten down to testing out whether the manual loading of AHCI module will actually allow the AHCI mode on the controller but it is certainly possible.


  • Thank you for your help. I am just worried I will buy the wrong hardware. Intel 8 series chipset looks like I can us a z87 board then.

    If that's the case I can get a z87 mini itx board and the i3-4330t for low wattage and aes-ni.

    Outside of that I'll have to find a case ;)

    I think I am definitely going to go with an intel NIC. A dual or quad port NIC. Intel PT or ET is what I'd go with. I350 looks like the best of the three. But I'm a bit worried about power consumption since this box will be on 24/7- and I heard the PT uses more power. But I havent checked out how many watts it uses yet.

    Thanks again for your help!


  • @midacts:

    I think I am definitely going to go with an intel NIC. A dual or quad port NIC. Intel PT or ET is what I'd go with. I350 looks like the best of the three. But I'm a bit worried about power consumption since this box will be on 24/7- and I heard the PT uses more power. But I havent checked out how many watts it uses yet.

    From the intel Ark - i350-T4 uses 5w, the PT (quad) uses 12W, realistically we're talking about a 7w difference.

    Considering pricing is astronomically more for the i350 ($250-350 on ebay) vs the pt which is $75, I think it'd be a very very long payoff for the difference.

    The only reason I could think of to run the i350 for what you're suggesting is if you are running solar, where 7W more worth of panel might be more expensive than the difference.


  • Awesome!

    For a 7watt difference…I'd definitely rather go with the Intel PT.

    Is it true pfsense 2.1 will work with Intel 8 series chipsets like the z87? I just want to make sure I can pick any z87 motherboard I want. Probably a supermicro or gigabyte.


  • Why would you bother with a z series?

    H or B series chips would be sufficient and will work.

    Also, there is very little difference in power consumption between the normal intel processors and the t series if you are not running them at full load, which I doubt you would be.

    Do you really need AES-NI? are you doing VPN work (and what speed are we talking?)

    Pentium G3420 chips are about half the price of the i3, and not that much slower..


  • I probably would not need a z series motherboard. You are right, the H or B series will probably work.

    the 4330 uses 54TDP and the 4330T uses 35W, but the 4330 has a 3.5GHz clock speed as opposed to the 4330t's 3.0 HGz clock speed.
    http://www.cpu-world.com/Compare/493/Intel_Core_i3_i3-4330_vs_Intel_Core_i3_i3-4330T.html

    As far as AES-NI goes, I have never used it, but it sounds like it can help out with VPN encryption/decryption. I will have a 100Mbps ISP connection and I should be the only one connecting to my firewall via VPN at the moment.

    The Pentiums do look like they are about half the price. My main concern is power consumption and performance since this is the gateway to my network and would be the first bottleneck- so I want to make sure this rig is setup the best I can for all my future endeavors. I plan on doing a few projects that I will run from this network.

    But as far as a motherboard goes, is it true that any Intel 8 series motherboard will work? I have heard that USB 3.0 has some problems, but that is okay. I'll just make sure the motherboard has some USB 2.0 ports.