• Recently had a system failure and needed to get another system . I wanted to go for a small nano board , maybe a Jetway , but ended up needing something quickly and ordering parts was out of the question.

    I ended up buying a Intel Core 2 Quad Q6600 with 8GB DDR2 and a 60GB SSD. It was the only thing I could find at the time short of buying a new desktop .

    Right now I have 50 computers on my LAN , 12 computers on my HOME and have 10 concurrent VPN connections at all times. I am also running Snort , pfBlocker , traffic shaping , Squid and SquidGuard .

    I see about 1% CPU at all times and roughly 5-7% ram usage. I just started using RAM and SSD space as a fast cache so I will be seeing an increase in used memory , but I doubt I will use nearly all of it.

    I was wondering if there is a way for me to use more of my system resources to optimize my pfSense box. I know this is typically different as not everyone has the same needs but perhaps there is something I can be doing that is recommended for more powerful CPU's. I am not looking to aimlessly add packages to my firewall to use more resources. If anyone has anything they would recommend please let me know!


  • Get more bandwidth, make sure snort is in AC mode, allow Squid to use more of your RAM for in-memory caching.

  • Thanks for the reply.

    I would love more bandwidth but cannot ISP does not allow more than one connection for various reasons. I currently have 120/30

    Squid is set to AC mode but I currently running as of yesterday. I need to have a look at some of the rules because it has been blocking a lot of legitimate traffic. Either way AC will be used.

    As for squid cache , I have it set to 4GB , it has yet to see much of it used but I am sure I will.

  • Netgate Administrator

    Ha! Brilliant thread, the opposite question to so many others.  ;D

    Just trying to think back on what I might have advised people to use less power and reverse that. None of it really makes sense though.
    You could enable device polling for a huge hit on the CPU and if you're lucky you might see a fractional decrease in latency.  ::)

    You could run some virus scanning in the proxy.

    To be honest if it was me I'd just swap out that power hungry CPU for a miserly C2D. Even a Celeron, I have a 440 here you could have that has a far lower TDP (35W vs 105W). Of course the Celeron will be far more pushed and the C2Q barely idling, it'd be interesting to see how they stacked up power wise.