• I have a client whos ISP connection is 150Mbps downstream.  I've never tested a pfSense with that much potential speed.  Currently they have a Cisco RVS4000 and are severely crippled by it's throughput when IPS is enabled (and even when it is disabled for that matter).  If I suggest they put a pfSense firewall in there, what suggested HW would be capable with the 150Mbps?  I don't think this is anything special for a pfSense with a good NIC, but I'd hate to build one and have it come up short.


  • Netgate Administrator

    For just raw firewall/NAT almost any modern hardware would easily pass 150Mbps. The APU will do ~300Mbps for example.
    Are you planning on running packages? VPN?
    Is that 150Mbps total or up and down?


  • Yes, the packages would include Squid3, HAVP, pfBlocker and Bandwidthd.  There will also be a site-to-site OpenVPN tunnel 24/7.

    I haven't nailed down the hardware I'd like to use; not sure if I need to buy some low-end new stuff or if something here in the office would suffice.  Looking at the pfSense hardware requirements page ( tells me I'm going to need Intel NICs (a given), and a CPU in the 2GHz family and I'm guessing around 2+ GB of RAM.  Can never have too much RAM!

    The 150Mbps was download speed - I didn't catch what the upload speed was and looking at the Comcast Business site, they don't mention what the upload speed is for that package.

    Thanks for the link to the APU1c board real-life example.

  • Netgate Administrator


    There will also be a site-to-site OpenVPN tunnel 24/7.

    You'll want to use something more powerful than the APU then if you want to be able to use the full WAN bandwidth for VPN traffic. You would be wise to do so anyway with that list of packages.
    The hardware requirements are somewhat outdated. Multicore CPUs, especially for 2.2, will likely mean processor frequency becomes less important. Better to go too fast than too slow though.  ;) Something like the newer Rangely based boxes would probably suit well.


  • Thank you, Steve.  I appreciate your insight.

Log in to reply