Pfsense new setup

S

Sandman1

Well-Known Member
Joined
Dec 7, 2016
Messages
150
Reaction score
8
Location
Johannesburg
Hi everyone,

My edgerouter x bombed out.. So looking to go pfsense. Any recommendations on a dual or quad lan cards that I can install in a pc. I want to run it as a VM. It's for home use, so not looking for expensive options.
 
Sandman1 said:
Hi everyone,

My edgerouter x bombed out.. So looking to go pfsense. Any recommendations on a dual or quad lan cards that I can install in a pc. I want to run it as a VM. It's for home use, so not looking for expensive options.
Click to expand...
Following.
 
Not sure if Realtek is properly supported now, but Intel NICs are the safest option from a compatability perspective.

Also consider OPNsense and Vyos if you'd like to support a more ethical project. Pfsense have become anti-FOSS with their childish tactics and are sly with their licencing and have even domain squat the OPNsense domain previously (a fork of PFsense).
 
  • Like
Reactions: OCP
Thanks for the info,

I had an old pc, I bought an extra lan card and I was good to go. Now got so much to learn about this firewall
 
Ferog said:
Not sure if Realtek is properly supported now, but Intel NICs are the safest option from a compatability perspective.

Also consider OPNsense and Vyos if you'd like to support a more ethical project. Pfsense have become anti-FOSS with their childish tactics and are sly with their licencing and have even domain squat the OPNsense domain previously (a fork of PFsense).
Click to expand...
Came to say exactly this :-)

Had some issues with Broadcom cards with adsense (long before the OPNsense fork).

Stick with Intel cards!
 
I use this because it has a low power requirement, and has Intel ports:
%5BSHIELD-D-4L%5D%20SHIELD-D-4L


www.cme.co.za

SHIELD-D-4L

IONN Shield 4 LAN Firewall N2940 CPU, with 8G RAM & 64G MSATA. PFSE Supported
www.cme.co.za www.cme.co.za
 
Is Intel ports recommended because of the bandwidth you get from them or?

When I setup iperf 3 server on the pfsense I only get about 660mbps max output from a direct lan cable connection. I am using the old pci board interface and not pci express.
 
Following this thread, quite interested to see what speeds software (non ASIC) routing can do these days

Was the iperf server in a VM or straight on the host?
 
Jade @ Absolute Hosting said:
Mind letting me know cpu this is included?
Click to expand...
Yep, it's a bit of a dog (N2940 with no AES-NI) but it runs my Sophos UTM perfectly at 50/50.

Edit: that's with AV, SMTP gateway, web filtering (SSL inspection) and IPS on, using 3 interfaces.

1628932915000.png
 
Last edited:
RonSwanson said:
Yep, it's a bit of a dog (N2940 with no AES-NI) but it runs my Sophos UTM perfectly at 50/50.

Edit: that's with AV, SMTP gateway, web filtering (SSL inspection) and IPS on, using 3 interfaces.

View attachment 1126402
Click to expand...
That’s not too bad considering

alternatively this

tech.co.za

Netgate 2100 Base pfSense+ Security Gateway - tech.co.za

Buy Netgate 2100 Base pfSense+ Security Gateway online at tech.co.za. Pound-for-pound, the Netgate® 2100 security gateway appliance with pfSense® Plus software delivers unbeatable performance and flexibility in its class. It is ideal for home, remote worker, and small business deployments that...
tech.co.za tech.co.za
 
Jade @ Absolute Hosting said:
That’s not too bad considering

alternatively this

tech.co.za

Netgate 2100 Base pfSense+ Security Gateway - tech.co.za

Buy Netgate 2100 Base pfSense+ Security Gateway online at tech.co.za. Pound-for-pound, the Netgate® 2100 security gateway appliance with pfSense® Plus software delivers unbeatable performance and flexibility in its class. It is ideal for home, remote worker, and small business deployments that...
tech.co.za tech.co.za
Click to expand...
Correct, the Intel has more horses:

ARM Cortex-A53 4 1200 MHz vs Intel Celeron N2940 [cpubenchmark.net] by PassMark Software

www.cpubenchmark.net

Plus the platform is far more extensible, greater choice of FW OS & software.

The Netgate would probably win on support though.
 
Sandman1 said:
Is Intel ports recommended because of the bandwidth you get from them or?
Click to expand...
Reliability and performance. FreeBSD doesn't run well on anything but Intel NICs.

I've been running Supermicro A1SRI-2558F since 2015. Haven't touched it since then. I have 1000BASE-X coming into my apartment goes into TP-Link media converter and goes 1000BASE-T into my PfSense box. I powered the converter straight off of a USB cable into the PfSense box. Has been running like that non stop no issues since 2015.

May be outside your price range so YMMV, there are newer Supermicro boards
 
I currently have an issue when I loose WAN connection on the pppoe link, the link does not automatically reconnect.

I have to unplug the cable to the ont several times before it reconnects or I have to run this command several time to re-establish the connection:

/usr/local/sbin/pfSctl -c 'interface reload wan'

Is this an issue with non Intel network cards or a bug on pfsense?
 
Been a while since I pfsensed , but check in dmesg for hardware log messages when it goes down
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X