Best products from r/PFSENSE

So, your hardware looks good. As to your intended usage:

Don't bridge NICs to create a switch. The switching will be done in CPU instead of on an ASIC and is not a great idea (though it is *possible*). Get yourself a managed or smart switch and call it a day. You can pick up a TP-Link SG-108E for about $40. Make sure whatever switch you choose supports 802.1q VLANs. This necessarily implies a smart or managed switch.

WiFi support on pfSense is abysmal, because FreeBSD's driver support for WiFi chipsets is abysmal. This is not going to change any time soon. You could go out of your way to find a chipset that is supported, or you could spend the $80 on a UAP-AC-Lite, be done with it, and not worry about it any more for years to come. A separate AP is going to outperform onboard WiFi all day long and is much less of a headache.

You're on the right track and everything you want to do with regards to VLANs, ACLs, etc. that box can do for years to come. But you should really split off switching and wireless to dedicated devices, just for the sake of less headache and more performance.

EDIT: Here is a thread from just a couple months ago that implies that the onboard WiFi chipset on your chosen board is not (yet) supported on FreeBSD. The FreeBSD iwm module manpage shows previous versions of this chipset *are* supported, so support for your chipset may come in the future. But that could be months or years away.

> Could you give me an example link?

Sure, try this. There are a lot of things like this on Amazon, it's basically just a tiny NUC PC with multiple network ports. There are a lot of them available, some are barebones (add your own RAM and SSD), some come ready to use out with RAM and SSD pre-installed. Some have two Ethernet ports, some have four, some have one.
In general they make pretty good pfSense firewalls. You hook them up to a monitor+keyboard, then download the normal pfSense community edition installer, put that on a USB stick, and boot the little thing from that USB stick. It then installs pfSense onto the internal SSD on the machine, and then you have a firewall :)

It's usually better to buy a real pfSense unit as that helps support the project and the developers, but when cost is the absolute primary concern, these little things are a decent option.

> But to have to spend $370 (+ship) ... for just a one person apartment seems like overkill - unless that Linkys WRT is so compromised (security wise) that it doesn't matter what firmware I run.

I don't think that's a realistic concern. While it is (theoretically) possible that there's some kind of hardware backdoor or bootloader virus in the WRT, this seems highly unlikely. If you're just a normal user who wants to stay private, the WRT with DD-WRT or Tomato is fine. If you are worried about being actively targeted by state actors, then $400 of hardware is (or should be) the least of your concerns.

So it sounds like your plan should be just buy the WRT and reflash it :)

Edit: as /u/snarfattack and /u/svenvv noted the one that I linked below (with a Celeron J1900) doesn't support AES-NI and will not be compatible with PFSense 2.5.

Looks good but at when you're looking for one of the refurbs and you're looking to put another LAN card in it you might consider just going with a fanless box like this one. This is what I use and I love it.

With that said your plan for the refurb should work fine; I used to run mine off similar boxes quite comfortably.

As u/prutseratwork stated, the pfSense store is where the official pfSense boxes are sold. I don't think that those would really meet your "ungodly amount" criteria. They are insanely expensive for what you're actually getting. Not to say that supporting the team isn't a good cause, because it is. It's a very good cause. But when you need a solution and money is tight, the official store may not be your best option.

pfSense is based on FreeBSD, which does support wifi. However, its use is generally discouraged, because it's trash. If you want to use pfSense, you should also have a separate access point. Note that you can (and likely should) use your existing router for this. You would simply disable the firewall on your current router, making it a switch with built-in wifi, and insert pfSense into your network directly after the modem. So, Modem > pfSense > old router.

Not having the technical ability to build a system is going to be a problem. Your cheapest option is to buy a system that is pre-built, but doesn't come with an SSD or memory. You'll have to purchase those separately and install them yourself. You need to ask yourself if that is going to be too much work - because if so, pfSense is not for you. It's going to be a lot of work and learning.

Pre-built systems (you install SDD, memory, and pfSense)

https://www.amazon.com/Firewall-Micro-Appliance-Gigabit-Barebone/dp/B01GIVQI3M/ref=sr_1_1?ie=UTF8&qid=1498485157&sr=8-1&keywords=qotom

https://www.amazon.com/Barebones-Firewall-Intel-Ports-Celeron/dp/B01MEGSMRZ/ref=sr_1_21?ie=UTF8&qid=1498485291&sr=8-21&keywords=qotom

I bought a Qotom box a long time ago for about $150. It had 4 Realtek ports, though. Intel is definitely the preferred solution.


If none of these sound good to you, look into Ubiquiti Security Gateway.

Basically this, with 4GB RAM installed: http://www.amazon.com/gp/product/B004GKULFO -- It's a chassis we picked up a few units of 2-3 years ago (before we bought into the official pfSense ecosystem). Given the low performance of the CPU based on benchmarks relative to the newer C2758, C2558 CPUs I'm still hesitant to use it for large projects (where we have thousands of client devices, not just high throughput), but it's a great boost for smaller projects we do and a good way to extend the life expectancy of these devices.

Between the performance issues and some disk-partition problems that had cropped up (pfSense was no longer able to do anything with the SSDs), these were in the queue to go out the door, but the new software combined with some disk partition magic (destroying and rebuilding the partition tables) seems to have totally revitalized them.

The numbers I'm seeing are pretty simple tests at this point, not like IMIX -- just running several rounds of speedtest.net's assessment and averaging the results.

One thing -- I just did a factory reset on one of them and saw the checkbox on the first page of the setup wizard was missing (the one that enables overriding of DNS by the DHCP server on WAN). Probably an easy fix :-)

That sounds like way overkill, especially if you've got a decent GPU in there.

Do you know (even ballpark) what the power consumption is of your current setup?

Have you looked at something like this QOTOM box or similar? Maybe a used Netgate box?

I was looking at something like that for a long while, but eventually asked a friend to get me an HP mini-tower (though in person it ain't so mini); quad-core with AES-NI, 8GB RAM (not sure the max, but 4 slots), PCI-e quad-port Intel NIC (plus built-in Intel NIC). All for $140 + ~$50 for the QP NIC. Now I just have to get a small SSD or two for pfSense to run on :)

I think the PSU in that is ~250-300W, haven't set it up and run it as a pfSense box as yet, some infrastructure built-out is needed before I can really test it out.

I bought a refurbished hp 8300 that has 8GB or RAM and an intel Core i5-3470 3.2GHz Quad-Core -- that CPU has AES-NI which means that if you want to do any sort of encryption (like run a VPN or do active MitM on network traffic) you'll be able to do it easily.

The issues are that the refurb doesn't have 2 ethernet ports and no ssd. So I bought an 120GB ssd and a pci-e dual port and it's perfect.

hp 8300

dual Gbit ethernet

ssd

honestly for less than 300 bucks if you can do better let me know.

I have one of these and it is brilliant:

https://www.amazon.com/Firewall-micro-appliance-Gigabit-Intel/dp/B01AJEJG1A/ref=sr_1_2?ie=UTF8&qid=1496019883&sr=8-2&keywords=pfsense

I use the OPT interfaces trunked to a managed switch and a wireless AP (ASUS router with tomato shibby). It's quiet, fanless and it runs snort, pfBlockerNG, OpenVPN 24/7 just fine! I have at least 5 clients running all the time and a Plex server that friends use. It's a beautiful little box.

It depends on your budget and technical abilities. For most people getting into this type of networking I usually recommend any of Ubiquiti's Unifi equipment. It all runs off a single web UI and is more user friendly than more serious equipment. You could get a basic 8 port switch and AP from them for less than $200.

Something like this switch and this AP

The AP is powered by the switch using POE (power over ethernet) so you don't need to connect any other cables to it. Unifi is prosumer, it's not quite enterprise level, but it runs on the same principles and can still do some relatively high-level stuff.

Some people in here don't like Ubiquiti products, as they're kind of like the Apple of networking gear, but they provide good products and a good UI imo. I think it's a good way to go for people getting into this side of things. You can get similar TPLink gear for cheaper, but its configuration is more difficult imo.

For me pfsense is everything I wanted edgerouter to be. The thing I like best about it is the vpn functionality. I was never able to get edgerouter working quite right. I bought this box from amazon and it works great. https://www.amazon.com/Firewall-Micro-Appliance-Gigabit-Intel/dp/B01KLEI1MI/ref=sr_1_13?ie=UTF8&qid=1497621924&sr=8-13&keywords=pfsense

I was looking to upgrade my Alix 2D3 to something like this. I did NOT purchase it and I have no affiliation with the seller, you can search on ebay and other places for similar hardware. I'm keeping an eye out for something like that but maybe in the $150 range. Right now I moved to a consumer router that I got for a great deal. It's running a custom firmware, offers dual wan, and it's working out well enough for what I need at home but does have some quirky issues. I do miss pfSense, if I find a good deal on low watt system I'll probably jump back.

Occasionally you can find decent info on the pfSense forums as well.

http://www.amazon.com/dp/B01AJEJG1A

Looks the same as some other units, but it has pfsense specific labeling (OPT1, OPT2, etc). Loads of 5 star reviews and i've been super happy with the performance.

Think i finaly found the best Mini PC for now... Jetway HBJC313U591W-3160B

its a Braswell N3160 withDual Intel NICs. Not a bad deal for $220+shipping (No RAMor Storage) Uses mSATA/Mini PCI-E Slot (Full Size)

N3160 supports AES-NI

its also available on Amazon

Comments & feedback welcome

An easy way to set it up is to get this smart switch and connect it to your router. I find it extremely cheap cost wise, and it supports untagged VLAN traffic to specific ports. That means your device won't have to know it's on a VLAN and this switch will do the tagging for you.

https://www.amazon.com/dp/B00K4DS5KU

I use this one, it handles vlans (it’s not a full blown managed switch, kind of an in between)
I only have 2 nics as well, and this seemed like a better option to me at the time. Good luck!

If you're going to install Linux on a machine, use KVM with qemu, and use Libvirt to manage it. (You really don't want a gui on a server, it eats up resources that could be allocated to much more important things, like vms). KVM is far and above superior for server visualization workloads over virtualbox. I'd recommend that you also grab a intel dual port nic and pass it through to the vm. I personally use these nics.

If you want some starting points let me know and I can send you some of my documentation on doing this properly.

Perfect. That's actually the one I meant to link, but forgot. I am thinking the 8 port version.

Looks like TP-Link could save me a few bucks.
https://www.amazon.com/TP-Link-Gigabit-Ethernet-Managed-TL-SG108E/dp/B00K4DS5KU/ref=sr_1_2?s=electronics&ie=UTF8&qid=1496602150&sr=1-2&keywords=vlan+switch+8-port

I needed one in a hurry about a month ago and the Qotom model was showing a long delivery time so I bought this similar system instead. I am fairly certain it is the same system just sold under a different name. I threw in 8GB RAM and a Transcend 64GB mSATA which brough my total cost to around $265.

They work extremely well, rock solid with great throughput. My only complaint is they seem to run a little hotter than I would like.

Excellent. One more thing, comparing a netgate box to something like this: https://www.amazon.com/dp/B01AJEJG1A/ref=cm_sw_r_cp_api_pUyCybV02ABSP
Is it worth purchasing dedicated hardware with the ASIC, or is it hard to tell the difference? Saw this and it's got similar specs to the 2440.

I have gigabit fiber and got this box: https://amzn.com/B01AJEJG1A

LOVE it. Handles gigabit beautifully.

Since your using psfense router it's essy. Been working great for me for a couple years now.

You can bypass the AT&T gateway completely. Been working great for me for a couple months.

You'll need this also TP-Link 8 Port switch.On the TpLink you have to use 802.1Q tagging. I left 3 default for ont, gateway and pfsense. then tagged the others to vlan 3.

read all the stuff here http://www.dslreports.com/forum/r29903721-AT-T-Residential-Gateway-Bypass-True-bridge-mode

Zotac CI323 NANO-U is much cheaper. It has an Intel N3150 and it supports AES-NI. Uses less watts. It's shipped and sold by Amazon and comes from a well known company that I'm sure has a warranty and support. https://www.amazon.com/gp/aw/d/B0179S50UU/?th=1&psc=1

I am using these Chelsio cards in production. they work great! they used to be the pfsense recommended cards.

https://www.amazon.com/gp/product/B00FAU898K/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1

​

Intel X520-DA2 can be found on ebay for cheap as well.

https://www.ebay.com/itm/Dell-Intel-X520-DA2-10Gb-10Gbe-10-Gigabit-Network-Adapter-NIC-E10G42BTDA-Dual/323664686890?epid=1429722311&hash=item4b5beb2f2a:g:sEMAAOSwb8Vbx2UN&frcectupt=true

I'd recommend something similar to the Dell Optiplex 3010 Small Form Factor (SFF). While it's not as small as the 3040M it does allow PCIe expansion. $280 seems like a lot. On eBay, I found the 3010 SFF for less than $100. My network is setup for Gigabit but I don't get Gigabit speeds from my ISP unfortunately.

​

• Dell Optiplex 3010 SFF or equivalent SFF
  
  • Very small while still upgradable
    
• Intel 2nd Gen or newer
  
  • I have an i5 3470 and I haven't seen it go past ~10% utilization
    
  • Even an i3 should be perfectly fine
    
• For a NIC, anything Intel that's rated Gigabit
  
  • I got an Intel PRO/1000 VT: https://www.amazon.com/Intel-1000-Server-Adapter-EXPI9404VT/dp/B002JLKNIW/
    
    Edit: I also use SNORT and pfblockerNG.

I recently switched from SonicWall to OPNsense. I'm running VPN and some intrusion detection on a little Protectli box. It's worked very well. The link is for the one I'm using, but there are barebones ones available as well.

Amazon

Specs:
Intel Quad Core Atom E3845, 64 bit, 1.9GHz, 2MB L2 Cache, AES-NI hardware support
4x Intel Gigabit Ethernet NIC ports
4GB DDR3L RAM, 32GB mSATA SSD
1x USB 2.0, 1x USB 3.0, 1x RJ-45 COM, 1x VGA
Solid State, Fanless Silent Operation, Compatible with many Open Source Software distributions

I searched through my order history to get this for you. I have my install virtualized in esxi, though this is fully supported by pfsense as well.

HP NC364T PCI Express Quad-Port Gigabit Server Adapter
https://www.amazon.com/dp/B000P0NX3G/ref=cm_sw_r_cp_awdb_6ABYzbC2R7ZK2

Great if you want/need a couple of extra ports.

Take a look at the Qotom Q355G4 in that price range. I just set one up to replace a Zotac CI323 and it's pretty awesome.

https://www.amazon.com/TP-Link-Gigabit-Ethernet-Managed-TL-SG108E/dp/B00K4DS5KU/ref=sr_1_1?ie=UTF8&qid=1501606532&sr=8-1&keywords=smart+ethernet+switch


Get one of these. 30 bucks and does basic vlan and some other nifty things. Definitely not "enterprise" features, more like SOHO, but enough to get you started setting up a more robust network.

Oh yeah headless can work out fine, assuming you have a bit of experience and won't fuck it up completely ¯\(ツ)/¯

As far as I'm aware, ESXi is completely headless with no control from the host at all. If I were to irreparably fuck up the settings, to the point I cannot connect (Say I tried setting up another DHCP server or disabled the internal one) I'd need to re-wire the host, and whatever client I'm using to connect.

As far as I can tell it's all genuine, here is a similar (stripped) version of the same device, but on American amazon. Lots of good reviews. And while it will probably last me the rest of my life, as Saskatchewan's fastest possible speed on fiber is 260Mb/s and I don't see it ever hitting >1Gb/s, it's still $260 with shipping. But yeah I'll probably grab it if another user doesn't find a cheaper router.

Thanks everyone for your great advice. The APU2 looked like a surprisingly affordable option that had AES-NI, but after /u/gonzopancho comments I think I will shy away from that one. After realizing that I'll likely need a switch for what I want to do anyway, its looking like I'm going to go with either the suggestion from /u/madrascafe this Jetway box or a supermicro board that was discussed in the thread he/she linked to.

Have you looked through this guide: https://nguvu.org/pfsense/pfsense-2.3-setup/ ?

Replace AirVPN with your VPN provider. This guide assumes you also have a switch that is capable managing vlans. Add every device you want connected to VPN on a separate vlan.

If you don't have a vlan capable switch you can get a cheap tp-link one for $30 on amazon: https://www.amazon.com/TP-Link-Gigabit-Ethernet-Managed-TL-SG108E/dp/B00K4DS5KU/ref=sr_1_2?ie=UTF8&qid=1496901694&sr=8-2&keywords=tp+link+smart+switch

I have a quad port NIC on my pfsense box and it only has two physical connections: WAN and LAN. WAN is connected to my ISP and LAN is connected to my vlan capable switch. pfsense manages all the routing.

Also the guide talks about mitigating dnsleaks so follow the instructions very carefully.

Not quite the same price, but I have the n2930 version of this box and it works great: https://www.amazon.com/Jetway-JBC313U591W-3150-B/dp/B01I3JUC84/ref=sr_1_1?ie=UTF8&qid=1475198709&sr=8-1&keywords=n3150+jetway

I've been using this Zotac Barebones for my pfSense firewall. It came in at around $200 after 4GB of RAM and a small SSD. It works great for my 100/100 connection and supports AES-NI.

Another option would be to go with one of their official appliances. The SG-1000 costs $149 and comes with pfSense installed.

If building a router, choose one where the CPU supports AES-NI. Here is a great choice.

Alternatively you could setup a VM on your PC. I had this going until I built my own pfSense router when my Asus AC68 was not up to snuff for my VPN throughput.

I got this jetway box with an N3150 a couple months ago for about the same price. It's been working great, but I only have 30/5 internet and it doesn't look like it's sold anymore. At the time, it was surprisingly hard to find anything like this with these newer Celeron chips.

PFsense has issues with PPPoE and gigabit if you're using an Intel NIC that uses the IGB driver. An alternative is finding a card that uses the EM driver. Not sure if ESXi eliminates that issue but definitely make sure you're not using the E1000 NIC.

https://redmine.pfsense.org/issues/4821

Source: Just got my CenturyLink Gigabit PFsense setup running last week. Also using that same guide.

I use the SuperMicro SuperServer D525 barebones unit in all my PFSense Builds - It has 2 intel nics on board; all you need to do is slap in a HDD and an old stick of laptop RAM and you're good to go. You can further enhance this with the Quad Port intel NIC I posted above and wind up with 6 gigabit intel nics - all in, assuming you have a hdd and ram laying around, it's a $394.99 setup. Comes with the case - you get a nice 1U rackmount case - and the PSU. http://www.amazon.com/gp/product/B004GKULFO/

Just incase you're wondering about the supermicro cpu vs. the board you posted above
http://cpuboss.com/cpus/Intel-Atom-D525-vs-Intel-Atom-C2550
IMO, not enough of a difference to effect PFsense.

I have one of the J1900 models in production now and it works fine. It could handle your connection speed. If you need AES-NI for VPNs, they have an i5 model that is even more powerful but still a good price.

Just bought the JBC313U591W-3160-B. Looks like it will be a nice machine with Intel NICS and does AES-NI. Runs warm but others that have used it says it works really well.

The tp-link is in fact based on a Realtek chip. So that's likely your problem. A dual-port Intel will probably help out greatly and can be had relatively cheaply online. This is one that you can get dead cheap and will work great with PFSense.

Thing about Realteks I've noticed with PFSense is that the failures are not always noticeable in any of the dashboards, and tend to be "creeping" issues rather than immediate and obvious failures. It seems to my mind that the Realtek is an easy replacement that should probably be in your troubleshooting future.

Hope that helps :)

This is my pfsense board. I think it idles around 12w. Peak at boot is something like 20w. Handles my 100mbps down easily.

Intel D2500CCE Atom D2500 Dual LAN & Dual COM Mini-ITX Motherboard, BLKD2500CCE https://www.amazon.com/dp/B006ICQ3FK/ref=cm_sw_r_cp_apa_kOCiybBSPWW79

My server is a supermicro 8 core Avoton with quad gigabit NICs. There is a 4 core version as well.

Supermicro Atom C2758 64GB DDR3 PCIE SATA USB Mini ITX DDR3 1333 NA Motherboards MBD-A1SRI-2758F-O https://www.amazon.com/dp/B00FM4M7TQ/ref=cm_sw_r_cp_apa_gTCiyb913EVZA

Both have been absolutely solid performers and low power consumers.

> Zotac CI323

So for $239, I can get the CI325 running Intel 3160, with 32gb msata and 4gb ram.

Think that might help via proxy + squid?

https://www.amazon.com/dp/B01MSNGYD1/ref=psdc_13896591011_t4_B01M25WO36?th=1

I am not even sure I am using squid. I use snort and PFBlockerNG. So think the Zotac is good with those?

You can absolutely do this with pfSense. If you Google "pfsense openvpn site to site" you'll get a bunch of results -- I just looked at the first one and it looks pretty complete.

​

I have exactly this setup between my house and my parents' house so I can do remote backups and family IT stuff. I'm virtualized on my end (proxmox) and running on a tiny appliance like this on the other end.

From my understanding pfsense doesn't do well with wifi cards. If you already have a router you could set it to AP mode and use it for wireless. Another popular option is to get a Ubiquiti device and use it for wireless. I myself have gone that route and use the AP-AC Lite. I don't really have a suggestion on a psu and case as I already have those. This case is what I'll be using since I already have it. I'll probably just go with this ram since it is pretty cheap.

The unit works well. Just be sure and get the serial console cable. It does much better than the APU1c unit did for me. That being said, I would seriously look at this unit instead. Looks to be roughly the same cost with an extra nic and some additional speed.

• Intel D2500CCE Atom D2500 w/ Dual Gigabit LAN
  
• 2 GB RAM (spare part from some laptop)
  
• Antec ISK 300-150 Black Mini-ITX Case
  
• 120 GB 2.5" disk (also a spare part)
  
  Pic
  
  Probably not the most efficient or cheapest build, but it runs like a tank :). Internal power supply isn't terribly efficient, but it's been working fine so far. It's wired into a Cyberpower CP1000AVRLCD UPS.
  
  
  

Here's an Intel based card I bought recently. It's HP branded, but dual Intel chips. Seems to be working good thus far, but I haven't stressed tested it.
HP NC364T PCIe 4Pt Gigabit Server... https://www.amazon.com/dp/B000P0NX3G?ref=ppx_pop_mob_ap_share

I picked up a Zotac Zbox a little over six months ago for my pfsense machine, and it's been running beautifully. Absolutely zero complaints so far. The price is just right, and the form factor is perfect for my needs.

https://www.amazon.com/dp/B0179S50UU/ref=cm_sw_r_cp_awdb_z5UMybQ3S3084

You could look at something like this, 1. The N3160 has AES-NI support 2.

1. https://www.amazon.com/Jetway-JBC323U591W-Braswell-Celeron-Fanless/dp/B01IE4MS12
   
   
2. https://ark.intel.com/products/91831/Intel-Celeron-Processor-N3160-2M-Cache-up-to-2_24-GHz
   
   edit: formatting

I'm really looking forward to seeing what they may do with the ERL; I've got three of them sitting around unused at this point, including an original plastic-cased unit.

I bought a SG-1000 and liked it so much that I ended up building a full-gigabit-capable box for home using one of these (along with a 32G mSATA SSD and 4G SODIMM) and putting the SG1K into my laptop bag for mobile use.

have this installed in about 3 or 4 different offices without issue. reliable af.
also, the SG-3100 is awesome for the price.

https://www.amazon.com/ZOTAC-Fanless-Graphics-Windows-ZBOX-CI325NANO-U-W2B/dp/B01MSNGYD1

Don't forget the OEM versions of the Intel Pro 1000:
(<$40)
https://www.amazon.com/HP-NC364T-Gigabit-Server-Adptr/dp/B000P0NX3G/ref=sr_1_3?keywords=quad+port+nic&qid=1557054316&s=gateway&sr=8-3

https://www.amazon.com/Dell-Adapter-Brackets-E1G44ET-DELL-HM9JY/dp/B018FEBH40/ref=sr_1_29?keywords=quad+port+nic&qid=1557054316&s=gateway&sr=8-29

You can definitely find them cheaper at times even on Amazon. One caveat, as always with older gear, is power consumption. IIRC these use somewhere in the mid teens as far as wattage goes. Modern cards are single digits.

E: the HP one may not be a pro 1000...

• 8 port switch: https://www.amazon.ca/gp/product/B00K4DS5KU/ref=ox_sc_act_title_1?smid=A3DWYIK6Y9EEQB&psc=1
  
• 16 port switch: https://www.amazon.ca/gp/product/B00K4DS67C/ref=ox_sc_act_title_2?smid=A3DWYIK6Y9EEQB&psc=1
  
• Firewall:
  https://www.amazon.ca/Qotom-Q190G4-Barebone-pfSense-Qotom-Q190G4-S02/dp/B06ZZ2YB76/ref=sr_1_1?ie=UTF8&qid=1496276296&sr=8-1&keywords=pfsense or the sg-2440? :)

I'm running mine on a little Zotac zbox, just needed to add in a bit of RAM and a hard drive. Works like a charm :-) Currently running squid, snort, and surricata with no issues.

What was your total after getting all the required components?

This unit seems to be the perfect pfSense box:

https://www.amazon.com/dp/B01AJEJG1A/

You really don't want your router doing wireless, it is preferable to have a dedicated Access Point (AP) doing wireless. Unfortunately what people think of "routers" now are actually three devices in one, they are a router, switch (multiple lan ethernet ports), and access point (wireless). Personally I feel the combo devices do a bad job at all three of those which is why I prefer to have dedicated devices for each piece. If you plan on using an existing router and just want wireless I would suggest the unifi ac lite access point.

https://www.amazon.com/Ubiquiti-Unifi-Ap-AC-Lite-UAPACLITEUS/dp/B015PR20GY

If you need a router as well then I would use the access point and pfsense for your router. You could use a wired nic like this in an existing computer.

https://www.amazon.com/Intel-1000-Dual-Server-Adapter/dp/B000BMZHX2/ref=sr_1_3?s=electronics&ie=UTF8&qid=1527380550&sr=1-3&keywords=intel+dual+gigabit

Pfsense does support wireless cards but trust me you don't want to go down that road for many reasons. Any time that topic comes up most users on this subreddit suggest against it myself included. I have tried building wireless into my pfsense build before and quickly abandoned it.

Hmm apparently that one has a similar case but different guts than mine because mine definitely has Intel NICs. I just looked up the one I have, it's a bit more expensive though: https://www.amazon.com/gp/product/B01KLEI1MI/ref=oh_aui_detailpage_o03_s00?ie=UTF8&psc=1

I have the same setup, but my guest SSID is disabled. I need to enable it and use VLANS.

I have a switch that is capable.

https://www.amazon.com/gp/product/B00K4DS5KU/ref=oh_aui_detailpage_o00_s00?ie=UTF8&psc=1

I picked up one of these Jetways:
https://www.amazon.com/Jetway-JBC323U591W-Braswell-Celeron-Fanless/dp/B01IE4MS12/

It has the N3150 which as AES. Also I replace the internal wireless card with a supported Athros chip. (I still recommend getting a Unify AP) Added 8GB of ram and a 24GB intel SLC msata SSD and a cheap 240GB MLC SSD (for proxy caching). I used the serial port for a GPS for NTP. Only thing it doesn't have I wish it did is a built in IPMI. I run QoS, Snort, OpenVPN, and Squid.

I see. Thanks for the explaination.


My questions then, is, what am I actually getting in the pfSense gear with the higher price. For example, if I got an SG-1000 and one of these Ubiquiti WAPs, what am I getting that I would in, say, a Linksys AC1900 at half the price. Hardware performance wise. (I realize it's also pfSense vs DDWRT)

I've been running this guy for about a year now. So much better than any of the off the shelf routers.

https://smile.amazon.com/Firewall-micro-appliance-Gigabit-Intel/dp/B01AJEJG1A

>https://www.amazon.com/gp/product/B00FAU898K/ref=ppx\_yo\_dt\_b\_search\_asin\_title?ie=UTF8&psc=1

Thank you! What makes the Chelsio cards so great?

Ended up going with this:

BLKD2500CCE Intel Desktop Board D2500CC Innovation Series BLKD2500CCE

M350 Universal Mini-ITX PC enclosure PicoPSU compatible;

Mini Box PicoPSU-150-XT 12V DC-DC ATX power supply

192w AC-DC Power Adapter, 12v 16A


Edit: and grabbed this... cause ya know... maybe 8gb will work, maybe i'll use it for my sophos build after this. aw yeah.

http://www.newegg.com/Product/Product.aspx?Item=N82E16820231294

Edit:

I should def go x64 2.2 right?

I know English isn't your native language so just to help; thin client is not the right word as it is specifically for client/server architectures and references the processing load the client assumes. In most cases pfSense is considered the server and it's processing load is not 'thin'.

There are many low power devices out there. Take a look at Zotac Zbox C - https://www.amazon.com/ZOTAC-Quad-Core-Graphics-Barebones-ZBOX-CI323NANO-U/dp/B0179S50UU/ref=sr_1_1?s=pc&ie=UTF8&qid=1479829776&sr=1-1&keywords=zotac+zbox

Or many solutions from JetWay -
https://www.amazon.com/s/ref=nb_sb_noss?url=search-alias%3Dcomputers&field-keywords=jetway

Better to buy it barebones. I spent less than that and have a 256G SSD and 8G RAM in mine.

Anything intel should be fine - have a couple of these working fine AFAIK https://www.amazon.co.uk/Intel-EXPI9402PT-1000Pt-Dual-Server-x/dp/B000BMZHX2

I would assume things like this

I used this box. Dual intel NICs, AES enabled. Pick up a small SSD and some ram, and you're set. I've been using this for around a year with zero issues. Handles a 100mbps openvpn connection with ease.

https://www.amazon.com/Jetway-JBC313U591W-3160-B-Braswell-Celeron-Barebone/dp/B01M25WO36/ref=sr_1_74?ie=UTF8&qid=1524199310&sr=8-74&keywords=pfsense#customerReviews

I like these. I have the older version.

https://www.amazon.com/Jetway-JBC313U591W-3160-B-Braswell-Celeron-Barebone/dp/B01M25WO36

And that model does have Intel NICs, AES-NI.

I built this one up to replace my dead repurposed Dell small-form-factor pc.
Firewall Micro Appliance With 2x Gigabit Intel LAN Ports, Barebone from Amazon
https://www.amazon.com/gp/product/B01KLECNDG/ref=oh_aui_detailpage_o07_s00?ie=UTF8&psc=1

Hardware Specifications:
Intel® Celeron Dual Core CPU J1800 64 bit, 2.49GHz, 2 MB L2 Cache
2x Intel® 82583V NIC ports (Note that Intel NIC ports are known to cause fewer problems than other vendors due to strong device driver support)
Hardware support for up to 8GB PC-1600 DDR3L RAM in a single SO-DIMM
Hardware support for one mSATA form factor SSD
1x USB 2.0 port
1x x USB 3.0 port
1x RJ-45 COM port
1x VGA port
Power Button LED, Power LED and HDD activity LED VESA mount for mounting to a wall or the back of a monitor
Power supply included with US cord
Runs on approximately 10 Watts under moderate load, 15W max
Optional Wireless card kit is available from Protectli. Card is USB Channel and fits in a designated PCIe form factor slot with USB communications
Pre-drilled holes are in the chassis for WiFi antennas
WiFi kit at https://www.amazon.com/dp/B01N9YVN6T
Dimensions are 5.2 x 4.9 x 1.5 inches (134 x 126 x 36 mm)
Weight is 1.25 lbs, (0.57 Kg)
Operating Temperature 14 to 122 degrees Fahrenheit (-10 to 50 degrees Celsius)
All metal enclosure for durability and heat dissipation

I have one of these and it works well.

https://www.amazon.ca/gp/product/B000P0NX3G/ref=oh_aui_detailpage_o00_s00?ie=UTF8&psc=1

Ended up buying this guy? https://www.amazon.com/gp/product/B002JLKNIW/ I figured even if its wrong or not great I'm just experimenting for now on. Thanks for the help!

I used a Zotac ZBOX CI323NANO for basically exactly what you're talking about. No fans, so it is silent. If you care about VPN, it has AES-NI.

It has Realtek NICs, but I haven't run into any problems with it. Throw some RAM and an SD card in and you're good to go.

Zotac zboxs are popular and a low end bare one box will run you about 200 in total https://www.amazon.com/ZOTAC-Quad-Core-Graphics-Barebones-ZBOX-CI323NANO-U/dp/B0179S50UU/ref=sr_1_1?ie=UTF8&qid=1469615562&sr=8-1&keywords=zbox

I mean people already have some janky ways to utilize GPUs externally for like a laptop or something, see the GDC adapter. So instead of a GPU you can always just put in a network card into one of those is what I'm thinking. Probably this combo:

Adapter

Card

​

Unless the network card is going to be as demanding as a GPU

That's a 64 bit PCI-X card, which might not work in the 32 bit PCI slot on that board. You could use the onboard Realtek as LAN and an Intel NIC as WAN (which I've done, with minimal performance/compatibility issues).

If you had a setup with a PCIe slot, I'd point you to this card.

I'd go with a real Intel NIC (never heard of 10Gtec).
https://www.amazon.com/Intel-1000-Dual-Server-Adapter/dp/B000BMZHX2/ref=sr_1_3?keywords=dual+port+intel+nic&qid=1557258765&s=gateway&sr=8-3


You can get a 4 port Intel card for $88

Supermicro Atom 1u server

http://www.amazon.com/gp/product/B004GKULFO/ref=wms_ohs_product?ie=UTF8&psc=1

Protecli

How about this router Firewall Micro Appliance With 4x Gbe Intel Lan Ports for PFSense https://www.amazon.com/dp/B01AJEJG1A/ref=cm_sw_r_cp_api_49sDybS33ETKK

https://www.amazon.com/dp/B01KLECNDG/ref=cm_sw_r_cp_dp_T2_p7rtzb52ST5DK Just need to add memory.

Or don't waste your money and get this one
Edit: make sure you request the low profile bracket if your case is low pro

TP-Link sells an 8 port for $30. Not sure of its performance verse the Netgear. It's rated at 16gbps for switching so all 8 ports switching full duplex at the full 1gbps all at once.

https://www.amazon.com/dp/B00K4DS5KU/

Just don't expect to have decent VPN performance, as the CPU in this doesn't support AES-NI, and it's quite a few generations old. You can look around for something with an N3150, which is only a year old at this point and supports AES-NI, the clock speed will be higher, quad-core, and it'll support more RAM all while keeping power consumption low. Also, the boards with this CPU can run fanless.

Here's one with dual-ethernet built in for only $150, still needs a HDD & RAM, but those are dirt cheap. http://www.amazon.com/ZOTAC-Quad-Core-Graphics-Barebones-ZBOX-CI323NANO-U/dp/B0179S50UU

It's not exactly what you're asking for but an entire rack mount server just for pfsense will probably waste a lot of power. your 150/150 connection shouldn't require a whole lot of muscle, even with more modules in pfsense. I picked up this mini pc a few months ago to use in pfsense but decided to re-purpose it as an HTPC. It ran pfsense fine except for the wifi card (not really needed anyway). Dual gigabit lan, pop a 4gb stick of ram and any laptop ssh/hdd you have laying around it it should handle anything you throw at it while pulling down less than ~40 watts.

I bought one of these, (but w/o ram and storage since I already had it)

never looked back.
runs w/o fan, fairly cheap for what you get. And I had no problems getting it going.
64bit, and its got enough cpu headroom that encryption / vpn isn't an issue with 1 - 3 users.

https://www.amazon.com/Firewall-micro-appliance-Gigabit-Intel/dp/B01AJEJG1A/ref=sr_1_1?ie=UTF8&qid=1511615877&sr=8-1&keywords=pfsense+box

Zotac ZBOX

Crucial 8gig stick

Samsung 850 EVO

My previous Realtek NIC box was cutting my line speeds in half and had a fan, this box still has Realtek NIC but it's not slowing me a bit at 100mbs speeds, has no fan, and is barely breaking a sweat. It has AES onboard but I've not done anything to push that. WiFi appears unsupported but I'm okay with that for now.

Cheap enough for you?

How to setup an AC-class Wi-Fi Router as an Access Point (New Blue UI)?

Sans that, grab one of these, they kick ass for the price.

The unifi ac-lite is $81 on amazon so out of your budget but it's just barely enough to cover my small ass apt.. your house is smaller than this?