Top products from r/PFSENSE

So, your hardware looks good. As to your intended usage:

Don't bridge NICs to create a switch. The switching will be done in CPU instead of on an ASIC and is not a great idea (though it is *possible*). Get yourself a managed or smart switch and call it a day. You can pick up a TP-Link SG-108E for about $40. Make sure whatever switch you choose supports 802.1q VLANs. This necessarily implies a smart or managed switch.

WiFi support on pfSense is abysmal, because FreeBSD's driver support for WiFi chipsets is abysmal. This is not going to change any time soon. You could go out of your way to find a chipset that is supported, or you could spend the $80 on a UAP-AC-Lite, be done with it, and not worry about it any more for years to come. A separate AP is going to outperform onboard WiFi all day long and is much less of a headache.

You're on the right track and everything you want to do with regards to VLANs, ACLs, etc. that box can do for years to come. But you should really split off switching and wireless to dedicated devices, just for the sake of less headache and more performance.

EDIT: Here is a thread from just a couple months ago that implies that the onboard WiFi chipset on your chosen board is not (yet) supported on FreeBSD. The FreeBSD iwm module manpage shows previous versions of this chipset *are* supported, so support for your chipset may come in the future. But that could be months or years away.

> Could you give me an example link?

Sure, try this. There are a lot of things like this on Amazon, it's basically just a tiny NUC PC with multiple network ports. There are a lot of them available, some are barebones (add your own RAM and SSD), some come ready to use out with RAM and SSD pre-installed. Some have two Ethernet ports, some have four, some have one.
In general they make pretty good pfSense firewalls. You hook them up to a monitor+keyboard, then download the normal pfSense community edition installer, put that on a USB stick, and boot the little thing from that USB stick. It then installs pfSense onto the internal SSD on the machine, and then you have a firewall :)

It's usually better to buy a real pfSense unit as that helps support the project and the developers, but when cost is the absolute primary concern, these little things are a decent option.

> But to have to spend $370 (+ship) ... for just a one person apartment seems like overkill - unless that Linkys WRT is so compromised (security wise) that it doesn't matter what firmware I run.

I don't think that's a realistic concern. While it is (theoretically) possible that there's some kind of hardware backdoor or bootloader virus in the WRT, this seems highly unlikely. If you're just a normal user who wants to stay private, the WRT with DD-WRT or Tomato is fine. If you are worried about being actively targeted by state actors, then $400 of hardware is (or should be) the least of your concerns.

So it sounds like your plan should be just buy the WRT and reflash it :)

Edit: as /u/snarfattack and /u/svenvv noted the one that I linked below (with a Celeron J1900) doesn't support AES-NI and will not be compatible with PFSense 2.5.

Looks good but at when you're looking for one of the refurbs and you're looking to put another LAN card in it you might consider just going with a fanless box like this one. This is what I use and I love it.

With that said your plan for the refurb should work fine; I used to run mine off similar boxes quite comfortably.

I bought a refurbished hp 8300 that has 8GB or RAM and an intel Core i5-3470 3.2GHz Quad-Core -- that CPU has AES-NI which means that if you want to do any sort of encryption (like run a VPN or do active MitM on network traffic) you'll be able to do it easily.

The issues are that the refurb doesn't have 2 ethernet ports and no ssd. So I bought an 120GB ssd and a pci-e dual port and it's perfect.

hp 8300

dual Gbit ethernet

ssd

honestly for less than 300 bucks if you can do better let me know.

I have one of these and it is brilliant:

https://www.amazon.com/Firewall-micro-appliance-Gigabit-Intel/dp/B01AJEJG1A/ref=sr_1_2?ie=UTF8&qid=1496019883&sr=8-2&keywords=pfsense

I use the OPT interfaces trunked to a managed switch and a wireless AP (ASUS router with tomato shibby). It's quiet, fanless and it runs snort, pfBlockerNG, OpenVPN 24/7 just fine! I have at least 5 clients running all the time and a Plex server that friends use. It's a beautiful little box.

Goodness an i3 or i5 would be overkill. Not sure why you would limit to Skylake or later as well.

The SG-3100 would handle his connection just fine. That said, he could also grab one of the Minnowboard Turbots off of Amazon as well.

If he wants to build it himself, he could use any of the C2000 series Atom processors as well. While it would be consume significantly more power, a Pentium G4560 would be even more powerful (though you may want to pair it with an external NIC).

It depends on your budget and technical abilities. For most people getting into this type of networking I usually recommend any of Ubiquiti's Unifi equipment. It all runs off a single web UI and is more user friendly than more serious equipment. You could get a basic 8 port switch and AP from them for less than $200.

Something like this switch and this AP

The AP is powered by the switch using POE (power over ethernet) so you don't need to connect any other cables to it. Unifi is prosumer, it's not quite enterprise level, but it runs on the same principles and can still do some relatively high-level stuff.

Some people in here don't like Ubiquiti products, as they're kind of like the Apple of networking gear, but they provide good products and a good UI imo. I think it's a good way to go for people getting into this side of things. You can get similar TPLink gear for cheaper, but its configuration is more difficult imo.

For me pfsense is everything I wanted edgerouter to be. The thing I like best about it is the vpn functionality. I was never able to get edgerouter working quite right. I bought this box from amazon and it works great. https://www.amazon.com/Firewall-Micro-Appliance-Gigabit-Intel/dp/B01KLEI1MI/ref=sr_1_13?ie=UTF8&qid=1497621924&sr=8-13&keywords=pfsense

I was looking to upgrade my Alix 2D3 to something like this. I did NOT purchase it and I have no affiliation with the seller, you can search on ebay and other places for similar hardware. I'm keeping an eye out for something like that but maybe in the $150 range. Right now I moved to a consumer router that I got for a great deal. It's running a custom firmware, offers dual wan, and it's working out well enough for what I need at home but does have some quirky issues. I do miss pfSense, if I find a good deal on low watt system I'll probably jump back.

Occasionally you can find decent info on the pfSense forums as well.

http://www.amazon.com/dp/B01AJEJG1A

Looks the same as some other units, but it has pfsense specific labeling (OPT1, OPT2, etc). Loads of 5 star reviews and i've been super happy with the performance.

Think i finaly found the best Mini PC for now... Jetway HBJC313U591W-3160B

its a Braswell N3160 withDual Intel NICs. Not a bad deal for $220+shipping (No RAMor Storage) Uses mSATA/Mini PCI-E Slot (Full Size)

N3160 supports AES-NI

its also available on Amazon

Comments & feedback welcome

An easy way to set it up is to get this smart switch and connect it to your router. I find it extremely cheap cost wise, and it supports untagged VLAN traffic to specific ports. That means your device won't have to know it's on a VLAN and this switch will do the tagging for you.

https://www.amazon.com/dp/B00K4DS5KU

I use this one, it handles vlans (it’s not a full blown managed switch, kind of an in between)
I only have 2 nics as well, and this seemed like a better option to me at the time. Good luck!

If you're going to install Linux on a machine, use KVM with qemu, and use Libvirt to manage it. (You really don't want a gui on a server, it eats up resources that could be allocated to much more important things, like vms). KVM is far and above superior for server visualization workloads over virtualbox. I'd recommend that you also grab a intel dual port nic and pass it through to the vm. I personally use these nics.

If you want some starting points let me know and I can send you some of my documentation on doing this properly.

Perfect. That's actually the one I meant to link, but forgot. I am thinking the 8 port version.

Looks like TP-Link could save me a few bucks.
https://www.amazon.com/TP-Link-Gigabit-Ethernet-Managed-TL-SG108E/dp/B00K4DS5KU/ref=sr_1_2?s=electronics&ie=UTF8&qid=1496602150&sr=1-2&keywords=vlan+switch+8-port

Excellent. One more thing, comparing a netgate box to something like this: https://www.amazon.com/dp/B01AJEJG1A/ref=cm_sw_r_cp_api_pUyCybV02ABSP
Is it worth purchasing dedicated hardware with the ASIC, or is it hard to tell the difference? Saw this and it's got similar specs to the 2440.

I have gigabit fiber and got this box: https://amzn.com/B01AJEJG1A

LOVE it. Handles gigabit beautifully.

Since your using psfense router it's essy. Been working great for me for a couple years now.

You can bypass the AT&T gateway completely. Been working great for me for a couple months.

You'll need this also TP-Link 8 Port switch.On the TpLink you have to use 802.1Q tagging. I left 3 default for ont, gateway and pfsense. then tagged the others to vlan 3.

read all the stuff here http://www.dslreports.com/forum/r29903721-AT-T-Residential-Gateway-Bypass-True-bridge-mode

Zotac CI323 NANO-U is much cheaper. It has an Intel N3150 and it supports AES-NI. Uses less watts. It's shipped and sold by Amazon and comes from a well known company that I'm sure has a warranty and support. https://www.amazon.com/gp/aw/d/B0179S50UU/?th=1&psc=1

I'd recommend something similar to the Dell Optiplex 3010 Small Form Factor (SFF). While it's not as small as the 3040M it does allow PCIe expansion. $280 seems like a lot. On eBay, I found the 3010 SFF for less than $100. My network is setup for Gigabit but I don't get Gigabit speeds from my ISP unfortunately.

​

• Dell Optiplex 3010 SFF or equivalent SFF
  
  • Very small while still upgradable
    
• Intel 2nd Gen or newer
  
  • I have an i5 3470 and I haven't seen it go past ~10% utilization
    
  • Even an i3 should be perfectly fine
    
• For a NIC, anything Intel that's rated Gigabit
  
  • I got an Intel PRO/1000 VT: https://www.amazon.com/Intel-1000-Server-Adapter-EXPI9404VT/dp/B002JLKNIW/
    
    Edit: I also use SNORT and pfblockerNG.

I searched through my order history to get this for you. I have my install virtualized in esxi, though this is fully supported by pfsense as well.

HP NC364T PCI Express Quad-Port Gigabit Server Adapter
https://www.amazon.com/dp/B000P0NX3G/ref=cm_sw_r_cp_awdb_6ABYzbC2R7ZK2

Great if you want/need a couple of extra ports.

Honestly, the $100-$150 price point is going to be very difficult to beat -- I'm not aware of any machines at that price point myself. We generally consider it a good deal to beat $400 to the lowest end boxes we use (we require gig throughput), which is a bit more than what you are able to get away with.

We did find these great machines for $190 apiece recently -- http://www.amazon.com/gp/product/B014113N70 -- We're not using them as firewalls, but in terms of the specs they'd do just fine for gigabit throughput.

Looks like this is a close cousin for a different arrangement of ports that might be more suited to pfSense for $170: http://www.amazon.com/products-barebone-J1900-Industrial-computer/dp/B019Z8T9J0

https://www.amazon.com/TP-Link-Gigabit-Ethernet-Managed-TL-SG108E/dp/B00K4DS5KU/ref=sr_1_1?ie=UTF8&qid=1501606532&sr=8-1&keywords=smart+ethernet+switch


Get one of these. 30 bucks and does basic vlan and some other nifty things. Definitely not "enterprise" features, more like SOHO, but enough to get you started setting up a more robust network.

Oh yeah headless can work out fine, assuming you have a bit of experience and won't fuck it up completely ¯\(ツ)/¯

As far as I'm aware, ESXi is completely headless with no control from the host at all. If I were to irreparably fuck up the settings, to the point I cannot connect (Say I tried setting up another DHCP server or disabled the internal one) I'd need to re-wire the host, and whatever client I'm using to connect.

As far as I can tell it's all genuine, here is a similar (stripped) version of the same device, but on American amazon. Lots of good reviews. And while it will probably last me the rest of my life, as Saskatchewan's fastest possible speed on fiber is 260Mb/s and I don't see it ever hitting >1Gb/s, it's still $260 with shipping. But yeah I'll probably grab it if another user doesn't find a cheaper router.

Thanks everyone for your great advice. The APU2 looked like a surprisingly affordable option that had AES-NI, but after /u/gonzopancho comments I think I will shy away from that one. After realizing that I'll likely need a switch for what I want to do anyway, its looking like I'm going to go with either the suggestion from /u/madrascafe this Jetway box or a supermicro board that was discussed in the thread he/she linked to.

Have you looked through this guide: https://nguvu.org/pfsense/pfsense-2.3-setup/ ?

Replace AirVPN with your VPN provider. This guide assumes you also have a switch that is capable managing vlans. Add every device you want connected to VPN on a separate vlan.

If you don't have a vlan capable switch you can get a cheap tp-link one for $30 on amazon: https://www.amazon.com/TP-Link-Gigabit-Ethernet-Managed-TL-SG108E/dp/B00K4DS5KU/ref=sr_1_2?ie=UTF8&qid=1496901694&sr=8-2&keywords=tp+link+smart+switch

I have a quad port NIC on my pfsense box and it only has two physical connections: WAN and LAN. WAN is connected to my ISP and LAN is connected to my vlan capable switch. pfsense manages all the routing.

Also the guide talks about mitigating dnsleaks so follow the instructions very carefully.

I've been using this Zotac Barebones for my pfSense firewall. It came in at around $200 after 4GB of RAM and a small SSD. It works great for my 100/100 connection and supports AES-NI.

Another option would be to go with one of their official appliances. The SG-1000 costs $149 and comes with pfSense installed.

If building a router, choose one where the CPU supports AES-NI. Here is a great choice.

Alternatively you could setup a VM on your PC. I had this going until I built my own pfSense router when my Asus AC68 was not up to snuff for my VPN throughput.

PFsense has issues with PPPoE and gigabit if you're using an Intel NIC that uses the IGB driver. An alternative is finding a card that uses the EM driver. Not sure if ESXi eliminates that issue but definitely make sure you're not using the E1000 NIC.

https://redmine.pfsense.org/issues/4821

Source: Just got my CenturyLink Gigabit PFsense setup running last week. Also using that same guide.

Just bought the JBC313U591W-3160-B. Looks like it will be a nice machine with Intel NICS and does AES-NI. Runs warm but others that have used it says it works really well.

The tp-link is in fact based on a Realtek chip. So that's likely your problem. A dual-port Intel will probably help out greatly and can be had relatively cheaply online. This is one that you can get dead cheap and will work great with PFSense.

Thing about Realteks I've noticed with PFSense is that the failures are not always noticeable in any of the dashboards, and tend to be "creeping" issues rather than immediate and obvious failures. It seems to my mind that the Realtek is an easy replacement that should probably be in your troubleshooting future.

Hope that helps :)

This is my pfsense board. I think it idles around 12w. Peak at boot is something like 20w. Handles my 100mbps down easily.

Intel D2500CCE Atom D2500 Dual LAN & Dual COM Mini-ITX Motherboard, BLKD2500CCE https://www.amazon.com/dp/B006ICQ3FK/ref=cm_sw_r_cp_apa_kOCiybBSPWW79

My server is a supermicro 8 core Avoton with quad gigabit NICs. There is a 4 core version as well.

Supermicro Atom C2758 64GB DDR3 PCIE SATA USB Mini ITX DDR3 1333 NA Motherboards MBD-A1SRI-2758F-O https://www.amazon.com/dp/B00FM4M7TQ/ref=cm_sw_r_cp_apa_gTCiyb913EVZA

Both have been absolutely solid performers and low power consumers.

> Zotac CI323

So for $239, I can get the CI325 running Intel 3160, with 32gb msata and 4gb ram.

Think that might help via proxy + squid?

https://www.amazon.com/dp/B01MSNGYD1/ref=psdc_13896591011_t4_B01M25WO36?th=1

I am not even sure I am using squid. I use snort and PFBlockerNG. So think the Zotac is good with those?

You can absolutely do this with pfSense. If you Google "pfsense openvpn site to site" you'll get a bunch of results -- I just looked at the first one and it looks pretty complete.

​

I have exactly this setup between my house and my parents' house so I can do remote backups and family IT stuff. I'm virtualized on my end (proxmox) and running on a tiny appliance like this on the other end.

From my understanding pfsense doesn't do well with wifi cards. If you already have a router you could set it to AP mode and use it for wireless. Another popular option is to get a Ubiquiti device and use it for wireless. I myself have gone that route and use the AP-AC Lite. I don't really have a suggestion on a psu and case as I already have those. This case is what I'll be using since I already have it. I'll probably just go with this ram since it is pretty cheap.

The unit works well. Just be sure and get the serial console cable. It does much better than the APU1c unit did for me. That being said, I would seriously look at this unit instead. Looks to be roughly the same cost with an extra nic and some additional speed.

Get a Minnowboard Turbot Dual-E. Has real Intel Ethernets. Runs 2.4 like a champ.

• Intel D2500CCE Atom D2500 w/ Dual Gigabit LAN
  
• 2 GB RAM (spare part from some laptop)
  
• Antec ISK 300-150 Black Mini-ITX Case
  
• 120 GB 2.5" disk (also a spare part)
  
  Pic
  
  Probably not the most efficient or cheapest build, but it runs like a tank :). Internal power supply isn't terribly efficient, but it's been working fine so far. It's wired into a Cyberpower CP1000AVRLCD UPS.
  
  
  

Here's an Intel based card I bought recently. It's HP branded, but dual Intel chips. Seems to be working good thus far, but I haven't stressed tested it.
HP NC364T PCIe 4Pt Gigabit Server... https://www.amazon.com/dp/B000P0NX3G?ref=ppx_pop_mob_ap_share

I picked up a Zotac Zbox a little over six months ago for my pfsense machine, and it's been running beautifully. Absolutely zero complaints so far. The price is just right, and the form factor is perfect for my needs.

https://www.amazon.com/dp/B0179S50UU/ref=cm_sw_r_cp_awdb_z5UMybQ3S3084

You are almost making me change my mind ;)
Here is what I could consider aside from the sg-3100.

https://www.amazon.ca/QOTOM-Q330G4-Mini-Barebone-pfSense/dp/B074PK8ZVG/ref=sr_1_2?ie=UTF8&qid=1518383025&sr=8-2&keywords=pfsense

https://www.amazon.ca/mSATA-Industrial-Grade-Enterprise-Class/dp/B0711K4RJ4/ref=pd_bxgy_147_img_2?_encoding=UTF8&psc=1&refRID=Q3MS2JBS1MDAB0VAAMRQ

https://www.amazon.ca/Crucial-Single-PC3-12800-Unbuffered-204-Pin/dp/B005LDLV6S/ref=pd_sim_147_2?_encoding=UTF8&psc=1&refRID=Q3MS2JBS1MDAB0VAAMRQ
or
https://www.amazon.ca/Crucial-Single-PC3-12800-Unbuffered-204-Pin/dp/B006YG8X9Y/ref=pd_sim_147_3?_encoding=UTF8&psc=1&refRID=Q3MS2JBS1MDAB0VAAMRQ


So this would be 400$ +taxes Canadian and the sg-3100 would turn around 500-520$ Canadian.

The Qotom takes a bit more power.. would this matter on the electricity bill at the end of the month? :) I don't know.



edits: I wish Netgate had some coupons.

Take a look at this box from Netgate themselves. I believe it was originally announced as the SG-2340, but they wound up having issues with the HDMI port when trying to plug in a monitor after it's already running so it's no longer an official pfSense box.

I don't know about using it to run VM's, but it's pretty slick as a pure pfSense appliance.

You could look at something like this, 1. The N3160 has AES-NI support 2.

1. https://www.amazon.com/Jetway-JBC323U591W-Braswell-Celeron-Fanless/dp/B01IE4MS12
   
   
2. https://ark.intel.com/products/91831/Intel-Celeron-Processor-N3160-2M-Cache-up-to-2_24-GHz
   
   edit: formatting

I'm really looking forward to seeing what they may do with the ERL; I've got three of them sitting around unused at this point, including an original plastic-cased unit.

I bought a SG-1000 and liked it so much that I ended up building a full-gigabit-capable box for home using one of these (along with a 32G mSATA SSD and 4G SODIMM) and putting the SG1K into my laptop bag for mobile use.

have this installed in about 3 or 4 different offices without issue. reliable af.
also, the SG-3100 is awesome for the price.

https://www.amazon.com/ZOTAC-Fanless-Graphics-Windows-ZBOX-CI325NANO-U-W2B/dp/B01MSNGYD1

Don't forget the OEM versions of the Intel Pro 1000:
(<$40)
https://www.amazon.com/HP-NC364T-Gigabit-Server-Adptr/dp/B000P0NX3G/ref=sr_1_3?keywords=quad+port+nic&qid=1557054316&s=gateway&sr=8-3

https://www.amazon.com/Dell-Adapter-Brackets-E1G44ET-DELL-HM9JY/dp/B018FEBH40/ref=sr_1_29?keywords=quad+port+nic&qid=1557054316&s=gateway&sr=8-29

You can definitely find them cheaper at times even on Amazon. One caveat, as always with older gear, is power consumption. IIRC these use somewhere in the mid teens as far as wattage goes. Modern cards are single digits.

E: the HP one may not be a pro 1000...

I'm running mine on a little Zotac zbox, just needed to add in a bit of RAM and a hard drive. Works like a charm :-) Currently running squid, snort, and surricata with no issues.

What was your total after getting all the required components?

This unit seems to be the perfect pfSense box:

https://www.amazon.com/dp/B01AJEJG1A/

You really don't want your router doing wireless, it is preferable to have a dedicated Access Point (AP) doing wireless. Unfortunately what people think of "routers" now are actually three devices in one, they are a router, switch (multiple lan ethernet ports), and access point (wireless). Personally I feel the combo devices do a bad job at all three of those which is why I prefer to have dedicated devices for each piece. If you plan on using an existing router and just want wireless I would suggest the unifi ac lite access point.

https://www.amazon.com/Ubiquiti-Unifi-Ap-AC-Lite-UAPACLITEUS/dp/B015PR20GY

If you need a router as well then I would use the access point and pfsense for your router. You could use a wired nic like this in an existing computer.

https://www.amazon.com/Intel-1000-Dual-Server-Adapter/dp/B000BMZHX2/ref=sr_1_3?s=electronics&ie=UTF8&qid=1527380550&sr=1-3&keywords=intel+dual+gigabit

Pfsense does support wireless cards but trust me you don't want to go down that road for many reasons. Any time that topic comes up most users on this subreddit suggest against it myself included. I have tried building wireless into my pfsense build before and quickly abandoned it.

Hmm apparently that one has a similar case but different guts than mine because mine definitely has Intel NICs. I just looked up the one I have, it's a bit more expensive though: https://www.amazon.com/gp/product/B01KLEI1MI/ref=oh_aui_detailpage_o03_s00?ie=UTF8&psc=1

I have the same setup, but my guest SSID is disabled. I need to enable it and use VLANS.

I have a switch that is capable.

https://www.amazon.com/gp/product/B00K4DS5KU/ref=oh_aui_detailpage_o00_s00?ie=UTF8&psc=1

I picked up one of these Jetways:
https://www.amazon.com/Jetway-JBC323U591W-Braswell-Celeron-Fanless/dp/B01IE4MS12/

It has the N3150 which as AES. Also I replace the internal wireless card with a supported Athros chip. (I still recommend getting a Unify AP) Added 8GB of ram and a 24GB intel SLC msata SSD and a cheap 240GB MLC SSD (for proxy caching). I used the serial port for a GPS for NTP. Only thing it doesn't have I wish it did is a built in IPMI. I run QoS, Snort, OpenVPN, and Squid.

I see. Thanks for the explaination.


My questions then, is, what am I actually getting in the pfSense gear with the higher price. For example, if I got an SG-1000 and one of these Ubiquiti WAPs, what am I getting that I would in, say, a Linksys AC1900 at half the price. Hardware performance wise. (I realize it's also pfSense vs DDWRT)

Pretty much any entry level managed switch will do.

TPlink, netgear, and trendnet all have entry level web managed switches that do VLANs for around ~30.

https://www.amazon.com/gp/aw/d/B00HGLVZLY/ref=mp_s_a_1_1?ie=UTF8&qid=1496598384&sr=8-1&pi=AC_SX236_SY340_QL65&keywords=netgear+vlan&dpPl=1&dpID=41ClMxcjRoL&ref=plSrch

I've been running this guy for about a year now. So much better than any of the off the shelf routers.

https://smile.amazon.com/Firewall-micro-appliance-Gigabit-Intel/dp/B01AJEJG1A

Ended up going with this:

BLKD2500CCE Intel Desktop Board D2500CC Innovation Series BLKD2500CCE

M350 Universal Mini-ITX PC enclosure PicoPSU compatible;

Mini Box PicoPSU-150-XT 12V DC-DC ATX power supply

192w AC-DC Power Adapter, 12v 16A


Edit: and grabbed this... cause ya know... maybe 8gb will work, maybe i'll use it for my sophos build after this. aw yeah.

http://www.newegg.com/Product/Product.aspx?Item=N82E16820231294

Edit:

I should def go x64 2.2 right?

I know English isn't your native language so just to help; thin client is not the right word as it is specifically for client/server architectures and references the processing load the client assumes. In most cases pfSense is considered the server and it's processing load is not 'thin'.

There are many low power devices out there. Take a look at Zotac Zbox C - https://www.amazon.com/ZOTAC-Quad-Core-Graphics-Barebones-ZBOX-CI323NANO-U/dp/B0179S50UU/ref=sr_1_1?s=pc&ie=UTF8&qid=1479829776&sr=1-1&keywords=zotac+zbox

Or many solutions from JetWay -
https://www.amazon.com/s/ref=nb_sb_noss?url=search-alias%3Dcomputers&field-keywords=jetway

Better to buy it barebones. I spent less than that and have a 256G SSD and 8G RAM in mine.

Anything intel should be fine - have a couple of these working fine AFAIK https://www.amazon.co.uk/Intel-EXPI9402PT-1000Pt-Dual-Server-x/dp/B000BMZHX2

I would assume things like this

I used this box. Dual intel NICs, AES enabled. Pick up a small SSD and some ram, and you're set. I've been using this for around a year with zero issues. Handles a 100mbps openvpn connection with ease.

https://www.amazon.com/Jetway-JBC313U591W-3160-B-Braswell-Celeron-Barebone/dp/B01M25WO36/ref=sr_1_74?ie=UTF8&qid=1524199310&sr=8-74&keywords=pfsense#customerReviews

I like these. I have the older version.

https://www.amazon.com/Jetway-JBC313U591W-3160-B-Braswell-Celeron-Barebone/dp/B01M25WO36

And that model does have Intel NICs, AES-NI.

I built this one up to replace my dead repurposed Dell small-form-factor pc.
Firewall Micro Appliance With 2x Gigabit Intel LAN Ports, Barebone from Amazon
https://www.amazon.com/gp/product/B01KLECNDG/ref=oh_aui_detailpage_o07_s00?ie=UTF8&psc=1

Hardware Specifications:
Intel® Celeron Dual Core CPU J1800 64 bit, 2.49GHz, 2 MB L2 Cache
2x Intel® 82583V NIC ports (Note that Intel NIC ports are known to cause fewer problems than other vendors due to strong device driver support)
Hardware support for up to 8GB PC-1600 DDR3L RAM in a single SO-DIMM
Hardware support for one mSATA form factor SSD
1x USB 2.0 port
1x x USB 3.0 port
1x RJ-45 COM port
1x VGA port
Power Button LED, Power LED and HDD activity LED VESA mount for mounting to a wall or the back of a monitor
Power supply included with US cord
Runs on approximately 10 Watts under moderate load, 15W max
Optional Wireless card kit is available from Protectli. Card is USB Channel and fits in a designated PCIe form factor slot with USB communications
Pre-drilled holes are in the chassis for WiFi antennas
WiFi kit at https://www.amazon.com/dp/B01N9YVN6T
Dimensions are 5.2 x 4.9 x 1.5 inches (134 x 126 x 36 mm)
Weight is 1.25 lbs, (0.57 Kg)
Operating Temperature 14 to 122 degrees Fahrenheit (-10 to 50 degrees Celsius)
All metal enclosure for durability and heat dissipation

I have one of these and it works well.

https://www.amazon.ca/gp/product/B000P0NX3G/ref=oh_aui_detailpage_o00_s00?ie=UTF8&psc=1

Ended up buying this guy? https://www.amazon.com/gp/product/B002JLKNIW/ I figured even if its wrong or not great I'm just experimenting for now on. Thanks for the help!

I used a Zotac ZBOX CI323NANO for basically exactly what you're talking about. No fans, so it is silent. If you care about VPN, it has AES-NI.

It has Realtek NICs, but I haven't run into any problems with it. Throw some RAM and an SD card in and you're good to go.

SG-3100 and 4 to 8 port managed switch is still cheaper than this obsolete hardware.

SG-3100: https://store.netgate.com/SG-3100.aspx

5 port managed switch on amazon: www.amazon.com/NETGEAR-Gigabit-Lifetime-Protection-GS105Ev2/dp/B00HGLVZLY/r

A rack shelf: https://www.amazon.com/s?k=rack+shelf&i=electronics&ref=nb_sb_noss_1

Still cheaper, and you further the pfSense project with your purchase of the SG-3100

Zotac zboxs are popular and a low end bare one box will run you about 200 in total https://www.amazon.com/ZOTAC-Quad-Core-Graphics-Barebones-ZBOX-CI323NANO-U/dp/B0179S50UU/ref=sr_1_1?ie=UTF8&qid=1469615562&sr=8-1&keywords=zbox

I have the Q190G4s from Qotom these days... They're all over Amazon - https://www.amazon.com/original-Qotom-Q190G4-celeron-OpenElec-player/dp/B01AAKGRSS

$200 with 32GB and 4GB; you can get it bare for $60 or so less.

I mean people already have some janky ways to utilize GPUs externally for like a laptop or something, see the GDC adapter. So instead of a GPU you can always just put in a network card into one of those is what I'm thinking. Probably this combo:

Adapter

Card

​

Unless the network card is going to be as demanding as a GPU

That's a 64 bit PCI-X card, which might not work in the 32 bit PCI slot on that board. You could use the onboard Realtek as LAN and an Intel NIC as WAN (which I've done, with minimal performance/compatibility issues).

If you had a setup with a PCIe slot, I'd point you to this card.

I'd go with a real Intel NIC (never heard of 10Gtec).
https://www.amazon.com/Intel-1000-Dual-Server-Adapter/dp/B000BMZHX2/ref=sr_1_3?keywords=dual+port+intel+nic&qid=1557258765&s=gateway&sr=8-3


You can get a 4 port Intel card for $88

https://www.amazon.com/dp/B002JLKNIW

Same thing but cheaper.

or ~$34 more, already populated (Just found this)

qotom 4 nics:https://www.amazon.com/dp/B01AAKGRSS

Protecli

How about this router Firewall Micro Appliance With 4x Gbe Intel Lan Ports for PFSense https://www.amazon.com/dp/B01AJEJG1A/ref=cm_sw_r_cp_api_49sDybS33ETKK

https://www.amazon.com/dp/B01KLECNDG/ref=cm_sw_r_cp_dp_T2_p7rtzb52ST5DK Just need to add memory.

Is there any reason to really use a thumb drive?

SSDs are $20. Save yourself some headache.

Minnowboard Turbot Dual-E (formerly known as SG-2300 series) comes in two flavors:

$249 dual core: https://www.amazon.com/Firewall-Appliance-Gigabit-MinnowBoard-Turbot/dp/B071XNG1BZ

$349 quad core: https://www.amazon.com/Firewall-Appliance-Gigabit-MinnowBoard-Turbot/dp/B0722JRVCH

https://www.amazon.com/Firewall-Appliance-Gigabit-MinnowBoard-Turbot/dp/B071XNG1BZ/ref=lp_8183207011_1_6?srs=8183207011&ie=UTF8&qid=1496502772&sr=8-6

I just recently switch to a quad core model on amazon total cost was $315. It was a barebones system and you had to get the ram and hdd for it. Works fine, my speeds have never been stable but I can atleast spike to 925MB/s (it averages 750 depending on where I test it). I feel my limitation is the provider not the hardware as others have stated it is fine for gigabit.

Here is the hw i got:

http://www.amazon.com/gp/product/B01MEGSMRZ/

http://www.amazon.com/gp/product/B006YG8X9Y/

http://www.amazon.com/gp/product/B00K67E5DA/

You'd be a fool to not use two of these with ZFS:

https://www.amazon.com/Kingston-120GB-Solid-SA400S37-120G/dp/B01N6JQS8C

Downvoted? Ok have fun when your flash stick fails. For $50 you could have redundant SSDs.

Not joking. $19.99, rated to 40TB writes

https://www.amazon.com/Kingston-120GB-Solid-SA400S37-120G/dp/B01N6JQS8C

Or don't waste your money and get this one
Edit: make sure you request the low profile bracket if your case is low pro

TP-Link sells an 8 port for $30. Not sure of its performance verse the Netgear. It's rated at 16gbps for switching so all 8 ports switching full duplex at the full 1gbps all at once.

https://www.amazon.com/dp/B00K4DS5KU/

Just don't expect to have decent VPN performance, as the CPU in this doesn't support AES-NI, and it's quite a few generations old. You can look around for something with an N3150, which is only a year old at this point and supports AES-NI, the clock speed will be higher, quad-core, and it'll support more RAM all while keeping power consumption low. Also, the boards with this CPU can run fanless.

Here's one with dual-ethernet built in for only $150, still needs a HDD & RAM, but those are dirt cheap. http://www.amazon.com/ZOTAC-Quad-Core-Graphics-Barebones-ZBOX-CI323NANO-U/dp/B0179S50UU

>You'd be a fool to not use two of these with ZFS:
>
>https://www.amazon.com/Kingston-120GB-Solid-SA400S37-120G/dp/B01N6JQS8C
>
>Downvoted? Ok have fun when your flash stick fails. For $50 you could have redundant SSDs.

The reason I wouldn't do it it's because it would be a complete pain in the ass to set up, and we never fail over at boot time properly.

If the pfSense installer supports it through a gui: sure.

But we all know that open source and user interfaces don't go together.

It's not exactly what you're asking for but an entire rack mount server just for pfsense will probably waste a lot of power. your 150/150 connection shouldn't require a whole lot of muscle, even with more modules in pfsense. I picked up this mini pc a few months ago to use in pfsense but decided to re-purpose it as an HTPC. It ran pfsense fine except for the wifi card (not really needed anyway). Dual gigabit lan, pop a 4gb stick of ram and any laptop ssh/hdd you have laying around it it should handle anything you throw at it while pulling down less than ~40 watts.

I bought one of these, (but w/o ram and storage since I already had it)

never looked back.
runs w/o fan, fairly cheap for what you get. And I had no problems getting it going.
64bit, and its got enough cpu headroom that encryption / vpn isn't an issue with 1 - 3 users.

https://www.amazon.com/Firewall-micro-appliance-Gigabit-Intel/dp/B01AJEJG1A/ref=sr_1_1?ie=UTF8&qid=1511615877&sr=8-1&keywords=pfsense+box

Zotac ZBOX

Crucial 8gig stick

Samsung 850 EVO

My previous Realtek NIC box was cutting my line speeds in half and had a fan, this box still has Realtek NIC but it's not slowing me a bit at 100mbs speeds, has no fan, and is barely breaking a sweat. It has AES onboard but I've not done anything to push that. WiFi appears unsupported but I'm okay with that for now.

Cheap enough for you?

pcengines is cpu limited, will have trouble above 500 Mbps,

​

One more to condsider Minnow board probably about the same level as the protectli.

The unifi ac-lite is $81 on amazon so out of your budget but it's just barely enough to cover my small ass apt.. your house is smaller than this?