The pfSense Store
By purchasing from the pfSense Store, you are not only supporting the project, you are simplifying the process of selecting the right hardware for your needs. The hardware appliances in the pfSense Store have been tested and deployed in a wide range of large and small network environments. What's more, eligble hardware purchases from the store come bundled with one year of support for the pfSense software.
READY TO GO
Appliances comes pre-installed with hardware specific tuning.
No artificial limits on the number of users, connections, etc.
All of the features are included on every box, large or small.
|Best Used For
Remote Branch Office
||2GB or 4GB DDR3
|Max Active Connections
||1,800,000 or 3,900,000
||8GB SDHC Card
||4GB SLC CF Card or 120GB SSD
||Buy It Now
— OR —View More Details
|Buy It Now
— OR —View More Details
|Buy It Now
— OR —View More Details
Minimum Hardware Requirements
The following outlines the minimum hardware requirements for pfSense 2.x. Note the minimum requirements are not suitable for all environments, see the Hardware Sizing Guidlines for more information. You may be able to get by with less than the minimum, but with less memory you may start swapping to disk, which will dramatically slow down your system.
- CPU - Pentium II processor
- RAM - 256 MB
Requirements Specific to Individual Platforms:
- Live CD
- CD-ROM drive
- USB flash drive or floppy drive to hold configuration file
- Hard drive installation
- CD-ROM for initial installation
- 1 GB hard drive
- 1 GB Compact Flash card
- Serial port for console
Hardware Sizing Guidance
When sizing hardware to put pfSense software on, two main factors need to be considered.
- Throughput required
- Utilized pfSense software features
The following guidelines are based on our extensive testing and deployment experience. These guidelines are very conservative for most environments.
Network Card Selection
Selection of network cards (NICs) is often the single most important performance factor in your setup. Inexpensive NICs can saturate your CPU with interrupt handling, causing missed packets and your CPU to be the bottleneck. A quality NIC can substantially increase system throughput. When using pfSense software to protect your wireless network or segment multiple LAN segments, throughput between interfaces becomes more important than throughput to the WAN interface(s).
NICs based on Intel chipsets tend to be the best performing and most reliable when used with pfSense software. By comparison Realtek chipsets perform quite poorly. We therefore strongly recommend purchasing Intel cards, or systems with built-in Intel NICs up to 1Gbps. Above 1Gbps, other factors, and other NIC vendors dominate performance.
The numbers stated in the following sections can be increased slightly for quality NICs, and decreased (possibly substantially) with low quality NICs. All of the following numbers also assume no packages are installed.
- 10-20 Mbps
- We recommend a modern (less than 4 year old) Intel or AMD CPU clocked at at least 500MHz.
- 21-100 Mbps
- We recommend a modern 1.0 GHz Intel or AMD CPU
- 101-500 Mbps
- Server class hardware with PCI-e network adapters, or newer desktop hardware with PCI-e network adapters. No less than a modern Intel or AMD CPU clocked at 2.0 GHz.
- 501+ Mbps
- Server class hardware with PCI-e network adapters. Multiple cores at > 2.0GHz are required.
Remember if you want to use your pfSense installation to protect your wireless network, or segment multiple LAN segments, throughput between interfaces must be taken into account. In environments where extremely high throughput through several interfaces is required, especially with gigabit interfaces, PCI bus speed must be taken into account. When using multiple interfaces in the same system, the bandwidth of the PCI bus can easily become a bottleneck.
Most features do not factor into hardware sizing, although a few will have a significant impact on hardware utilization:
VPN - Heavy use of any of the VPN services included in the pfSense software will increase CPU requirements. Encrypting and decrypting traffic is CPU intensive. The number of connections is much less of a concern than the throughput required. AES-NI acceleration of IPsec significantly reduces CPU requirements on platforms that support it.
Captive Portal - While the primary concern is typically throughput, environments with hundreds of simultaneous captive portal users (of which there are many) will require slightly more CPU power than recommended above.
Large State Tables - State table entries require about 1 KB of RAM each. The default state table size is calculated based on 10% of the available RAM in the firewall. For example, a firewall with 1 GB of RAM will default to 100,000 states which when full would use about 100 MB of RAM. For large environments requiring state tables with several hundred thousand connections, or millions of connections, ensure adequate RAM is available.
Packages - Some of the packages increase RAM requirements significantly. Snort and ntop are two that should not be installed on a system with less than 1GB RAM.
Recommended Hardware Vendors
The following companies sell the hardware the developers use. This means purchasing from these vendors ensures the device is thoroughly tested, and if compatibility problems come up in future releases they will likely get fixed more quickly.
In addition to the benefits of well tested hardware, it is important for our user community to support the companies that keep this project running. Several hardware resellers have made much needed contributions of hardware and money to assist our development efforts, fund specific features, and cover the other expenses of running this project over the past 9 years.
Netgate - Seller of pfSense based firewall systems, primary financial supporter of the pfSense project.
Hacom - Seller of a variety of firewall hardware.
www.OsNet.eu - French Reseller of ALIX boards and high end appliances, documentation and consulting services.
Hardware Compatibility List
pfSense 2.2 is based on FreeBSD 10.1, and shares its hardware compatibility list. The pfSense kernel includes all FreeBSD drivers.
FreeBSD 10.1 Hardware Compatibility List