The Right Appliance To Protect Your Network

pfSense® software has the flexibility to be installed on a wide range of hardware, but it is currently supported only on the x86 and x86-64 architecture. The types of devices supported range from embedded devices to rack mounted servers.

Since network environments differ dramatically, determining the exact hardware sizing for your pfSense deployment can be difficult, but the following will provide some base guidelines on choosing which hardware is sufficient for your installation.

Official Product Comparison

By purchasing from The pfSense Store or a pfSense Partner, you are not only supporting the project, you are simplifying the process of selecting the right hardware for your needs. The hardware appliances in the pfSense Store have been tested and deployed in a wide range of large and small network environments. What's more, eligible hardware purchases from the store come bundled with one year of support for the pfSense software.

SG-2220 SG-2440 SG-4860 XG-2758 Cloud
SG-2220 pfSense Desktop Network Firewall Hardware Appliance SG-2440 pfSense Desktop Network Firewall Hardware Appliance SG-4860 pfSense Desktop Network Firewall Hardware Appliance XG-2758 pfSense 1U Rack Mount Network Firewall Hardware Appliance pfSense Virtual Cloud Firewall Appliance
Best Used For SOHO Network
Remote Worker
Small Business
SMB Network
Gigabit Throughput
Medium Business
SMB Network
Gigabit Throughput
Medium Business
Large Business
Branch Offices
Medium Business
Large Business
Expanding Network
CPU Speed 1.7 GHz 1.7 GHz 2.4 GHz 2.4 GHz Virtualized
CPU Cores 2 2 4 8 Virtualized
Memory 2GB DDR3L 4GB DDR3L 8GB DDR3L 16GB ECC Virtualized
Max Active Connections -- 3,900,000 8,000,000 16,000,000 Virtualized
Network Interfaces 2x Intel 1GbE 4x Intel 1GbE 6x Intel 1GbE 2x 10GbE SFP+
3x Intel 1GbE
1x Intel 1GbE RJ-45/SFP
Virtualized
Network Expansion
Cooling Passive Passive Passive Active
Storage Options 4GB eMMC Flash 4GB eMMC Flash
30GB mSATA SSD
128GB mSATA SSD
8GB eMMC Flash
30GB mSATA SSD
128GB mSATA SSD
120GB SSD Virtualized
Power Consumption 6W (idle) 7W (idle) 7W (idle) 20W (idle) Virtualized
Bundled Support 2 Incidents (1 year) 2 Incidents (1 year) 2 Incidents (1 year) 2 Incidents (1 year) Separate
More Details More Details More Details More Details More Details

Direct Access to the pfSense Team

Commercial Support Available

Get Support

Appliance Guidance

The following outlines the best practices for choosing the appliance best suitable for your environment.

Feature Considerations

Most features do not factor into hardware sizing, although a few will have a significant impact on hardware utilization:

VPN - Heavy use of any of the VPN services included in the pfSense software will increase CPU requirements. Encrypting and decrypting traffic is CPU intensive. The number of connections is much less of a concern than the throughput required. AES-NI acceleration of IPsec significantly reduces CPU requirements on platforms that support it.

Captive Portal - While the primary concern is typically throughput, environments with hundreds of simultaneous captive portal users (of which there are many) will require slightly more CPU power than recommended above.

Large State Tables - State table entries require about 1 KB of RAM each. The default state table size is calculated based on 10% of the available RAM in the firewall. For example, a firewall with 1 GB of RAM will default to 100,000 states which when full would use about 100 MB of RAM. For large environments requiring state tables with several hundred thousand connections, or millions of connections, ensure adequate RAM is available.

Packages - Some of the packages increase RAM requirements significantly. Snort and ntop are two that should not be installed on a system with less than 1GB RAM.