I had a few demands for the new hardware to run pfSense on:
After spending quite some time browsing forums to find out on what hardware
others have their pfSense running on, I had put my hardware list together
(prices were valid at the time of purchase, March 2011, and may have
For about 350 euro all together I would have a state of the art, high
performing, though low power consuming router.
Once I got the parts in, I started assembling it all, which was a very easy
job. The motherboard is of mini-ITX size, so it fitted well in the small 19 inch
1U rackmount case I ordered. At first I used an USB disk in it, since the SSD
had delivery problems. The parts mounted together look like:
you can see, the board has a handy USB connector on the board itself so you can
easily hook up an USB disk and put it inside the casing.
One noticeable thing was that the power connector from the power supply in
the case missed 4 pins:
while being the recommended case for this board by SuperMicro themselves. So I
contacted SuperMicro and asked them why a recommended casing could miss the 4
pins. They mentioned that these were not required for this board to operate
correctly, so I connected the board and powered it up. After using it for almost
a year now, indeed, it works fine without the four pins being connected to a
power supply, so no worries there.
Once I got the SSD in, I replaced the USB disk with the SSD and put it in its
SuperMicro 2,5 bracket:
After installing pfSense 2.1 on it and configuring the server, it was up and
running in no-time. This board has two gigabit network interfaces. I used one to
connect to my internet modem and the other to connect to my LAN. I'm using
VLANing in pfSense and on my network switches to separate network traffic over
the 1 LAN network interface on the server. Works like a charm. It for example
allows me to separate wireless traffic from cabled traffic. Even if someone
would break into my wireless network, pfSense would only admit very limited
traffic from it towards the internet and not to my local network. Perfect.
One of my demands was that it would be low in power consumption since it will
be running 24/7. I measured the power usage using Plugwise over a period of a
you can see, the usage is steady and at about 0,64 kWh per day which translates
into a continous power usage of about 27 watts when using the USB disk and 26
watts when using the SSD disk (november/december period). Assuming electricy
prices of 0,2218 euro per kWh this translates into 14 eurocents a day, 4,20 euro
per month, 51,10 euro per year on the electricity bill.
The next question of course would be if this server would be powerful enough
to handle data throughput at high rates. Let's first look at its resource usage
when being used with normal traffic at about 1 Mbit/sec down and up at the same
you can see it's eating pretty much nothing of its resources. The CPU usage is
broken in this pfSense version, so I'll add a screenprint of the system activity
you can see the CPU is also not doing much with averages of 0.05 usage.
So we can conclude it's quite an overkill on capacity actually.
Next test would be to pull high volume data through the pfSense server. For
this test I have hooked up one machine to one VLAN and another machine to
another VLAN which both share the same physical network interface on the pfSense
server, but route their between traffic via pfSense and both being connected to
my Linksys SRW2024 gigabit switch. I copied over 200 GB of content and monitored
the pfSense statistics.
The files were being copied at a rate of about 310 megabit per second:
is probably more hitting the limits of my machines on both sides than it is
challenging the pfSense server hardware as its resource usage during this copy
process remained incredibly low:
Since the motherboard is passively cooled, you might wonder what its
temperatures are and if it really doesn't need any fans either on the CPU or in
the case. The answer is: no it doesn't. I'm using my machine in a non
airconditioned environment and temperatures never get up to more than 48 degrees
Celcius. This can easily be seen by utilizing the IPMI sensor functionality on this motherboard:
This board is equipped with built-in KVMoverIP functionality. Really handy to control your firewall
server remotely in case it gets stuck or needs to be rebooted. Check out
this page to see
what you can do with this functionality.
This shows that the hardware is more than capable enough to meet the
requirements I have set. It is low in energy usage and has more than enough
power to handle high volume traffic throughput and is therefore ready for the
future with gigabit connections. Its additional featureset of providing IPMI
sensors and KVM over IP make it a robust and very suitable system for running a
firewall. In the nearly a year I'm using it now, I haven't had any problems with
the hardware, no lockups, no freezes, nothing.