Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - jwt

Pages: [1] 2 3
General Questions / MOVED: how to block a top level domain pfsense
« on: June 19, 2017, 06:00:07 pm »
This topic has been moved to [pfBlockerNG] at the request of BBCan177.

Hardware / pfSense on a 2 NIC NUC
« on: February 05, 2017, 01:25:40 am »
I recently noticed that someone is building an Ethernet adapter for an i5 NUC.

GORITE is an "Intel Innovation Partner" who mostly carries alternative lids and cables for several Intel NUCs.

Among their products is a NGFF (M.2) Ethernet card and associated cable that will fit a "Maple Canyon" NUC.

At Netgate, we test things so you don't have to. Normally, I run a SG-4860 at home, but since I wanted to see if a dual Ethernet NUC was viable, I ordered an i5 "Maple Canyon" NUC (NUC5i5MYHE), 16GB RAM, a 256GB SSD and the GORITE Ethernet card. While this makes for a "too large" pfSense install, in a later post, I'll be moving to pfSense running under bhyve with PCI-passthru.

This is the NUC you want. There is an i3 model which runs an i3-5010U, but 'Why?' The i5 version of the Maple Canyon NUC uses an i5-5300U. Both the i3 and i5 used here are 5th generation 'Core' 2C/4T CPUs, and support VT-x, VT-d, and AVX 2.0.

VT-d will be important later, when I move the whole setup to bhyve with PCI passthrough. AVX 2.0 will be important when I eventually bring IPS mode Suricata to bear, with Hyperscan support.

Here is a shot of the Ethernet card and RAM installed

The SSD just slides in, it's tool-less. Make sure you get it all the way in.

When everything is installed, the second Ethernet is nice and sanitary.

pfSense software version 2.4 goes right on this system. Our UEFI support in 2.4.0 is identical to that found in FreeBSD 11.0. Since I have 16GB RAM and a 256GB SSD, I installed to ZFS. As you can see in this screenshot, the second card is a Realtek 8168/8111. That's a bit of a bummer, as it will limit my performance at home to around 600Mbps, and I have a 1Gbps/1Gbps link.

Pages: [1] 2 3