Update In our pfSense 2.5.0 Development Snapshots Now Available blog posted March 18, 2019, we announced that AES-NI is no longer a requirement for pfSense 2.5.0. Please review that blog for more information. As always, we appreciate all of the feedback and community interest this topic has generated. Thank you for your continued support of the pfSense project. We’re starting the process toward pfSense® software release 2.3.4. pfSense software release 2.4 is close as well, and will bring a number of improvements: UEFI, translations to at least five lanuguages, ZFS, FreeBSD 11 base, new login page, OpenVPN 2.4 and more. pfSense version 2.4 requires a 64-bit Intel or AMD CPU, and nanobsd images are no longer a part of pfSense as of version 2.4. pfSense version 2.5 will be based on FreeBSD 12, which should bring route-based IPsec, along with support for our integrated management platform, NRDM (more about this soon), and a number of other features. With the increasing ubiquity of computing devices permeating all areas of our lives at work and at home, the need for encryption has become more important than ever. Desktops, laptops, smart phones, tablets, and many other devices all share this need to be able to encrypt sensitive information. Without encryption, everything you send over a network (or even store on a local storage device) is in the open, for anyone to read anytime he wants to read or even change it. While we’re not revealing the extent of our plans, we do want to give early notice that, in order to support the increased cryptographic loads that we see as part of pfSense verison 2.5, pfSense Community Edition version 2.5 will include a requirement that the CPU supports AES-NI. On ARM-based systems, the additional load from AES operations will be offloaded to on-die cryptographic accelerators, such as the one found on our SG-1000. ARM v8 CPUs include instructions like AES-NI that can be used to increase performance of the AES algorithm on these platforms. The AES-NI instruction set extensions are used to optimize encryption and decryption algorithms on select Intel and AMD processors. Intel announced AES-NI in 2008 and released supported CPUs late 2010 with the Westmere architecture. AMD announced and shipped AES-NI support in 2010, starting with Bulldozer. Please remember these requirements when you are considering components for your pfSense system. Thank you for being part of the community and making pfSense great! This post has been updated.
FAQs
What is the best CPU for pfSense? ›
We recommend a modern 1.0 GHz Intel or AMD CPU. No less than a modern Intel or AMD CPU clocked at 2.0 GHz. Server class hardware with PCI-e network adapters, or newer desktop hardware with PCI-e network adapters. Multiple cores at > 2.0GHz are required.
What are the minimum requirements for pfSense? ›The official pfSense® software minimal requirements are as follows: A 64-bit amd64 (x86-64) compatible CPU. 512 MB of RAM. 8 GB of free Hard Disk Space.
What is the maximum throughput of pfSense? ›Routing throughput: 1Gbit on pfSense using multiple connections. 550Mbit/s using single connection. VPN: ~100Mbit over OpenVPN, ~500Mbit over WireGuard.
What are the hardware requirements for pfSense gigabit? ›1GB or more RAM. 8 GB or larger disk drive (SSD, HDD, etc) One or more compatible network interface cards. Bootable USB drive or high capacity optical drive (DVD or BD) for initial installation.
Is there anything better than pfSense? ›OPNsense OPNsense is the best open-source and free firewall alternative to pfSense Software. OPNsense is a user-friendly, open-source, FreeBSD firewall and router. Most of the same capabilities are available in this fork of pfSense Software.
Can pfSense handle 10gb? ›It's possible to pass 10Gbps through a pfSense VM but you need a pretty powerful hypervisor to do it. I think I've only seen it done on ESXi with vmx NICs too. With everyone else on the planet as well.
How many NICS does pfSense need? ›PfSense is a firewall, if you put your router in bridged mode, Pfsense becomes your router and takes on the public IP, but you would need two NIC.
What are the disadvantages of pfSense? ›Additionally, while PfSense offers a wide range of features, some users may find the interface to be overwhelming or confusing. Finally, because PfSense is a powerful tool, it requires more hardware resources than some of the other options available, making it less ideal for smaller networks.
What are the disadvantages of pfSense firewall? ›Limited API and scripting capabilities: Some reviewers have highlighted the lack of an API for making changes in pfSense. This limitation can be a hindrance in environments where frequent updates to firewall rules or HAProxy configs are required.
Does pfSense benefit from more RAM? ›Not much, ram is generally required depending on the size of the firewalls state table. 2-4GB is generally overkill for most people, I wouldn't expect more to be utilised unless you are planning on some serious throughput for the pfSense box. For home use, 2-4GB is more than enough.
Why is pfSense better than router? ›
Security features
pfSense comes with built-in intrusion detection and prevention (IDS/IPS) feature support for tools like Snort, and no additional services are required for most applications. Netgear router software does not have these features built in by default.
For a network firewall, any new Intel dual-core hardware (Core i3) will do, even at 6x 1 Gbit/s. For an application firewall, I'd recommend a quad core (Core i5). 4 GB RAM will be enough for both uses. Disk storage doesn't matter, but you need at least 5 GB.
Is 2GB RAM enough for pfSense? ›Total transmitted data, 221 GB up/down. System stats are the exact same, cpu, memory and storage usage have not changed. The system temp is still the same, even down to the tenth of a degree. Memory usage didn't change, meaning 2GB is plenty for starting out.
Is OpenWrt better than pfSense? ›Features: Both OpenWrt and pfSense include a range of networking and security features, but pfSense is generally considered to be more comprehensive and feature-rich, with a focus on providing advanced firewall and routing capabilities.
What is the LAN IP range for pfSense? ›By default, the LAN IP address of a new installation of pfSense software is 192.168. 1.1 with a /24 mask ( 255.255. 255.0 ), and there is also a DHCP server running. If a client computer is set to use DHCP, it should obtain an address in the LAN subnet automatically.
What is the fastest open source CPU? ›Pingtouge Semiconductor - an Alibaba subsidiary - announced its Xuantie 91 processor last month. It's equipped to manage infrastructure for AI, the IoT, 5G, and autonomous vehicles, among other projects. It boasts a a 7.1 Coremark/MHz, making it the fastest open source CPU on the market.
Is Raspberry Pi good for pfSense? ›Is it possible? No, pfSense does not run on any Raspberry Pi model and has poor WiFi support in general. You could run OpenWRT to turn an rPi 4 into an AP, but it won't perform nearly as well as a purpose built one of similar specs. WiFi client devices generally don't perform well when used as APs.
Can pfSense run on one core? ›pfSense is not single threaded. pf is no longer single threaded so there are certainly advantages to use multiple CPU cores.