pfSense® Setup Requirements

Intro:

pfSense® software is the best-in-class Open Source Firewall/Router/VPN platform based on FreeBSD. The best part is that the software is free. Before we get started with the install process, we need to get the right system requirements for Home and Business users.

Hardware Considerations:

pfSense® can be installed on most older PC hardware. The following General Requirements shown below is based on versions 2.x and newer

pfSense® Setup Requirements

General Hardware Requirements

pfSense® supports both 32-bit and 64-bit CPU’s. When choosing the right installation image, always choose 64-bit images if using a 64-bit capable CPU. While pfSense® 32-bit images are supported on 64-bit CPU’s it is not recommended. Eventually, pfSense® will be exclusively available for 64-bit only.
NOTE: You cannot change a currently running pfSense® install from 32-bit over to 64-bit or vice versa. Changing between the image platforms requires a fresh install.

Network Considerations:

Network Considerations

General Throughput Requirements

Network design considerations for a pfSense® install requires a minimum of two network interface cards (NIC). Also, depending on your network utilization requirements, the following throughput scenarios should be considered when selecting the NIC hardware type to achieve your desired bandwidth speeds

When selecting a network card; it’s recommended to use Intel network cards as they perform well and are the most reliable. Since pfSense® versions (currently v2.3.3) are based off of the current FreeBSD branch, you can check this list of supported hardware here FreeBSD 10.3-Release Hardware Compatibility to see if your hardware will work in your pfSense® build.

Feature Considerations:

If using your pfSense® device for such features as a VPN; some considerations should be met with hardware selection.

VPN – Heavy use of any of the VPN services included in the pfSense® software will increase CPU requirements. Encrypting and decrypting traffic is CPU intensive. The number of connections is much less of a concern than the throughput required. A CPU with AES-NI will help acceleration of IPsec/OpenVPN traffic by reducing CPU requirements on platforms that support it.

Captive Portal – While the primary concern is typically throughput, environments with hundreds of simultaneous captive portal users (of which there are many) will require slightly more CPU power than recommended above.

Large State Tables – State table entries require about 1 KB of RAM each. The default state table size is calculated based on 10% of the available RAM in the firewall. For example, a firewall with 1 GB of RAM will default to 100,000 states which when full would use about 100 MB of RAM. For large environments requiring state tables with several hundred thousand connections, or millions of connections, ensure adequate RAM is available.

Packages – Some of the packages increase RAM requirements significantly. Snort and ntop are two that should not be installed on a system with less than 1GB RAM.

The next article Software Installation will show how to configure pfSense®