We Give You Flexibility To Choose Your Hardware

pfSense® software has the flexibility to be installed on a wide range of hardware, but it is currently supported only on the x86 architecture. The types of devices supported range from embedded devices to rack mounted servers.

Since network environments differ dramatically, determining the exact hardware sizing for your pfSense deployment can be difficult, but the following will provide some base guidelines on choosing which hardware is sufficient for your installation.

Official Product Comparison

By purchasing from Netgate® or a Netgate Partner, you are not only supporting the project, you are simplifying the process of selecting the right hardware for your needs. The hardware appliances in the pfSense Store have been tested and deployed in a wide range of large and small network environments. What's more, eligble hardware purchases from the store come bundled with one year of support for the pfSense software.

Best Used For Processor RAM Storage Options Ports Power
Netgate SG-1000 pfSense Security Gateway Appliance
SG-1000
SOHO Network
Remote Worker
TI AM3352 ARM
600 MHz
512MB DDR3 4GB eMMC Flash 2x 1GbE 2.5W (idle) More Details
Netgate SG-2220 pfSense Security Gateway Appliance
SG-2220
SOHO Network
Remote Worker
Intel Atom®
1.7 GHz 2-Core
2GB DDR3L 4GB eMMC Flash 2x Intel 1GbE 6W (idle) More Details
Netgate SG-2440pfSense Security Gateway Appliance
SG-2440
Small Business
SMB Network
Gigabit Speeds
Intel Atom®
1.7 GHz 2-Core
4GB DDR3L 8GB eMMC Flash
30GB mSATA SSD
128GB mSATA SSD
4x Intel 1GbE 7W (idle) More Details
Netgate SG-4860 pfSense Security Gateway Appliance
SG-4860
Medium Business
SMB Network
Gigabit Speeds
Intel Atom®
2.4 GHz 4-Core
8GB DDR3L 32GB eMMC Flash
128GB mSATA SSD
6x Intel 1GbE 7W (idle) More Details
Netgate SG-8860 1U pfSense Security Gateway Appliance
SG-8860 1U
Medium Business
SMB Network
Gigabit Speeds
Intel Atom®
2.4 GHz 8-Core
8GB DDR3L 64GB eMMC Flash
128GB mSATA SSD
6x Intel 1GbE 9W (idle) More Details
Netgate XG-2758 pfSense Security Gateway Appliance
XG-2758
Medium Business
Large Business
Branch Offices
Intel Atom®
2.4 GHz 8-Core
16GB ECC 120GB SSD 2x 10GbE SFP+
3x Intel 1GbE
1x Intel 1GbE RJ-45/SFP
20W (idle) More Details
Netgate XG-1541 pfSense Security Gateway Appliance
XG-1541
Medium Business
Large Business
Branch Offices
Intel Xeon®
2.1 GHz 8-Core
16GB DDR4 120GB SSD 2x Intel 10GbE
2x Intel 1GbE
20W (idle) More Details
pfSense Virtual Cloud Firewall Appliance
Cloud
Medium Business
Large Business
Growing Network
Virtualized Virtualized Virtualized Virtualized Amazon AWS
Microsoft Azure

Direct Access to the pfSense Team

Commercial Support Available

Get Support

Hardware Requirements and Guidance

The following outlines the minimum hardware requirements for pfSense 2.x. Note the minimum requirements are not suitable for all environments. You may be able to get by with less than the minimum, but with less memory you may start swapping to disk, which will dramatically slow down your system.

General Requirements:
Minimum
  • CPU - 500 Mhz
  • RAM - 256 MB
Recommended
  • CPU - 1 Ghz
  • RAM - 1 GB
Requirements Specific to Individual Platforms:
Full Install
  • CD-ROM or USB for initial installation
  • 1 GB hard drive
Embedded
  • 1 GB Compact Flash card
  • Serial port for console

Network Card Selection

Selection of network cards (NICs) is often the single most important performance factor in your setup. Inexpensive NICs can saturate your CPU with interrupt handling, causing missed packets and your CPU to be the bottleneck. A quality NIC can substantially increase system throughput. When using pfSense software to protect your wireless network or segment multiple LAN segments, throughput between interfaces becomes more important than throughput to the WAN interface(s).

NICs based on Intel chipsets tend to be the best performing and most reliable when used with pfSense software. We therefore strongly recommend purchasing Intel cards, or systems with built-in Intel NICs up to 1Gbps. Above 1Gbps, other factors, and other NIC vendors dominate performance.

CPU Selection

The numbers stated in the following sections can be increased slightly for quality NICs, and decreased (possibly substantially) with low quality NICs. All of the following numbers also assume no packages are installed.

10-20 Mbps We recommend a modern (less than 4 year old) Intel or AMD CPU clocked at at least 500MHz.
21-100 Mbps We recommend a modern 1.0 GHz Intel or AMD CPU.
101-500 Mbps No less than a modern Intel or AMD CPU clocked at 2.0 GHz. Server class hardware with PCI-e network adapters, or newer desktop hardware with PCI-e network adapters.
501+ Mbps Multiple cores at > 2.0GHz are required. Server class hardware with PCI-e network adapters.

Remember if you want to use your pfSense installation to protect your wireless network, or segment multiple LAN segments, throughput between interfaces must be taken into account. In environments where extremely high throughput through several interfaces is required, especially with gigabit interfaces, PCI bus speed must be taken into account. When using multiple interfaces in the same system, the bandwidth of the PCI bus can easily become a bottleneck.

Feature Considerations

Most features do not factor into hardware sizing, although a few will have a significant impact on hardware utilization:

VPN - Heavy use of any of the VPN services included in the pfSense software will increase CPU requirements. Encrypting and decrypting traffic is CPU intensive. The number of connections is much less of a concern than the throughput required. AES-NI acceleration of IPsec significantly reduces CPU requirements on platforms that support it.

Captive Portal - While the primary concern is typically throughput, environments with hundreds of simultaneous captive portal users (of which there are many) will require slightly more CPU power than recommended above.

Large State Tables - State table entries require about 1 KB of RAM each. The default state table size is calculated based on 10% of the available RAM in the firewall. For example, a firewall with 1 GB of RAM will default to 100,000 states which when full would use about 100 MB of RAM. For large environments requiring state tables with several hundred thousand connections, or millions of connections, ensure adequate RAM is available.

Packages - Some of the packages increase RAM requirements significantly. Snort and ntop are two that should not be installed on a system with less than 1GB RAM.

Hardware Compatibility List

As pfSense is based on FreeBSD, its hardware compatibility list is the same as FreeBSD's. The pfSense kernel includes all FreeBSD drivers.

pfSense 2.3 (FreeBSD 10.3)