The Right Appliance To Protect Your Network
By purchasing Netgate® hardware from us or through a Netgate Partner, you are not only supporting the project, you are simplifying the process of selecting the right hardware for your needs.
Netgate security gateway appliances have been tested and deployed in a wide range of large and small network environments. What's more, eligible pfSense® Plus hardware purchases from the store can be bundled with Netgate Global Support.
Netgate pfSense Security Gateway Appliances
| Best Used For | Processor | RAM | Storage Options | Ports | Power | ||
|---|---|---|---|---|---|---|---|
 Cloud | Medium Business Large Business Growing Network | Virtualized | Virtualized | Virtualized | Virtualized | Amazon AWS Microsoft Azure | |
 Netgate 1100 | Small Office Branch Office | ARM Cortex A53 1.2 GHz 2-Core | 1 GB DDR4 | 8 GB eMMC Flash | 3x 1GbE | 3.48W (idle) | More Details |
 Netgate 2100 | Small Office Branch Office Remote Worker | ARM Cortex A53 1.2 GHz 2-Core | 4 GB DDR4 | 8 GB eMMC Flash | 4x 1 GbE | 4W (idle) | More Details |
 Netgate 4200 | Home Pro Branch/Small Business Medium Business | Intel® Atom® C1110 with AVX2 4-core @ 2.1 GHz | 4 GB LPDDR5 | 16 GB eMMC Flash | 4x Intel 2.5 GbE i226 "direct" (unswitched) | 13W (idle) | More Details |
 Netgate 6100 | Small Office Branch Office Medium Business | Intel Atom C3558 2.2 GHz 4-Core | 8 GB DDR4 | 16 GB eMMC Flash | 2x 1GbE Combo (RJ-45/SFP) 2x 10GbE SFP+ 4x 2.5GbE Intel i225 | 20W (idle) | More Details |
 Netgate 8200 1U | Medium Business Large Business Enterprise MSPs Gigabit. 2.5 Gigabit, and 10 Gigabit Speeds | Intel Atom 2.4 GHz 8-Core | 16 GB DDR4 | 128 GB NVMe (B+M Keyed) | 2x Intel 10 GbE SFP+ 2x Intel 1 GbE Combo RJ-45/SFP 4x Intel 2.5 GbE i226 Discrete (unswitched) | 20W (idle) | More Details |
 Netgate 8300 | Medium Business Large Business MSPs xSPs | Intel® Xeon® D-1733NT 2.0 GHz 8-core | 16 GB DDR4 | 512 GB NVMe 2280 M-Key M.2 SSD | 4X 10GbE SFP+ cage ports 4X 1GbE SFP cage ports 3x Intel 2.5 GbE i226 Discrete (unswitched) | 20W (idle) | More Details |
 Netgate 1537 1U | Medium Business Large Business Branch Offices | Intel Xeon® 1.7 GHz 8-Core | 8 GB DDR4 | 500 GB M.2 SSD | 2x Intel 10Gb SFP+ 2x Intel 1GbE RJ-45 | 20W (idle) | More Details |
 Netgate 1541 1U | Medium Business Large Business Branch Offices | Intel Xeon® 2.1 GHz 8-Core | 16 GB DDR4 | 500 GB M.2 SSD | 2x Intel 10GbE 2x Intel 1GbE | 20W (idle) | More Details |
pfSense Plus Appliance Guidance
The following outlines the best practices for choosing the appliance best suitable for your environment.
Feature Considerations
Most features do not factor into hardware sizing, although a few will have a significant impact on hardware utilization:
VPN - Heavy use of any of the VPN services included in the pfSense software will increase CPU requirements. Encrypting and decrypting traffic is CPU intensive. The number of connections is much less of a concern than the throughput required. AES-NI acceleration of IPsec significantly reduces CPU requirements on platforms that support it.
Captive Portal - While the primary concern is typically throughput, environments with hundreds of simultaneous captive portal users (of which there are many) will require slightly more CPU power than recommended above.
Large State Tables - State table entries require about 1 KB of RAM each. The default state table size is calculated based on 10% of the available RAM in the firewall. For example, a firewall with 1 GB of RAM will default to 100,000 states which when full would use about 100 MB of RAM. For large environments requiring state tables with several hundred thousand connections, or millions of connections, ensure adequate RAM is available.
Packages - Some of the packages increase RAM requirements significantly. Snort and ntop are two that should not be installed on a system with less than 1GB RAM.
pfSense Hardware Requirements and Guidance
The following outlines the minimum hardware requirements for pfSense software version 2.x. Note the minimum requirements are not suitable for all environments. You may be able to get by with less than the minimum, but with less memory you may start swapping to disk, which will dramatically slow down your system.
| General Requirements: | |
| Minimum |
|
| Recommended |
|
| Requirements Specific to Individual Platforms: | |
| Full Install |
|
Network Card Selection
Selection of network cards (NICs) is often the single most important performance factor in your setup. Inexpensive NICs can saturate your CPU with interrupt handling, causing missed packets and your CPU to be the bottleneck. A quality NIC can substantially increase system throughput. When using pfSense software to protect your wireless network or segment multiple LAN segments, throughput between interfaces becomes more important than throughput to the WAN interface(s).
NICs based on Intel chipsets tend to be the best performing and most reliable when used with pfSense software. We therefore strongly recommend purchasing Intel cards, or systems with built-in Intel NICs up to 1Gbps. Above 1Gbps, other factors, and other NIC vendors dominate performance.
CPU Selection
The numbers stated in the following sections can be increased slightly for quality NICs, and decreased (possibly substantially) with low quality NICs. All of the following numbers also assume no packages are installed.
| 10-20 Mbps | We recommend a modern (less than 4 year old) Intel or AMD CPU clocked 500MHz or greater. |
| 21-100 Mbps | We recommend a modern 1.0 GHz Intel or AMD CPU. |
| 101-500 Mbps | No less than a modern Intel or AMD CPU clocked at 2.0 GHz. Server class hardware with PCI-e network adapters, or newer desktop hardware with PCI-e network adapters. |
| 501+ Mbps | Multiple cores at > 2.0GHz are required. Server class hardware with PCI-e network adapters. |
Remember if you want to use your pfSense installation to protect your wireless network, or segment multiple LAN segments, throughput between interfaces must be taken into account. In environments where extremely high throughput through several interfaces is required, especially with gigabit interfaces, PCI bus speed must be taken into account. When using multiple interfaces in the same system, the bandwidth of the PCI bus can easily become a bottleneck.
Hardware Compatibility List
As pfSense is based on FreeBSD, its hardware compatibility list is the same as FreeBSD's. The pfSense kernel includes all FreeBSD drivers.
pfSense 2.7.x (FreeBSD 14)