How Much RAM Does Pfsense Need?
Pfsense is a free, open source firewall software which can be installed on most PCs that have at least one Ethernet port with the capability to boot from a LiveCD or USB. Even though it’s available for x86 chips, Pfsense also runs very well in virtual machines such as VMWare and Virtualbox. Chances are that if you’re reading this article then you either already know how good Pfsense is and want to expand your knowledge, or you’re starting out and want to know what sort of hardware you should choose when building a machine dedicated to running Pfsense.
RAM needed for Pfsense
Since Pfsense is a firewall that acts as an intermediary between your machine and the internet, you’re going to need much more RAM than just 1, 2 or 4 GB. At least 8GB of memory should be enough for small networks but I recommend 16GB if you want to run additional services such as Squid, Snort IDS/IPS and other packages which require more out of your hardware. Also let’s not forget that in virtual machines services such as pfSense will use the host’s CPU and memory so in this case it’s best to opt for at least 16GB of RAM from the start even if you’re fully aware that currently you don’t run anything too demanding on your network.
Picking The Right Hardware
If you choose to build your own Pfsense machine then you have a lot of different hardware options but I will focus on the two most common ones which are Intel and AMD. When it comes to Intel chips I recommend using at least an i3 or better yet an i5 since they outperform AMD in almost all cases. The same applies for Intel vs AMD GPUs, if that’s important for you then go with at least a mid-range nVidia card like the GTX660. Another thing worth mentioning is that the new Haswell chips (4th generation) are somewhat limited when it comes to overclocking so if you want to squeeze even more performance out of them then opting for one of the older Ivy Bridge (3rd gen) chips would be better.
The Best Hardware for Pfsense
If you’re planning to run virtual machines then you should go with an Intel Xeon chip. They are pretty expensive even in the used market but they’re worth every penny. If cost is not an issue then Haswell (4th generation) or Ivy Bridge (3rd gen) chips will do just fine and overclocking them won’t be much of a problem either. I would also recommend getting 64-bit CPUs since they can address more than 4GB RAM unlike their 32-bit counterparts.
Another option is opting for an AMD Fusion APU which combines both CPU and GPU into one piece of silicon, however I doubt that you’ll want to use these chips in VMs so keep them on the physical host unless you want to run virtual machines with GPU pass-through which is pretty much pointless.
Pfsense can be installed on any hardware that has an x86 chipset but I wouldn’t recommend installing it on anything less than a decent server board. So if you’re not planning to build your own machine then go with something like the Supermicro X9SCM-F or Intel S1200V3RPL motherboards since they are compatible with Haswell chips, have 6 SATA ports and are also available in Mini ITX form factor so they will fit into compact cases. The X9SCM-F is considered to be one of the best mATX boards for Pfsense while the S1200V3RPL is a micro ATX board. To ensure compatibility with the latest BIOS versions go for one that uses UEFI instead of legacy boot mode. You can also use compact ITX boards but they are somewhat limited when it comes to expansion so if you have multiple NICs or even more than 3 hard drives I would recommend going with mATX/ATX boards since they have much better upgrade options. Motherboards are sort of tricky because some are better suited for overclocking while others support ECC RAM so make sure to pick the right kind while keeping in mind that most setups will work just fine without any extra tweaking.
Pfsense Hardware Requirements
The minimum requirements to install Pfsense on your machine are as follows:
· 64-bit CPU with AES-NI support
· 4GB RAM
These requirements are more than enough for home or even small office networks so don’t let anyone fool you, its true 32-bit CPUs lack the necessary features needed to run a secure network but they will suffice for almost all smaller setups. If you’re running anything from 50 users and up then I would recommend going with a Xeon chip because of their increased performance and ECC RAM since it’s vital for any business grade networking setup. Also bear in mind that some chipsets support VT-d/IOMMU which can be used to pass through graphics cards into machines for desktop virtualization use cases.
Pfsense is the best FreeBSD based firewall and router that money can buy, even in 2016. It has all of the bells and whistles that anyone would ever need when it comes to network security and routing.
While most firewalls limit you with just a handful of hard-wired connections and configurations, Pfsense will let you connect pretty much anything you want while still providing all the necessary features needed to run a stable enterprise grade network at home or in your office. It’s not cheap so don’t go buying one if you’re on a budget, try using OpenWRT/LEDE instead but if you have some cash lying around then I can assure you that it will be well spent since Pfsense will pay itself off within no time.