The pfSense firewall is the most used Open Source firewall available today. Part of pfSense’s popularity is the huge fanbase and community around it. A common question we get all the time is, which pfSense hardware should I buy to run my firewall on? In this Ultimate pfSense Hardware Guide for 2022, we cover this very question. We will show you our favorite pfSense Hardware, both third-party as well as official pfSense hardware provided by its developer, Netgate.
To have a quick overview of all the recommended devices, check out the Ceos3c Amazon Store.
Table of Contents
- What Hardware does pfSense run on?
- pfSense Hardware Requirements
- The Best pfSense Hardware in 2022
- Official pfSense Hardware
- Third-Party pfSense Hardware
- HUNSN RJ03
- The Best pfSense Firewalls in 2022
- Conclusion
What Hardware does pfSense run on?
pfSense can be installed on a wide variety of hardware, including x86_64 architectures and ARM processors. pfSense is known for being very lightweight and efficient, so you don’t need the most powerful hardware to run pfSense effectively.
pfSense can also be operated on VirtualBox or VMWare as a fully functional firewall for both corporate and private use.
pfSense Hardware Requirements
When it comes to pfSense hardware requirements, it depends on what your use case is. If you just want to run pfSense in your home network with relatively low traffic, you need much less hardware power than if you run pfSense in a corporate network with hundreds of users and lots of firewall rules and features in place.
The official minimum requirements for pfSense are:
- A 64-bit amd64 (x86-64) compatible CPU.
- 512 MB of RAM.
- 8 GB of free Hard Disk Space.
- At least one compatible network interface (1 interface isn’t very practical).
- A bootable USB Drive with at least 1GB of space for the installation
The bare minimum to run pfSense is 512 MB of RAM. The recommended amount is 1 GB of RAM. We wouldn’t recommend running pfSense on 512 MB RAM in any serious project. There are some other factors you need to take into consideration if you want to utilize all of the features of pfSense:
- The more traffic you have (corporate network, lots of users), the more powerful your CPU should be.
- You should have at LEAST two network interfaces available. More than 2 is recommended. You can get by with two interfaces if you are familiar with VLANs.
- It is recommended that the CPU supports AES-NI. This can help pfSense’s performance tremendously, primarily if you use VPNs.
- 1GB of RAM can run out pretty quickly if you want to use some advanced features that pfSense offers, like IDS (Intrusion Detection Systems) like Snort or Suricata, as well as some advanced features like Squid Proxy and ClamAV. We generally recommend at least 4GB of RAM to have a stable experience for running these services.
- More than 4GB of Hard Drive space can also come in handy if you want to work with large cache files for your DNS server. Hard Drive space is cheap nowadays, don’t save on it.
Network Cards for pfSense
When it comes to pfSense performance, network cards (NICs) also have to be considered when making a choice. Generally speaking, Intel chipsets usually provide the best performance and are the most reliable. Keep these things in mind when making a choice:
- The most critical performance factor when making a choice for pfSense hardware is the network card.
- Inexpensive cards can cause your CPU to be the bottleneck.
- A high-quality NIC from Intel can substantially increase system throughput.
- We recommend purchasing Intel cards or systems with built-in Intel NICs up to 1Gbps.
With all of these things in mind, you should be able to make a good decision depending on your specific needs!
CPU for pfSense
When it comes to CPUs, the choice depends on your desired throughput. As a general guideline, we can say:
Speeds | CPU Recommendations |
---|---|
10 – 20 Mbps | Modern Intel or AMD CPU with 500 MHz or more. |
21 – 100 Mbps | Modern Intel or AMD CPU with 1 GHz or more. |
101 – 500 Mbps | Modern Intel or AMD CPU with 2 GHz or more. Fast PCI-E Network Adapter (Intel preferably). |
More than 500 Mbps | Modern Intel or AMD CPU with multiple cores at 2GHz or more is required. Fast, server-class PCI-e network adapters are required (Intel preferably). |
The Best pfSense Hardware in 2022
There are a ton of choices out there when you start looking for pfSense hardware nowadays. While in the past third-party appliances were the only options, Netgate has since accumulated its very own selection of hardware appliances specifically designed to run pfSense. We have been working together with Netgate in the past, and Stefan, the founder of this blog, is an Officially Certified pfSense Expert who has a lot of hands-on experience with both, Netgate’s appliances as well as third-party hardware.
In this guide, we want to shed some light on some of the common confusions that revolve around which pfSense hardware you should buy for your particular use case. Also, be aware that pfSense runs on almost anything as long as the hardware requirements are met. This can be an old PC, an old router, or even a laptop.
The appliances listed below are not ranked according to how good they are since everyone reading this article has different needs when it comes to choosing pfSense hardware. We do, however, give some recommendations at the end of this article on which appliances we think are best for each major use case.
pfSense Hardware With and Without Monitor Ports
While this might not be obvious at first, it is an important point to consider before deciding which pfSense hardware to opt for. We know from experience that everyone new to firewalls will run into this, mostly resulting in frustration.
If you choose a pfSense model that does not have pfSense pre-installed, you will need to install pfSense from scratch. This also goes for any old PC or laptop, should you opt for installing pfSense on some old hardware that you have lying around.
While we provide in-depth instructions on how to install pfSense on a physical appliance using a USB drive and a serial console cable, we have to say that we do recommend a pfSense box that comes with a VGA, DVI, HDMI, or other display port.
This makes things a LOT easier when it comes to installing pfSense since you can plug in a mouse and keyboard and attach a monitor directly to your pfSense appliance when installing it. Again, if pfSense comes pre-installed on the appliance you choose, this will not be an issue. It could only become a topic later on when something isn’t working, and you want to do some troubleshooting. Therefore, we recommend a device with a monitor port over one without.
There is also a third option, which is an appliance with an extra console port, like the Netgate 2100. Those appliances usually come with a fitting console cable that you can use to connect to your firewall from your computer or laptop. This is also a good option to go for should you not be able to find a fitting appliance with a monitor port.
Official pfSense Hardware
Below, you’ll find a selection of official pfSense hardware made by Netgate.
Netgate 1100
- Used For: Home / Small Business
- Processor: ARM Cortex A53 1.2 GHz 2-Core
- AES-NI: ✅
- RAM: 1GB DDR4
- Storage: 8GB eMMC Flash
- Ports: 3x 1GbE, 1 USB 3.0, 1 USB 2.0, 1 Micro USB (console)
- pfSense Pre-Installed: ✅
- Cooling: Passive
- Performance
- Router: 927 Mbps
- Firewall: 607 Mbps
- IPsec VPN: 247 Mbps
- Power: 3.48W idle
- Buy From: Netgate, Volatech, Amazon
The Netgate 1100 is a powerful little firewall ideal for use at home or in a small business. We have been working with it in both use cases, and we even operated an office with more than 20 people using this firewall without any issues.
It is also in the same price range as other, similarly specced third party options and therefore is a great choice if you want to go with something officially supported.
Netgate 2100
- Used For: Home / Small Business
- Processor: ARM Cortex A53 1.2 GHz 2-Core
- AES-NI: ✅
- RAM: 4GB DDR4
- Storage: 8GB eMMC Flash (Base), 32 GB M.2 SATA(Extended)
- Ports: 4x 1GbE (LAN), 1x 1GbE (WAN), 1 USB 2.0, 1 Mini USB (console)
- pfSense Pre-Installed: ✅
- Cooling: Passive
- Performance
- Router: 2.20 Gbps
- Firewall: 964 Mbps
- IPsec VPN: 254 Mbps
- Power: 4W idle
- Buy From: Netgate, Volatech, Amazon
The Netgate 2100 is the next option after the Netgate 1100 if you need some more performance. We have the Netgate 2100 in use in our offices, and we are very satisfied with how well it performs. It lives up to its promises when it comes to speed and has been a reliable firewall for the past few years for us.
This firewall is capable of handling a lot of users and, thanks to its four 1 GbE interfaces, offers a lot of versatility and room for extending your network later on. In our opinion, this is the ideal solution for small businesses that anticipate rapid growth.
⚠️ If you would like to learn more about pfSense, I highly recommend you check out my pfSense Fundamentals Bootcamp over at Udemy. This is the most up-to-date as well as the highest-rated pfSense course on Udemy.
Third-Party pfSense Hardware
Third-party pfSense hardware definitely has its legitimate place. We have been using a third-party pfSense appliance (NRG Systems APU.1D4) in our headquarters for the first couple of years, and we have never had a single issue with it. In fact, it is still in use in one of our remote offices today and still keeps going strong.
That being said, we can’t recommend you buy official Netgate hardware over third-party hardware or vice versa. It is completely up to personal preference. If you want to have peace of mind and possible support options, you should go for Netgate. If you like to tinker around and trust in your technical ability, by all means, try a third-party pfSense appliance. Below, you’ll find a selection of third-party pfSense hardware that we had good experiences with in the past.
MOGINSOK MGSRCJ4
- Used For: Home / Small Business / Medium-Sized Business
- Processor: Intel Celeron J4125 2.7 GHz 4-Core
- AES-NI: ✅
- RAM: 4GB DDR4 or 8GB DDR4 (Max 16GB)
- Storage: No Storage or 64GB SSD or 128GB SSD
- Ports: 4x Intel l225-V 2.5GbE, 2x USB 3.0, 1x HDMI, 1x VGA
- pfSense Pre-Installed: ✅
- Cooling: Passive
- Buy From: Amazon, Newegg
This appliance from MOGINSOK is a good 4-Port pfSense appliance with solid performance thanks to its Intel NICs. We have tested this device extensively, both for gaming and streaming 4K video. We haven’t experienced any latency, and the performance was good throughout. Due to its specifications, this appliance is suitable for home networks as well as small to medium-sized businesses.
Due to its wide variety of connections (VGA and HDMI ports + 2 USB 3.0 ports), it is also a great choice for pfSense newcomers.
HUNSN RS34g
- Used For: Home / Small Business / Medium-Sized Business
- Processor: Intel Celeron J4125 2.7 GHz 4-Core
- AES-NI: ✅
- RAM: Options from 4GB to 16GB (Or Barebone)
- Storage: Options from 32GB SSD to 512GB SSD (Or Barebone)
- Ports: 4x Intel l225-V 2.5GbE, 2x USB 3.0, 1x HDMI, 1x VGA
- pfSense Pre-Installed: ❌
- Cooling: Passive
- Buy From: Amazon, eBay
The HUNSN RS34g is the direct competitor of the MOGINSOK MGSRCJ4. It comes with the exact same specifications but a lower price point. This might be the best budget option out there if you need to have 4 NICs available for your firewall.
The performance is exactly the same as the MOGINSOK MGSRCJ4. The only difference we could find here is the casing. The MOGINSOK looks a bit more efficient when it comes to passive cooling lines, although we do not have any data to back this up. No matter which one of the two you choose, you should experience the same quality and performance.
HUNSN RJ03
- Used For: Small Business / Medium-Sized Business
- Processor: Intel Celeron N5105 2.9 GHz 4-Core
- AES-NI: ✅
- RAM: Options from 4GB to 16GB (Or Barebone)
- Storage: Options from 32GB SSD to 512GB SSD (Or Barebone)
- Ports: 4x Intel l225-V 2.5GbE, 2x USB 3.0, 1x HDMI, 1x DP, 1x USB-C, 1x TF
- pfSense Pre-Installed: ❌
- Cooling: Passive
- Buy From: Amazon, eBay
The HUNSN RJ03 is the next largest option after the HUNSN RS34g, which makes it ideal for small to medium-sized businesses. This appliance comes with a wide range of IO options like HDMI, DP, and even USB-C to connect a monitor to it. It also has a TF card slot available.
This appliance comes with a slightly faster processor than the RS34g, which makes it perform better than its smaller brother. This firewall is a great choice when you plan to implement it in a larger environment.
The Best pfSense Firewalls in 2022
It is really hard choosing a winner here since everything depends on how you are going to use your firewall. Therefore, we try to separate this into 3 different categories:
- Home Networks
- Small Businesses
- Medium to Large Businesses
Home Networks
For home networks, we assume normal usage with less than 10 users. When it comes to this, it’s hard to beat the Netgate 1100. This firewall has everything one needs in a small home network. It also comes at a competitive price tag compared to other similar-sized models.
Small Businesses
For small businesses, we have to choose the HUNSN RS34G over the official pfSense appliance because of its much faster processor and better IO. This firewall is a great option with some room for scalability if you choose an option with a bit more RAM.
Also, the price tag doesn’t break the bank, which could be an issue for a lot of small businesses. If you choose this firewall for your office or startup, you definitely can’t go wrong.
Medium to Large Businesses
TBA
Conclusion
This concludes our favorite pfSense Hardware of 2022. It doesn’t matter which appliance you choose, as long as you make sure you know what your needs are beforehand. There are many factors to consider when choosing a firewall.
If you are serious about using pfSense in your business, taking our pfSense Fundamentals Bootcamp on Udemy will help you to be confident in your skills when it comes to working with pfSense.
Make sure to go through the checklist below before purchasing a firewall:
- Make sure you know what your requirements are.
- Predict how fast your business will grow and if you should buy a better device directly before upgrading later.
- Think about which pfSense features you want to use before making a choice (IDS, Proxy, VPN).
- Understand your business needs and calculate how much data will be sent over the network before accidentally creating a bottleneck.
👀 This Tutorial has some related Articles!
👉 The Complete pfSense Fundamentals Bootcamp
👉 Install pfSense from USB – The Complete Guide
👉 Install pfSense on VirtualBox
👉 The Complete pfSense OpenVPN Guide
👉 The Complete pfSense DMZ Guide
👉 Generate SSL Certificates for HTTPS with pfSense
👉 The Complete pfSense Squid Proxy Guide (with ClamAV!)
👉 pfSense Site-to-Site VPN Guide
👉 pfSense Domain Overrides Made Easy
👉 pfSense Strict NAT (PS4,PS5,Xbox,PC) Solution
👉 The Best pfSense Hardware
👉 Traffic Shaping VOIP with pfSense
👉 pfSense OpenVPN on Linux – Setup Guide
👉 pfSense Firewall Rule Aliases Explained
👉 Email Notifications with pfSense
👉 pfSense DNS Server Guide
What about apu boards by pc-engines?
I’m using them a lot.
I’m using an APU as well! Unfortunately, they are not available in the US, that’s why I didn’t include them.
How about actually updating this article for 2021?
Updated for 2022 🙂
Add Netgate sg-1100 and sg-3100…
Nice read, next time try and capture around 10 appliances