Best hardware and software config for PFSense?

Hi All,

I’m new to PFSense and like it so far, but I have some performance questions.

I’ve got CenturyLink fiber. With the CL modem going directly into the switch I’m getting speeds in the 900 Mbps range, up and down. With PFSense and no modem I’m getting maybe 800 Down, and 5-600 Up. That’s still plenty, but it’s not what I should be getting. I’d like to return the CL modem and not pay the rental fee, but I haven’t made that jump yet.

PFSense is running in a VM on a HP ProLiant DL360p Gen8 (VMWare 6.5) . I’ve given the VM 8 cores, 16 GB of memory, and a 10 GB HDD. It started at 4 cores and 8 GB, but during testing/troubleshooting the specs were increased. The host has 4 NIC’s, but only 2 are used. One is the WAN link on VLAN 201 connecting to the CL fiber box. The other is the LAN going to a Meraki 8-port switch. I have a couple other VMs running and using that same LAN cable to reach the rest of the network, but they don’t pass that much traffic.
N enabled on PFSense. I’ve played around with disabling each/all of these and it didn’t make a difference. I did find that my DNS Resolver wasn’t setup correctly. I’ve since disabled that and setup DNS Forwarder which has improved speeds on my PS4 and a little bit overall. Speed tests are the same, but the internet seems quicker to load. However, only using the forwarder breaks DNSBL.

I would like to eventually have a separate physical box for PFSense because the VM host is mostly used for lab/temporary things. I don’t like the idea of having something running on it that internet access depends on.

Here are my questions: -What would you guys recommend for a physical PC/server for gigabit internet? -Are there any settings in PFSense that I can tweak to allow for more speed? -How do I correctly setup the DNS Resolver? -Are there any settings on the host that need to be changed? I’ve already tried setting the TSO and LRO to “0” in the host’s advanced settings and rebooted with no noticeable change. -Would it be beneficial to separate the LAN access, one LAN port for PFSense, and another LAN port for the other servers? (Basically two cables going to the switch). <https://trackeasy.fun/usps/

Thanks in advance!

Have you tried pfsense on a dedicated machine, not in a VM?

I also have Centurylink fiber, with pfsense on dedicated hardware - full speed up and down.

I’m in the process of moving from a Qotom pfsense setup to an HP 290. I guess one could consider an HP thin client (520?) but would have to use a USB 3 NIC for LAN, and who knows how that will work.

For $100-120, the 290 makes more sense than almost anything else to me. If you’re buying fresh and not using old hardware, $120 is reasonable for something that can handle IDS and other stuff.

My QOTOM is a J1900 and struggles if I activate too many services and run a lot of traffic. Does a domestic consumer need all of the services? No, but people here aren’t standard population use-cases.