1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

pfSense 2.4-Release Milestone for the Popular Firewall Platform

Discussion in 'STH Main Site Posts' started by Rohit Kumar, Oct 12, 2017.

  1. Rohit Kumar

    Rohit Kumar Guest

    #1
    Geran likes this.
  2. MiniKnight

    MiniKnight Well-Known Member

    Joined:
    Mar 30, 2012
    Messages:
    2,259
    Likes Received:
    602
    So ARM is now on the official stable release? We got one of those SG-1000's. The comment in this article is spot on. We're using ours as the firewall for a Raspberry Pi 3 cluster. ARM end-to-end and under 30W.

    Does this mean I can use the RPi3 as pfSense now? Or only Netgate supported?
     
    #2
    Geran likes this.
  3. ttabbal

    ttabbal Active Member

    Joined:
    Mar 10, 2016
    Messages:
    580
    Likes Received:
    161
    Good timing for me. I should be receiving some SSD boot drives today to replace the aging laptop HDDs I have in a few boxes. I like the ability to use ZFS as well, even without redundancy, at least I get some warning of issues.

    It looks like I should be able to take a backup on the existing machine, install fresh on a new ZFS, restore the config on the new version.
     
    #3
  4. PigLover

    PigLover Moderator

    Joined:
    Jan 26, 2011
    Messages:
    2,517
    Likes Received:
    967
    Should be a yes. But just because you can doesn't mean you should...

    In addition to just being 100mbit, RPi3 uses USB2.0 to Ethernet Bridge to support the Ethernet port. Because of that networking is pretty impaired (not likely to reach full wire speed, will be PPS limited on small packets, and bi-directional traffic may be troublesome).

    The SG-1000, OTOH, uses separate USB3.0 port from the ARM SoC for the Ethernet bridge for each GigE port. On a pure throughput basis should be able to hit 960kbps (almost 1Gb) pretty easily. Processing the packet filters on the little SoC will obviously prevent full-rate pfSense traffic - but at least you aren't "fighting the wire" like you would be with the RPi3.

    BTW, the Odroid C2 also uses the USB3.0 port for its GigE Ethernet bridge. So if you want pfSense in an RPi form factor there is a path. Assuming, of course, you can get BSD/pfSense to load on the Odroid. The Odroid XU4 might make a good choice too - but the kinda odd Big/Little core design might make BSD/pfSense support even more difficult.
     
    #4
    Last edited: Oct 12, 2017
  5. Biren78

    Biren78 Active Member

    Joined:
    Jan 16, 2013
    Messages:
    545
    Likes Received:
    90
    I was reading the release notes and it sounds like there's only 2 ARM supported boxes now that netgate sells.

    It'll prob work, but you'll be in the abyss of support. You've gotta value your time more than troubleshooting boot errors for hours to save a few bucks.
     
    #5
  6. moblaw

    moblaw Member

    Joined:
    Jun 23, 2017
    Messages:
    47
    Likes Received:
    8
    Just upgraded from pre official 2.3.4 - 2.4 it took approx. 15min - with 2 ssd's in raid0. Some install takes place upon reboot, besides that, everything went smooth. Had to restart 2 services, snort and haproxy. AES-NI now shows in system info. (Hyper-VM machine) 7 vcpu.
     
    #6
    Last edited: Oct 12, 2017
    PigLover likes this.
  7. PigLover

    PigLover Moderator

    Joined:
    Jan 26, 2011
    Messages:
    2,517
    Likes Received:
    967
    What host platform?
     
    #7
  8. gigatexal

    gigatexal I'm here to learn

    Joined:
    Nov 25, 2012
    Messages:
    2,030
    Likes Received:
    338
    SSDs in raid0 on your firewall? Crazy!

    What's this about 802.11 improvements? Are we finally getting AC support?
     
    #8
  9. Patrick

    Patrick Administrator
    Staff Member

    Joined:
    Dec 21, 2010
    Messages:
    10,044
    Likes Received:
    3,315
    If your firewall goes down, it is always a bad day.
     
    #9
    nthu9280 likes this.
  10. Limeray

    Limeray New Member

    Joined:
    May 10, 2016
    Messages:
    2
    Likes Received:
    1
    Is anyone else having unusually high cpu and memory utilization? Before the update pfSense was always idling on 5-10% cpu and 500 mb ram and now it constantly uses 60% cpu and 2gb (98%) of ram.
     
    #10
    Last edited: Oct 12, 2017
    gigatexal likes this.
  11. moblaw

    moblaw Member

    Joined:
    Jun 23, 2017
    Messages:
    47
    Likes Received:
    8
    I also do see higher CPU usage, it peaks around 60%, before it would peak at 35% ish. Memory is the same.
     
    #11
  12. nthu9280

    nthu9280 Active Member

    Joined:
    Feb 3, 2016
    Messages:
    572
    Likes Received:
    113
    Couldn't agree more... Speaking from my recent experience. At least mine was home use only.

    Sent from my Nexus 6 using Tapatalk
     
    #12
  13. StevenDTX

    StevenDTX Active Member

    Joined:
    Aug 17, 2016
    Messages:
    112
    Likes Received:
    46
    I deployed a 2.4 VM last night and it's working well. I will be working off of it for a couple weeks while I RMA my SuperMicro board for the C2000 fix.
     
    #13
  14. Limeray

    Limeray New Member

    Joined:
    May 10, 2016
    Messages:
    2
    Likes Received:
    1
    Apparently it was the SNMP service for me. Once i disabled it, the cpu usage was back to normal. Still the memory consumption is quite high.
     
    #14
  15. Mam89

    Mam89 New Member

    Joined:
    Jan 14, 2016
    Messages:
    26
    Likes Received:
    4
    I was playing with the idea of deploying a pfsense in a cost conscious customer location, but upon testing the squid/squidguard packets were pretty broken for me... If they can fix that I'd love to use it as openvpn is great!
     
    #15
  16. MiniKnight

    MiniKnight Well-Known Member

    Joined:
    Mar 30, 2012
    Messages:
    2,259
    Likes Received:
    602
    @Limeray are you using ZFS for storage? That uses memory right?

    @Mam89 any idea why? We've got many people here and there's many on pfSense forums with that setup.
     
    #16
  17. Mam89

    Mam89 New Member

    Joined:
    Jan 14, 2016
    Messages:
    26
    Likes Received:
    4
    I'm not really sure honestly. It could easily be a misconfig on my part as I set it up off some older documentation. The issue would occure with ssl dpi enabled with squidguard, I got it functional after intial setup, but any addition of blacklists or changed/customized setting for blocks would block everything. Upon reversion of the settings it would stay blocked for some reason. The only way to get traffic flowing again was the removal entirely of both squid/squidguard.
     
    #17
  18. MiniKnight

    MiniKnight Well-Known Member

    Joined:
    Mar 30, 2012
    Messages:
    2,259
    Likes Received:
    602
    I find when that happens to me, I'm usually the root cause :D
     
    #18
    Mam89 likes this.
  19. Patrick

    Patrick Administrator
    Staff Member

    Joined:
    Dec 21, 2010
    Messages:
    10,044
    Likes Received:
    3,315
    Upgraded a lab node to 2.4. Working well thus far.
     
    #19
    Mam89 and PigLover like this.
  20. RTM

    RTM Active Member

    Joined:
    Jan 26, 2014
    Messages:
    312
    Likes Received:
    98
    It is great that 2.4 have been released, hopefully that makes us one step closer to QAT acceleration.
    Are you sure about this?

    The block diagram suggests that the SoC has a MAC that connects to a Realtek PHY.
    Perhaps you are thinking about the XU3/4 where the NIC is indeed USB 3 based?
     
    #20
Similar Threads: pfSense 24-Release
Forum Title Date
STH Main Site Posts Testing the Gigabyte MA10-ST0 with pfSense 2.4-Release and FreeNAS 11.0-U4 Yesterday at 11:52 AM
STH Main Site Posts QuickAssist Driver for FreeBSD is Here and pfSense Support Coming Jul 15, 2017
STH Main Site Posts Netgate SG-1000 (FreeBSD based pfSense on ARM) First Look Mar 23, 2017
STH Main Site Posts pfSense 2.3.3 Released Feb 21, 2017
STH Main Site Posts pfSense adopts Apache 2.0 License Jul 19, 2016

Share This Page