pfSense is an extremely popular FreeBSD based network appliance platform. With a huge feature set including firewall, VPN, routing, DNS/ DHCP managemet, proxies and content filtering and a slick web GUI it is easy to setup and powerful. The fact that it is free and open source means that it is extremely popular among IT professionals who are on constrained budgets. At STH we test hundreds of hardware combinations each year. From this experience, we are going to keep a running log of the best pfSense hardware components.
We have pfSense appliances (both branded and custom built) at homes, offices, and four data centers we use. Between the devices we have supported over the years and what the STH community brings, we have some great tips in terms of pfSense boot drives:
We highly recommend solid state boot devices. They are lower power than hard drives and generally more reliable. Given modern day pricing, we strongly advise against a hard drive. Firewalls need to be reliable and need fast boot times so that a pfSense upgrade does not incur a lengthy downtime. Here are our top picks for pfSense boot devices:
- Inexpensive USB Drive: SanDisk Ultra Fit 32GB ($10 on Amazon)
- Boot SSD Option 1: Intel 320 40GB or 80GB ($20 to $40 on ebay)
- Boot SSD Option 2: Intel 710 100GB ($50 to $60 on ebay)
- Boot SSD Option 3: Intel S3500 80GB – 120GB ($35 to 55 on ebay)
- Boot SSD (Overkill) New Option 4: Intel DC S3100 240GB ($102 on Amazon)
At STH, our perspective is that you should mirror your boot drives. You can find our how-to guide on mirroring pfSense boot devices on STH. If you go the USB drive route, buy an extra 1-2 drives at the same time. Since 32GB drives are all of $10, we would not recommend anything smaller. You will want drives that are the same capacity and for the $10 part in a $1000+ firewall, it pays to have spares just in case a vendor changes capacities slightly over a production run. pfSense can be run on smaller devices but at current pricing, having a few spare NAND cells is worthwhile. The SanDisk Ultra Fit CZ43 is a popular drive for server applications because of its low profile design. That design element allows it to be deployed both in rear I/O plates as well as internal USB type-A headers. Here is an example from a Dell PowerEdge R220‘s internal header where the SanDisk fits nicely.
If you want something more reliable the Intel 320 and 710 series SSDs were rock solid SATA II drives. This means they work perfectly well, at full speed, even on legacy SATA II/ SAS 1 ports such as those found on Intel Atom C2000, Intel Xeon E3 (V1 – V4) or Intel Xeon E5 (V1/ V2) platforms. The Intel Atom C2000 series, codenamed Rangeley is extremely popular with pfSense users and Netgate, the company behind pfSense uses Rangeley processors extensively. These have SATA II ports which work perfectly well for pfSense boot drives. With a bit of searching 40GB boot drives can be purchased for $20 (Intel 320 40GB.) That is only about twice what a 32GB USB drive would cost. You do not need fast, just reliable and the 320 series and 710 series are a go-to options older generation inexpensive drive. Using a SATA SSD over a USB does mean higher power consumption and an extra controller port/ drive bay used. Those are the trade-offs for reliability.
We recommend SSD over USB drives especially in cases where the firewall will be generating and saving log data to the boot devices. These types of consistent writes hammer USB drives but the higher-end controllers and designs of SATA SSDs are able to handle these workloads without issue.
Expect to spend $40-$110 all-in for a great mirrored pfSense boot drive setup.
You can see more of our pfSense Buyer’s Guides here.