What hardware to buy for pfSense router in 2024
This article was last updated on December 29, 2023
We sell quite a lot of open-source hardware. Most of our customers are fans of pfSense, the most popular open-source operating system for routers. The question we often get is, "What hardware should I get for pfSense?".
The hardware recommendation will depend on your needs. For example, your hardware needs are lower if you are using pfSense "just" as a router or firewall without more advanced packages. On the other hand, if you need to run your traffic through a VPN tunnel, the CPU needs to be able to handle it. If you need to use IDS (Intrusion Detection) or IPS (Intrusion Prevention), such as Snort or Suricata, you will want to have more memory.
pfSense 2.7.2 hardware requirements
Not everyone is the same, but there are some common requirements that any hardware must fulfil.
- CPU should support AES-NI
- CPU must be powerful enough to route your internet traffic
- RAM - you must have enough for the packages you want to run.
- NICs - LAN ports should be coming from Intel. pfSense still doesn't perform great with Realtec Network Interfaces.
- WiFi - pfSense supports a minimal number of WiFi adapters. If you plan on using WiFi, make sure you get the right adapter.
If you must use older VPN technology, such as OpenVPN or IPSec, you will want a CPU with AES-NI support to improve cryptography performance.
What is AES-NI?
AES-NI (AES New Instructions) is a new encryption instruction set baked right into the CPU that dramatically speeds up cryptography tasks such as encryption/decryption for VPN or SSL. AES-NI was developed by Intel, but most modern AMD CPUs also support it now.
While pfSense doesn't require AES-NI to work, you will need it to run VPN at a reasonable speed.
pfSense firewall appliance recommendations
Cheap pfSense box - APU2E4
APU is a well-known, reliable hardware manufactured by the Swiss company PC Engines. APU2, APU3, and APU4 routers are the most popular hardware firewalls we sell at TekLager. This is the cheapest pfSense router we sell, but don't be deceived; it's a very capable firewall for a home or small office.
Tip: in most applications, this box will perform just as well as the more expensive versions.
- CPU: 4 core, 1Ghz AMD GX-412TC (with AES-NI)
- RAM: 4GB ECC DDR3-1333 DRAM
- NIC: 3x 1Gbps Intel i210AT
- Storage: 16GB mSata SSD (larger SSD is an option)
- Routing throughput: 1Gbit on pfSense using multiple connections. 550Mbit/s using single connection.
- VLAN: 250Mbps
- VPN: ~100Mbit over OpenVPN, ~300Mbit over WireGuard.
- Cooling: Passive, fanless cooling.
- Power consumption: ~6W - very low power consumption
See the full specification here: APU2E4 router
This hardware is definitely good enough for home usage. It's passively cooled, so it's completely silent.
Our favorite thing about APU routers is that they are 100% silent, cheap, powerful enough and super reliable.
( about $221 USD)
TLSense J6412
For those who would like to have a bit better CPU or mote LAN ports, we recommend TLSense J6412, which is one step up from APU. It has 5x intel 2.5Gbps NICs, more storage, a more performant Intel Celeron J6412 CPU and supports 4-16GB of RAM.
- CPU: 4 core, Intel J6412 Quad Core 2.6Ghz (with AES-NI)
- RAM: 4-16GB DDR4-2400 DRAM
- NIC: 5x 2.5Gbps Intel i225-V rev 3 (supported by pfSense)
- Storage: 16GB mSata SSD (larger is an option)
- Routing throughput: 2.5Gbps on pfSense
- VPN: ~600Mbps over OpenVPN, ~1.5Gbps over WireGuard.
- Cooling: Passive, fanless cooling. 0 noise
- Power consumption: ~8-10W - very low power consumption
See the full specification here: TLSense J6412
This configuration is very popular. This CPU and 2.5Gbps network interfaces ensure that this hardware will last you for a long time.
( about $307 USD)
TLSense - the high-end performance
TLSense 10210U is a powerful box. It's great if you plan to use IDS/IPS packages such as Suricata or Snort for Intrusion detection and prevention. It's also a perfect choice for a VPN gateway.
This hardware is popular with customers who have a 1Gbps or 2.5Gbps internet connection and want to utilize the full throughput over OpenVPN or IPSec. This hardware is also suitable for Proxmox or VMware to run multiple Virtual Machines.
It has a powerful 10th-generation Intel Core 10210U CPU, 16-64GB of RAM, and up to 1TB NVMe SSD. In addition, it comes with 6x 2.5Gbps Intel LAN ports and an HDMI port.
- CPU: CPU: 10th generation Intel Core i5 1021U Quad-Core, 8 threads, Up To 4.2GHz.
- RAM: 16GB (2133/2400MHz)
- NIC: 6x 2.5Gbps Intel i225-V rev3 (supported by pfSense)
- Storage: up to 1TB NVMe SSD (accepts regular SATA drives as well)
- Routing throughput: 2.5 Gigabit on pfSense, and other operating systems
- VPN: Over 1Gbit over OpenVPN, 2.5Gbit over WireGuard.
- Cooling: Passive, fanless cooling. 0 noise
( about $535 USD)
If you are looking for 10Gbit hardware, see the rack router TLSense 1U W-1290.
If you are looking for something else, see other models.
If you are looking for a pfSense WiFi router read this article we wrote about pfSense wireless support.
Cheers!