pfSense / OPNsense Firewall Servers

pfSense and OPNsense are the leading open-source FreeBSD-based firewalls — full-featured alternatives to Sophos, Fortinet, Palo Alto at zero licensing cost. We stock 1U servers ideal for firewall duty: Dell PowerEdge R350 / R450, HPE ProLiant DL360 Gen10, Lenovo ThinkSystem SR630.

Firewall hardware requirements are modest — CPU is the bottleneck for deep packet inspection (DPI), IDS/IPS (Suricata, Snort), and VPN throughput. For 1 Gbps WAN with IDS/IPS enabled: 4-8 CPU cores @ 3.0+ GHz. For 10 Gbps WAN: 16+ cores. AES-NI hardware acceleration is critical for IPsec VPN performance.

NIC selection matters enormously. Intel i350 / i210 / X550 (the chipsets pfSense and OPNsense have native, well-tuned drivers for). Avoid Realtek RTL-series NICs — they work but have known performance issues with FreeBSD. We pre-validate the NIC chipset on every firewall-spec server.

Typical deployment: 4-port NIC for WAN/LAN/DMZ/Spare, 16-32 GB RAM, 240 GB SSD (firewall config + logs). Dell R350 1U with Xeon E-2334 (4c @ 3.4 GHz), 32 GB RAM, 4× Intel i350 NIC, 240 GB SSD = $1.8-2.5K refurbished. Handles 1-2 Gbps WAN with full IDS/IPS.

Frequently Asked Questions

Is pfSense free?

Yes — pfSense CE (Community Edition) is open source, free for unlimited use. Netgate sells pre-built appliances + the commercial pfSense Plus distribution with extra features and 24/7 support. Most SMB and homelab use the free pfSense CE on commodity x86 hardware.

What NICs work best with pfSense / OPNsense?

Intel chipsets: i350 (1 GbE), X550 (10 GbE copper), X710/E810 (10/25/40/100 GbE). Both FreeBSD-based firewalls have mature drivers for Intel server NICs. Avoid Realtek consumer NICs (RTL series) — they work but have known performance issues at high pps rates.

How much CPU do I need for 1 Gbps firewall throughput?

For stateful firewall with NAT only: 2-4 cores @ 2.5+ GHz is plenty. For IDS/IPS (Suricata, Snort): 4-8 cores. For deep VPN throughput (1 Gbps IPsec): 4-8 cores with AES-NI hardware acceleration. Intel Xeon E-23xx series (4-8 cores) is the sweet spot for SMB firewalls.

Can pfSense handle 10 Gbps WAN?

Yes — pfSense can saturate 10 Gbps WAN with adequate CPU and the right NIC. Recommended: Intel Xeon Gold 6342 (24c @ 2.8 GHz), Intel X710 or E810 10/25 GbE NIC, 32-64 GB RAM. Standard Dell PowerEdge R650 or HPE DL360 Gen10 fits this spec.

Other Use-Case Hardware

Part of

Server Virtualization & HCI Hub

View all 54 pages →

VMware vSphere, Hyper-V, Proxmox, KVM, Nutanix AHV — hardware sizing, licensing math, deployment.

Related Pages