How much RAM and Processor for a home PFSense router?

VPN
1

I am looking to setup PFSense as the router for my home network and I am trying to figure out what type of specs I need for the router. I am looking at a Protectli micro appliance. I have a Raspberry Pi running PiVPN for remote to my home network and NAS from outside the LAN. am looking to use PFSense as the router so I can setup VLANs and firewall rules.

How much RAM and processor would I need for the router? Is 4 GB enough or should I strive for 8 GB? I will just be using Gigabit networking with about 10 to 15 devices on the LAN.

2

OK, one thing at a time…

RAM requirements depend on the number of devices on the network and their level of activity. Every time a client device accesses something over the network, the router must make (and maintain) an entry in the state table. For example, if you access a Web page with three images in it, this will require the router to have four states. The state table is kept in memory, and a state is about 1 kilobyte in size.

Usually, what people do is, they assume some average level of state generation per device and see how it stacks up against the router’s memory that’s above and beyond what’s needed for the router’s basic functioning. So a device with 2 GB RAM may be recommended for networks with 20-30 devices, 4 GB RAM may be thought sufficient for 40-50 devices, 8 GB, for 100 devices, etc. Obviously, if you have a herd of network hogs, these numbers may need to be revised downward…

Now, processor. Basic routing is a pretty low-key affair. Most modern processors more or less sleep-walk through it. But there are three things (collectively called “next-generation services”, or “NG services”) that have their own, much higher, requirements to processing capacity. They are intrusion detection / intrusion prevention services (IDS/IPS), virtual private networks (VPNs), and malware detection (aka AV, short for “anti-virus”). Computational intensity of NG services depends on the speed of the Internet connection. Starting somewhere around 300 Mbps, any single NG service will eat up more processor time than the rest of the system.

Everything else (including VLANs) is somewhere in the middle, a step up from basic routing, but nowhere near NG services…

As a reference point, entry-level commercial-grade desktop routers run on dual-core Atoms and Celerons, mid-level desktop routers can have a quad-core Atom, an entry level rack-mountable router can have a dual-core G-series Pentium or Celeron, a mid-level rack-mountable can have a quad-thread i3 or quad-core i5, and it goes up from there, all the way to dual Xeons…

3

https://docs.netgate.com/pfsense/en/latest/hardware/size.html

4

My pfSense box is a used HP T620 Plus Ram 4GB, 16GB ssd + 4x1Gbit intel network card
4 VLAN, tailscale, crowdsec, pfBlockerNG, haproxy, wireguard, openvpn, freeradius, acme, apcupsd, NUT. Over 30+ devices.
CPU usage: 10%+
RAM usage: 20%+
SSD usage: 23%

Very stable and full network speed.

5

I’m running with 2g of RAM and an i3 and it barely hits 10% load at peak.

6

This has been good for me, never seen a load issue, sustains good traffic speeds.

Intel(R) Celeron(R) CPU J3455 @ 1.50GHz Current: 1500 MHz, Max: 1501 MHz

7

Pickup a Dell R210ii server with 8 or 16 gigs for like $200.00.

Been running pfSense Plus on it for year with a 10GB nic and not even scratch the performance - even with Acme, HaProxy, and a number of other services running on it.

Stuck two SSD’s inside it with ZFS mirror as well.

8

I grabbed one of these when they were on Amazon. They can be found still or other like them. Qotom-Q575G6-S05 Kaby Lake i7 7500U Fanless Mini PC with 6 Gigabit NUC NIC AES-NI Computer Router Firewall (8G DDR4 RAM + 32G MSATA SSD + WiFi)

Works perfect and my home network has many more devices. Wireguard would probably do better than pivpn and alllow you to have one device for everything.

9

I’m running mine as a VM with 2vcpus and 2GB of ram, on a 32GB of storage.

I only have ~200Mb down, 10Mb up. House of 2, but I also use it to route between VLANs, lots of IOT and other VMs on the network(s).

The lowest end host it runs on has a Xeon D-1518, pretty weak.

TL;DR: 4GB is fine.

10

pfSense will basically run on a potato. You can also run a VPN on it.

Plenty of folks running pfSense on passively-cooled Intel N100 boxes with lots of bells and whistle, and still have processing power to spare.

As far as RAM, 4GB should be more than enough for most purposes. As long as you are able to upgrade it, then its nothing to even worry about.

11

I have 8 VLANs running suricata and pfblocker (and some other packages). Also have a couple wireguard clients always connected for remote backup nodes.

I have 8gb RAM and use up to 6gb max, so 8gb is all you should need, it usually is between 2-4gb.

The processor is up to you, something with AES-NI, but I like the E3-12xx V6 series because they are enterprise grade, cost effective, and lower power. I also use ECC RAM, which is probably unnecessary, but I’m a labber so why not.

Edit: I should add that single thread performance is more important if your internet service uses PPPoE and you’re doing bridge mode on your modem (using pfsense for authentication).

12

This: Fanless Mini PC Intel i3 1125G4 N100 Pentium Gold 8505 Firewall Soft Router 6xi226-V 2.5G DDR5 DDR4 NVMe SATA Proxmox pfSense

I got the i3 16GB version for under $250

More than enough for a big homelab + family

13

I’d honestly just buy an SG3100, i had a pair running at home until i recently upgraded to a pair of 4100s but the SG3100s are great units and ran my substantial home network without issue, you wouldn’t need a separate VPN device either.

14

Really it depends on your needs. Are you chasing low latency gaming? Any arrays? Etc.

15

I am running on a $180 Qotom mini pc with a J4125 and 16gb ram. No idea on its resource usage but I’ve never had an issue.

16

I run N100 and 32gb ram, rarely above 10% CPU, averaging 5%, and RAM usage averaging 4%. Its one of the little boxes that comes with 4 port 2.5gb ethernet so I can hook up to a 2Gb fiber when they become available. I run several services on that box, most important is probably pfblocker. This allows me to take off pihole that ran separately and an Asus router. That mini box hardly consume any wattage. I don’t keep track, but if you search this reddit, you’ll find the data that it doesn’t use much.

17

I am running $25 dollar server 32 cores and 32 gigs of ram

18

My dual core Celeron 3867U based Protectli has served me well.

I have pushed it to the limit and not once has it let me down.

19

My appliance is a Celeron 3569U with 8GB RAM and it barely hits 20% but there are times it peaks up to 6GB.
I have VLANS, pfBlockerNG, Snort and various other add ons with 20 devices always connected and another 5 connects as and when needed.

20

I’d separate the two.

My setup is this:

  1. A basic celeron/amd equivalent with 4-8gb ram for the pfsense box. Minimal storage required so a 128gb/256gb storage drive with multiple ethernet ports. A protecli appliance is perfect.
  2. A micro server. I’m completely outdated in this aspect but use an 8th gen CPU NUC with 24gb RAM to run my virtual machines.
    eSXI: with
    - Pihole and a vpn server (on the same VM)
    - game server
    - plex server with sonarr/radarr/jacket,tautulli(people should use swizzin). The latter is easier to setup these days.

Have fun.