Editor’s note: This article was updated 5/18/2021. I also wrote a new and updated article with more pfSense choices that you should check out.
Have you decided that building a pfSense router is a great idea, but aren’t sure what pfSense hardware to buy? You’ve come to the right place. We are going to walk through what you should be looking for in pfSense hardware and then briefly evaluate five different choices.
pfSense hardware requirements
Everyone will have different hardware needs but here are some common requirements for pretty much any build:
- The CPU should support AES-NI. This is an encryption instruction set that helps pfSense performance, especially with VPNs. pfSense may one day require AES-NI. They were going to require it in the 2.5 release but backed off.
- The CPU must be powerful enough to route your Internet traffic. The faster your traffic, the more powerful the CPU you will need.
- Sufficient RAM for the packages you want to run. PfSense doesn’t normally require much RAM, but if you are going to do a lot with it you may need more than the average user.
- At least 2 network interface cards (NICs). You can get away with one using VLAN tagging, but that adds unnecessary complications. In general, you want one NIC for each interface (LAN, WAN, etc.). Generally, you want an Intel NIC for the best performance and reliability.
For reference, the minimum pfSense hardware requirements are:
- 600 MHz CPU
- 512MB of RAM
- 4GB hard drive
- A compatible network card
- A bootable USB drive or CD/DVD-ROM for installation
Let’s look at some appropriate hardware choices.
Inexpensive pfSense hardware that gets the job done
Protectli’s Firewall Appliance with 4 Intel will get the job done for most people. Found at Amazon for in the low $300s it has all the hardware you need for a fast and silent pfSense router. It features:
- 4GB RAM
- 32GB mSATA SSD
- AES-NI support
- Quad-Core Celeron (Intel J3160)
- 4 Gigabit Intel network ports
- Fanless and close to silent
Other options include:
- Protectli Firewall Appliance with 4x Intel Gigabit ports – Similar to the recommended build. It has a larger hard drive (120GB) and more RAM (8GB) for a few more dollars.
- QOTOM Mini PC – This comes in many different configurations. Honestly, this would be a great choice as well, but it doesn’t have AES-NI which could make it a risk for supporting future pfSense releases. UPDATE: QOTOM does have some models that have AES-NI.
- Mini ITX Q330G4 Intel Core I3 – this can be had at a good price. UPDATE 2/7/2020: I bought this for my pfSense router to replace my virtual router and I couldn’t be happier. It easily achieves the gigabit speeds offered by my ISP, CenturyLink. I bought it when the price dropped below most of the other options, so if you can wait for a sale…
- GEEK+ Mini PC – This is a newer inexpensive box that comes with the Intel Celeron J3455, 6GB of RAM, and 128GB SSD and is plenty powerful enough. It does come with dual Realtek NICs. I favor Intel NICs, but Realtek NICS can work just fine. It is meant to be a lightweight Windows 10 box, but you can easily install pfSense on it for a great little router.
- Zotac Zbox CI325 – I used an older version of this for years. The only downside is Realtek NICs, but it was solid.
3rd party pfSense hardware with OS installed
If you don’t want to go through the install yourself you have a couple of options. One is to buy from a 3rd party vendor like Teklager. They allow you to purchase hardware barebones or have pfSense preinstalled.
Straight from Netgate
Netgate is the best place to go for an out of the box, fully working and supported solution. They are the maintainers of pfSense and they directly sell a couple of relatively affordable models appropriate for home users:
- SG-1100 – This model has 3-gigabit ports which means you can use this for a multi-WAN or VLANs. It’s fairly low powered but suitable for most home applications unless you plan on running a lot of intensive packages.
- SG-2100 – This model is a step up from the SG-1100. It has 1 WAN ports and 4 LAN ports (which can be used for multi-WAN), as well as more processing power and RAM. If you are looking for higher throughput and running more packages this option might be more suitable.
- SG-3100 – This model is similar to the SG-2100 but, more powerful (and thus more expensive) with an additional WAN port. If you have a large network, a fast ISP, and want to run IPS/IDS with VPN this will definitely get the job done.
You can customize storage and purchase support when buying directly from Netgate. However, for the cost of the SG-3100, you can get some pretty good hardware on your own. Also, with your own hardware, you can choose to install other OSs if you change your mind. That said, Netgate products are a great option if you are looking for a turnkey solution.
Repurpose an existing desktop
If you have an old desktop lying around, you can probably re-purpose it to being a router. You might need to buy an additional network card for LAN and WAN connections, but chances are the rest of the hardware will work fine. The downside is that this machine will probably use much more electricity than the other options, and it will need to always be on.
You can also use your old hardware (or new) to make a virtual pfSense router. I decided to go virtual for a while and it worked out well for me. A virtual router can have a lot of advantages, including:
- Snapshots – Easy to roll back if you mess up a configuration
- Scalability – Need a more powerful router? No need to buy new hardware, just allocate more power to your virtual router
- Portability – You can easily move a VM from one machine to another
You can read more about my virtual pfSense install here.
There are lots of good options and they aren’t that expensive for what you get. Netgate makes good solid options, but you can save some money by going virtual or building your own hardware. No matter how you go, pfSense is a great choice for a home router. Before you build your pfSense router, check out my article about things you should consider before installing pfSense. After you get it installed, be sure to check out my pfSense tips and make sure you review my advice on the 6 post-installation configurations you should do immediately. Also, if you are running pfSense and need to upgrade, follow these tips to upgrade pfSense the right way.
If you haven’t already, check out my 11 Great Choices for pfSense Hardware that was recently rewritten and updated for more options.
This page contains affiliate links. If you purchase an item using an affiliate link I will receive a small commission at no cost to you. Affiliates do not influence my recommendations. Read my disclosures for more information.