Ok, some of you probably saw this on Facebook a couple of weeks ago in the pfSense group on Facebook, but I thought I would ask it here as well to get your thoughts:
"This has happened twice now since I setup my pfSense box a few weeks ago. The box itself responds via the web interface, however it will not route any traffic until I reboot it.
Hardware: 2012 Mac mini with Thunderbolt Gigabit Network adapter for 2nd NIC. 16gb of Ram, 500gb hdd.
Could it be that thunderbolt Nic that is giving me the headache, it is the Nic that the WAN is on."
I bring this up because the system locked up again about 10 PM last night requiring a full reboot of box to bring it back to life. I know that external Nic is not optimal. I know that they are not Intel NICs and that is not optimal. I’ve had a lot of people tell me to get rid of the Mac hardware and get either a protectili box or an actual negate box (SG-3100), or perhaps even something like a dell poweredge R210 ii (this somewhat interests me).
If I were to go server grade hardware there is a good chance that I would virtualize pfSense and try and make more use of the machine because it seems like such a waste to have a piece of equipment like that sit largely idle. The idea somewhat interests me for certain.
Anyway, I now turn to the hive mind here for further advice. Ideally I want to understand what is happening with the box that is causing it to lockup (my guess that its a driver issue or something). If you recommend replacement of the hardware, what do you suggest? Right now I have 400/20 internet, I’m running pfBlockerNG with GeoIP blocks on everything except for the United States, I have a handful of ports open for my unifi controller, mail and web server, and I’m running Suricata as well. Rarely does the hardware I have right now even notice my internet traffic in terms of having to work hard to route things so I don’t know that I need anything a whole lot more powerful, but I do want to be future-proof(ish) so I’m not replacing the hardware if suddenly my needs increase.
Thanks a lot! I look forward to reading all of your responses.