HDD Space


OS Base




1 GB




No Doc.

No Doc.

No Doc.

No Doc.


Master shaper

Site Down for Maint.

Site Down for Maint.

Site Down for Maint.

Site Down for Maint.


Minimum Hardware Requirements

The following outlines the minimum hardware requirements for pfSense 1.2.x. Note the minimum requirements are not suitable for all environments, see the Hardware Sizing Guidance page for information.

CPU - 100 MHz Pentium
RAM - 128 MB

Requirements specific to individual platforms follow.

Live CD
CD-ROM drive
USB flash drive or floppy drive to hold configuration file

Hard drive installation
CD-ROM for initial installation
1 GB hard drive

512 MB Compact Flash card
Serial port for console

Hardware Sizing Guidance

When sizing hardware for use with pfSense, two main factors need to be considered.

  1. Throughput required
  2. Features that will be used

Throughput Considerations

If you require less than 10 Mbps of throughput, you can get by with the minimum requirements. For higher throughput requirements we recommend following these guidelines, based on our extensive testing and deployment experience. These guidelines offer a bit of breathing room because you never want to run your hardware to its full capacity.

10-20 Mbps - No less than 266 MHz CPU
21-50 Mbps - No less than 500 MHz CPU
51-200 Mbps - No less than 1.0 GHz CPU
201-500 Mbps - server class hardware with PCI-X or PCI-e network adapters, or newer desktop hardware with PCI-e network adapters. No less than 2.0 GHz CPU.
501+ Mbps - server class hardware with PCI-X or PCI-e network adapters. No less than 3.0 GHz CPU.

Feature Considerations

Most features do not factor into hardware sizing, though a few have significant impact on hardware utilization.

VPN - Heavy use of any of the VPN services included in pfSense will increase CPU requirements. Encrypting and decrypting traffic is CPU intensive. The number of connections is much less of a concern than the throughput required. A 266 MHz CPU will max out at around 4 Mbps of IPsec throughput, a 500 MHz CPU can push 10-15 Mbps of IPsec, and relatively new server hardware (Xeon 800 FSB and newer) deployments are pushing over 100 Mbps with plenty of capacity to spare. Supported encryption cards, such as several from Hifn, are capable of significantly reducing CPU requirements.

Captive portal - While the primary concern is typically throughput, environments with hundreds of simultaneous captive portal users (of which there are many) will require slightly more CPU power than recommended above.

Large state tables - State table entries require about 1 KB of RAM each. The default state table, when full at 10,000 entries, takes up a little less than 10 MB RAM. For large environments requiring state tables with hundreds of thousands of connections, ensure adequate RAM is available.

Packages - Some of the packages increase RAM requirements significantly. Snort and ntop are two that should not be installed on a system with less than 512 MB RAM.


Linux Freeware

Master shaper


  • Linux Kernel v2.4 or v2.6
  • Kernel support for QoS and/or fair queuing
  • Kernel support for Netfilter (iptables)
  • New versions of iptables (ex 1.2.11) and iproute2 (ex 20041019-3)
  • Perl
  • sudo (so webserver - mostly not running as root - can load the shaper rules which needs root privileges)
Web Interface IMQ - Intermediate Queueing Device

If you want to shape on a single interface:

  • Patched kernel
Retrieved from " "

-- KevinAdams - 2011-11-13

Topic revision: r1 - 2011-11-13 - KevinAdams
This site is powered by the TWiki collaboration platformCopyright &© by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback