Hardware Selection:
I was planning to migrate my existing pfSense firewall which is currently running on top of Pentium Gold G5400 + Gigabyte iTX motherboard which I have built 2 years back. It is running fine without any issue, however the power utilization of this build is higher if you run it 24x7x365. The latest Intel NUC Pro 11th Generation comes with lot of IO options and less power utilization. This generation comes in i3, i5 and i7 models. For running the pfSense I wanted to go with i3 version which should have more than sufficient horsepower to run.
You can see the complete specification of the 11th Gen i3 Pro model from here. Since this post is about pfSense build not detailing about Intel NUC and it's specifications, I will directly jump into the parts that will be of our interest. It comes with 1 x 2.5 Gbps Onboard Ethernet port, and an add-on option to install additional Ethernet interface of 1 x 1 Gbps internally which you can see in the picture shown below. The Ethernet port in the top got 2.5 Gbps and the add-on shown in the bottom got 1 Gbps connectivity.
The additional module is currently not available in my country, so I had to use some alternative approach until the add-on is available here. We can overcome the 2nd Ethernet option with USB based Ethernet adapter, continue reading the blog.
Note: Buying the pfSense physical appliance from NETGATE (model 2100 MAX ) would be really a good and cost effective option, however the cost of this appliance in my country is 3 times more than the actual cost its available in United States.
This new build will reduce the power bill in longer run. I know the ROI of NUC Unit, Memory, Nvme and USB3 to RJ45 will not match the power bill unless we are running the NUC for another 10 years without any upgrade, however that's just an excuse to test the latest NUC Pro model.
When I checked the interweb anyone built similar specifications using 11th Gen I was not able to find much details. So thought of taking the plunge and ordered the NUC unit from Amazon. Some of the parts I have used are chosen based on availability and to reduce cost of this build. This system will be running 24 x 7 providing internet connectivity for me to work from home and to attend online classes for my kids. Let's quickly jump into the actual build without wasting much time.
Below given are the part I have used for this build.
1. NUC11TNHi3 x 1
2. Crucial RAM 16GB DDR4 - 2666 Mhz SODIMM 1.2 V (CT16G4SFRA266) x 1.
3. Crucial P2 250GB M.2 2280 Nvme Internal SSD x 1.
4. UGreen USB 3.0 to RJ45 Gigabit Ethernet LAN Adapter x 1.
5. Sandisk Cruzer Blade 16GB x 1 (This can be reused for other purpose later)
This model of NUC can support RAM up to 3200 Mhz, However I went with 2666 Mhz speed to reduce the cost of overall build. The Nvme and USB3 to RJ45 I have mentioned were purchased earlier this year so I could get them at cheaper price compared to their prices now.
Note: As I mentioned earlier to get additional Ethernet port, I have used UGreen - USB Adapter (AX88179 Chipset). This adapter is natively supported by pfSense. I am using it for more than 20 months without any issue.
pfSense Installation:
While I am building this setup, the available pfSense free version is 2.5.2. You can click this link to download the "USB Memstick installer". Detailed Bootable USB media creation steps are available from pfSense. I followed the pfSense instructions, used 7-Zip, diskpart and Rufus to create the USB Installer.
Opened the NUC, installed the Nvme disk, DDR4 memory in respective slots. After that I have connected the NUC with Power plug, USB 3.0 to RJ45 Adapter connected to my ISP provided cable, 2.5 Gbps port to to Ubiquity AC Pro Access point, Sandisk Cruzer Blade with pfSense installer image, Keyboard and Mouse (optional). The mouse is required for doing some tweaks in the BIOS. If you are comfortable with Keyboard navigation we can skip the mouse.
Powered on the NUC, Pressed F10 to select the Boot Device, Selected "UEFI: Sandisk, Partition 1 (SanDisk)" option and pressed enter. I was greeted with an error message as given below.
- The solution is very much simple. Reboot the system, Get into the BIOS by pressing F2, Go to Boot -> Secure Boot -> Select the Secure Boot option as "Disabled". Leave the Boot Mode as "Custom". If you have mouse plugged in you can use it for selecting the menus and values, else Keyboard is your friend.
- Press F10 to save the changes made, Confirm by Ok
- When the system is rebooting press F10 to get the Boot Drive Selection Menu
- The System will start with usual FreeBSD text based installation, let the devices detected and the installer wizard kick starts
- Read the Copyright and distribution notice, Press "Accept"
- In the Welcome Screen, Select "Install" option, Press Ok.
- Leave the Keymap selection as it is, Press "Select"
- Leave default option in Partitioning as "Guided Root-on-ZFS", Press "Ok"
- In the ZFS configuration option proceeded with Installation as given below, Continue by pressing "Select"
- Leave the Device Type as "Stripe - No Redundancy", Click Ok
- If there are more than one drive and the drive is with data, be cautious in the following step. Installer may format and delete the valuable data if wrong disk is selected.
- In my case the disk is a brand new, so I have selected "nvd0" and Pressed "Ok"
- In the warning, This will be last chance to stop the installer formatting the selected drive, I have continued by pressing "Yes"
- Installer will continue and will get the OS installed in the selected drive. Be patient, you don't have to grab any drink :) because the installation will be done quickly.
- The installation got completed. I didn't have anything to modify. So I have selected "No"
- That's all. The installation got completed successfully. I was prompted to restart the system, I selected restart and the system was getting rebooted. This time I have removed the USB Installer, continued to boot the system from Nvme. pfSense has detected the onboard Ethernet Controller i225-LM and AX88179 Chipset based UGreen Ethernet without any tweak or modification. So the configuration was smooth.
