skip to Main Content
Implementing PfSense & UniFi

Around the middle of last year, I found out that I was able to get Comcast’s new gigabit speed internet service (with 35mb upload speed). I had been on a Comcast Business connection for a number of years by that point. The consumer gigabit pricing is not cheap, but if I added on the unlimited data option it was only a few bucks more than my 75mb down & 15mb up business connection. When I had the new gigabit service installed, however, I came to discover that the Asus router I was using was nowhere near capable of handling that speed (it was able to get me up to around 150mb speed). So, obviously, I had to reconsider the hardware I was using. At that point, the options for routers with built-in wi-fi that could handle the full gigabit speed were either limited in capabilities or overly expensive. Then there was the issue of the modem. There weren’t many third-party DOCSIS 3.1 modems out there, and finding one that wasn’t flaky or overly expensive was pretty much impossible. So, to make things simple at the time, I just went with the unit that Comcast provides and figured I’d deal with better options down the line. Well, I’ve been occasionally looking at various options since then and after a lot of research and weighing of said options, I came across what seems to have turned out to be great options for 2 of the 3 things.

First up was what I settled on for the choice of new router. I’ve seen many users of other products I love (like unRAID) mention in the last couple years that the router they use was pfSense. So, I added it into the mix along with the other options I was looking at. After ruling out a great many dedicated router devices from brands like Asus, D-Link, and others as still too expensive for too little capabilities, I started looking at the less integrated type solutions. The one that stood out from the pack at that point, almost immediately, was in fact pfSense. Not only is it very flexible with the kind of hardware it would work with, it is a completely open source platform, which is a huge advantage. Not too long into digging into the platform’s capabilities, I decided that it was going to be my choice for a new router.

After that, I just needed to decide what hardware I was gonna run it on. While I could slap together a standard old PC to run it on, I wanted something a little more compact and efficient, and cheaper. Yeah, I could have slummed it and put together old pieces and parts, but it wouldn’t have been a great performer, which was my primary reason for making a change. I also looked around at some deals on old server hardware. One of the big things I needed as part of it was a CPU chipset that supported AES-NI instructions, as the next version of pfSense was going to require that. That ruled out many compact, integrated and affordable level devices. Then, I came across this post and was intrigued. Repurposing old Windows thin client hardware seemed like a perfect solution to my requirements. It could be cheap, would be a bit expandable, had the AES-NI capable chip (an AMD GX-420CA quad-core chip from 2013) and would also be fairly small and efficient.

There were vendors on eBay selling these HP T620 Plus units, pre-configured for the purpose of pfSense usage, for about $200. One of the key things about the T620 Plus units that needed to be true for pfSense usage was that it needed to have an additional network controller card added via its PCIx card slot. For one thing, pfSense plays best with Intel gigabit NICs and the single port built into the T620 Plus is a Realtek. For another more obvious thing, you need at least 2 ports to function as a router – an internal and an external port. So, adding in a card with a couple Intel ports was an obvious need. There were a number of vendors selling these units on eBay for around $120 without said card. Thankfully, there are older OEM cards from Dell, Sun and others that would work just fine. I could get a 2 port one for $25 or a 4 port card for $30. I figured for a simple $5 difference, might as well go with a 4 port one. I did a little more hunting and found one seller with the T620 Plus model that I wanted (the one with the good 4 core CPU) for only $69, and all it was missing was the plastic cover on the back panel. Since I didn’t care about that, it was a perfect choice. I’d be able to get a powerful and flexible routing solution for $100, all in. I ordered the T620 Plus and the $30 4 port Intel gigabit network card, which showed up a week later this last Friday. Upgrading the unit with the network card and getting pfSense going was a piece of cake. After getting a look at the insides, the unit is easily upgradable for better storage or an extra stick of RAM. The one I got has 16gb flash storage (it uses a standard M.2 slot, so very easily upgradable down the line should I ever want to). It also had 4gb of RAM (again, easily upgradable via a second SO-DIMM slot). Heck, it even has a couple internal USB ports.

Now, for those of my fellow tech nerds that aren’t familiar with pfSense and are wondering about its capabilities, I highly recommend viewing this video:

And here’s a longer and more detailed functional use guide. It’s definitely long, but he does a great walkthrough of most of the capabilities and such.

So what are the performance results I’ve gotten in my testing over the weekend? Fantastic, actually. In fact, it’s doing better than being hooked directly into the Comcast hardware (as I had been since getting the connection). That Comcast unit is now simply in bridged mode. Here’s a Speedtest result showing that I’m getting as close to the full gigabit connection as pretty much anybody out there does.

So, with the pfSense router decided upon, the other thing was wi-fi capabilities. If I put the Comcast modem into bridged mode, that would also disable the wireless on it. Plus, wi-fi coverage in the house has been a bit iffy. My main router and switch location in the house is on a shelf near the floor on the very end of the house in the basement. So, coverage up to the other end of the house on the ground floor was a bit unreliable. I had rigged up an old Netgear router as an access point in a room up on that end of the house on the ground floor. But, that setup was never a great solution. Most of the pfSense users recommended not using the pfSense router to do wireless (though it technically is capable of it via an onboard wireless radio controller). Since my router location has never been ideal for wi-fi, I figured I’d best follow their advice and do a dedicated wireless access point, which I would then be able to locate more centrally in the house. After a bit of research, it didn’t take me long to figure out that one of Ubiquiti’s UniFi access points would give me the best bang-for-the-buck in terms of features, performance and still decent price. I ended up going with their UniFi AC Long Range model. As a nice little bonus, there is a docker module I could easily spin up on my unRAID server to run the UniFi controller application. I got the AP off of Amazon and had no trouble getting it up and going, no muss no fuss. So far, it has done a fine job.

So that just leaves me with the Comcast modem itself. Perhaps at some point in the near future, I will come across a deal on a good model, and will be able to give Comcast their hardware back and stop paying them the monthly hardware fee (which is something like $10 to $12 or such).

Here’s a summary of the current pfSense version and nice performance status the T620 Plus unit is giving:

Back To Top