PfSense On HP T610 Plus

ca10-firewallFor years we have been building low cost enterprise grade firewalls for our small business clients using the Neoware CA10 or CA22 thin client running Pfsense (pictured left). Either of these devices can be outfitted with a 1U Right Angle PCI Riser, Multiple NIC Network Adapter and a DOM (disk on module) Hard Drive for under $100 USD. While this setup has been working well for many years, with the advent of gigabit internet and the high demands of computing nowadays, these machines are starting to reach their limits of usability.  Don’t get me wrong, these machines will handle almost anything you throw at them and for most home or small business users this setup will more than suffice, however when you need certain enterprise features such as VPN Connectivity for 100’s of users, this guy starts to fall short due to its hardware limitations. If you are interested in building your own Neoware firewall, there is a nice how to here. As I said above, this has been our goto solution for small and medium sized businesses for years, however the time has come to build a new solution that can handle the demands needed of an enterprise grade device today. So the search began and we set out to find a device that would meet the following minimum requirements:

  • Must support x64 OS
  • Low Power Consumption
  • 2 or more processor cores
  • Needs 1 x full height PCI-e slot
  • Supports at least 8GB DDR3 memory
  • 1 x SATA port for Hard Drive or SSD.

When all was said and done, we settled on the HP T610 Plus thin client (pictured left). The T610 Plus comes with 4GB RAM, 16GB MLC SSD,  1 x full height PCI-e expansion slot, 2 x t610-firewallinternal SATA ports and an embedded 1.6 GHz AMD G-T56N dual-core processor. Bone stock, this machine has more than enough power to run Pfsense for most applications, however on our test rig, we opted to increase the memory to 8GB as ddr3 memory is now fairly cheap and abundant. Setting this machine up for Pfsense is fairly straightforward. First, we disassembled the machine using this guide. Once disassembled, we added 1x 4GB stick of DDR3 to the second memory bay then we added a spare Dell Intel PRO/1000 VT Quad Port PCIt610-firewall-back-e Server Network Card we had lying around the shop. Next we reassembled the machine and booted into the BIOS using the ESC key. Once in the BIOS, we changed our hard drive mode from Legacy to AHCI, disabled network boot on the on-board network adapter and set the boot order to USB first. Last, we installed Pfsense. The back of the machine is pictured to the right. In the end, we have built our next generation enterprise grade firewall that will keep our clients happily plugging away, without breaking the bank. While we were able to use spare parts for our test build, this firewall can be easily built for less than $150 USD by sourcing the parts needed on ebay. Our first client deployment has happily been serving the needs of 100+ remote workers with VPN access for over 90 days now and this little guy hasn’t missed a beat.

Did you find this article useful? Why not share it with your friends?

19 thoughts on “PfSense On HP T610 Plus

  1. Great info, thanks for very good case study! 🙂 This is a kind on information I value best – solution tested for years and “on field”!

    Have you tried IPS (SNORT, Suricata) as well on this mini PC? I wonder if this T610 unit will have enough power to do IPS as well, lets say on 50/50 mbit WAN traffic?
    100 mbit WAN or more is quite common nowdays – have you noticed any speed limitations that this configuration will not be able to handle?

    Thanks in advance for response, best regards,

  2. Doesn’t the HP T610 plus use a half height bracket and not full size? And isn’t the CPU a G-T56N model and not T65N?

    1. It does have a full height network card, but you are correct the processor is a AMD G-T56N

      1. Sorry to bug you about this, but are you absolutely sure its a full height card? From photos I have seen on the net of the interior of the t610/620 and other people posts/how-tos on the same subject it doesn’t look like it could possibly be. Can you post a photo of the card that fits in the system? I just want to not buy the wrong components.

  3. Do you have some specific quad port nic recommendations for t620 plus?

    I tried an IBM branded card which had problems linking in this thin client. I’ve read some who recommend going for an i350 based card.


    1. We typically try to run ** unbranded ** Intel Pro 1000 (MT/GT) series cards. They are readily available used and cheap. Have never had a problem with them.

  4. Hey I am having issues with the network crashing often. I bought this box and the IBM Intel PRO 1000 PT Quad Port PCIE GIGABIT Ethernet NIC Server Adapter but I am having issues with the network constantly crashing I am almost ready to pack in the box and put it away as a failed experiment 🙁 It works intermittently but then seems to crash under load. The temperature always seems to sit around 55 C. Is yours still working well? What are your ambient temperatures.

    1. First, did you buy a new or used Intel quad port card? I have had 2 cards in the past (I believe they were both the HP NCxxx cards) that seemed to test fine in a desktop however, they presented problems once installed in the T610 plus. That is where I would start. As for the system temp, these boxes typically run between 45-50c and will run like that for years. I do still have just shy of 10 of these in production environments and haven’t had a problem with a single one. Lastly, by crashing do you mean kernel panic? What version of Pfsense are you running?

      1. It was off of ebay but apparently a new card. However someone from my lab bought the same card has also been having trouble so perhaps that is part of the problem. We will try using another card. As for the nature of the crash I don’t really know as when I try and get some logs after the crash it seems to not have anything perhaps indicating that everything is held in memory and lost after a reboot. We are running pfsense 2.3.4_1. Thanks so much for the reply!

  5. What do you think the upper limits in terms of routing for this type of build would be (in terms of Mbps up and down)?

    Seems like a cost effective and low power build…lots of these on eBay.

  6. I picked one up off of ebay for a great price.
    Now just waiting for the power supply and the dual nic card.

    I ordered a PCI-X card by mistake.

    “Read before hitting send”n 🙂

      1. I got a t610 off hand on the cheap.. Power supply wasnt readily available.. Any idea if they’re other cheap brands / power plugs that can fit this model?

        Cheapest i’ve found is 60 bucks in USA.. I’m cheap.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.