@chrismacmahon : Thanks, I appreciate any help/info provided. I'm aware we are not currently on paid support so no expectations.

I would look into using IPSEC instead of the OpenVPN client connection you are using, you will see a speed improvement. My unit's getting around 100Mbps when on AES-128-CBC (UDP), adding SHA1 auth drops me to ~80Mbps. Same link using IPSec (IKEv2, AES-128-GCM), I get around 150Mbps

Aside from an older bug https://forum.netgate.com/topic/130980/suricata-not-limiting-log-sizes-by-default Suricata shouldn't use much disk space. I checked a client's SG-3100 and Disk Usage on the pfSense home page shows "24% of 7.0GiB."

Ok, I'll try a fresh install of 2.4.4-p1 today and report back. Much appreciated

Yes, thanks. I went back to my backup before the changes, redid it from the start again and this time it worked.

In your place I'd drop some Ticket to the support guys: https://go.netgate.com -Rico

Yes I know, AES-128-CBC was the maximum Speed for my SG-3100. -Rico

Good to know. Thank you so much. I am gonna pursue the matter on the other thread. As for what I wanted to know initially, you answered me beautifully. All the best.

@luckman212 said in SG-5100 package contents mystery: BiWIN C6308 Hi guys, Were any of you successful in eventually finding a M.2 SSD that would work with the SG-5100?

@sean-allen said in SG-3100 Slow Throughput: @rico Interesting. You'd sacrifice 80-90% of the links speed to get the flexibility OpenVPN offers? That really says something...like I'm going to hate it if I try IPSec. It may appear to be 80-90% because 100Mb of 1000Mb but in reality IPSEC on the 3100 is only going to do @300. So yea, you’re giving up 66% in speed but only compared 300Mb. In my use, primarily mobile, I like OpenVPN for it “stay connectedness” vs IPSEC which can be less resilient to connection changes. OpenVPN vs IPSEC security I will let others speak on.

Pretty sure the crypto chip in the sg-3100 will allow it to work with 2.5. Thought I read on here that was one of the reasons they included it, besides the cpu not supporting aes-ni.

I just looked at my 2 sg3100 both in IDF rooms at their locations and 1 is running 51C and the other is at 55C.

product lifecycle

Hi and thanks for responding. I think the solution lies with the following device, which may have been discontinued. They were running upwards of $500 a pop but I managed to pick up 2 of them, which I have used successfully for a number of other serial terminals. https://www.raritan.com/products/kvm-serial/accessories/dominion-serial-access-modules I think it would just be a simple matter of cutting off one end of a USB mini cable and crimping a CAT-5 connector to it, wired in the correct order, but I've had to put this project on the backburner. I also exchanged my XG-7100 for an SG-5100, but both devices have a USB Mini console port (my old FW-7551 had a CAT-5 jack for console so it was a no-brainer with the DSAM). I will be needing to drop the SG-5100 into place within the next month or so and I will be sure to post my results. Feel free to follow up if you beat me to the punch!

Last update to this — the vendor confirmed that USB is no longer working but was able to repair the appliance by installing a small SSD and put the recovery image on the eMMC just in case. This turned out to be more cost effective than buying a new unit and should buy me some time until new hardware is released and the whole microchip/licensing future becomes clearer.

@derelict Thank you. That could be a candidate for the fastest response time in the year 2018.

To answer my own question: the reason is simple. MS120 series does not have SFP+ (10Gbe) but SFP (1Gbe) cages.

You would probably better off with 4 faster cores than 16 slower cores based on typical workloads.

This seems overly complicated. Let the Ubi switch do switching (vlans) and let the pfsense do routing. Can you hookup everything to the Ubi switch instead? Then, you only need 1 cable on the sg3100 lan to the switch. Put all vlans in that (trunk) port. LAN configs between the sg3100 & switch should then match. Just my $0.02.

@dgall said in How to add swap memory to Netgate SG-3100: I was messing around with the pfblocker geoip and it keeps saying I do not have enough memory when I try to block countries. You don't need more memory for GeoIP. Just increase the pfSense > System > Advanced > Firewall & NAT > Firewall Maximum Table Entries > 2000000 DNSBL on the other hand needs more memory depending on the number of domains added and if wildcard blocking is enabled (The TLD option).