https://www.netgate.com/products/appliances/ , tech specs tab says "16 GB DDR4 RDlMM (Expandable to 32 GB ECC)"

Hi, found your question almost year after it was posted. So this is just for the record. I had the opposite situation and it worked fine. I had SG-2220 which broke and I recovered its backup using a spare, SG-1000. It worked fine, I just had to accept the proposed changes to exclude a NIC that was NOT present at SG-1000. It was all presented during the restoration process. Everything else worked fine, so all aliases and rules were preserved. I named it "hardware downgrade".

Yes, and make sure to push the issue within the warranty period. My friends box rebooted about once every one/two weeks right from the beginning. Some log entries during uptime suggested the MMC was a bit flacky, but ususally the reboots was at night, so he didn’t really bother to try and fix it. Two days ago it just rebooted as usual, bu this time not being able to boot as the MMC storage was finally really dead. Unfortunately that was 3 weeks past the 1 years waranty, and Netgate just washed their hands and said sorry.... Exceptionally bad customer service in my opinion, so my confidence in them just went bottoms up. So make sure to have it fixed before your warranty expires.

@TadN said in Can SG-3100 handle 800MB down / 20 up with CodelQ active to remove buffer bloat?: I should not be seeing any buffer bloat even without pfsense? Bufferbloat happens at the funnel. You plan on testing direct with the modem so test that also. Bufferbloat happens. DSLR seems to have started this knowledge of the subject without really explaining it. Its actually logical that some bufferbloat will happen. If you dump 20 gallons of water into a five gallon funnel its going to take some time to get through. Fixing all the upstream issues will help but sooner or later you will see latency increase as your network tries to push and pull more data to the head end than your plan includes. But devices in your path can create more than should occur. Modem first. Why? Its the first line between you and them. Modems should be (IMHO) just a bridge between you and them. ( I hate all in ones) and that bridge should work full speed doing what you pay them for. Problem then becomes whether or not your node is oversold or not. But I do believe in most areas that is becoming less of a problem these days. If your modem is driven by a Puma6 chipset though.. I would not trust it. Neither does Intel at this point.

Glad it worked for you and the SG-5100 is online again. :-) -Rico

@ebcdic my two devices are actually wifi AP's specifically Synology WiFi AP's linked in a Mesh, the vendor says i should turn off IPv6 if i dont want to see the messages...it does appear to be a bug

@trombone Understood. VLANs are kinda stupid easy to learn and use. I'm kicking myself that I waited so long to try, and then eventually implement and use. The hardest part I found was keeping the terminology between the manufacturers of networking gear straight - one of them calls it trunks, the other one calls it tagged or untagged, another one calls it access, another one calls it something else, etc. Once you grasp those terms and how they're used, it makes good sense. Programming your managed switch is the other variable that was new to learn, but not too difficult. This is a good basic explanation of the concepts: https://www.computernetworkingnotes.com/ccna-study-guide/vlan-basic-concepts-explained-with-examples.html Good luck! Jeff

@Mark_07 Nice! Jeff

open a ticket at https://go.netgate.com and ask for support they usually respond hastily and they can help you out directly

@Tantamount Thank you for this. My SG-2440 couldn't update with the same error and your solution worked for me as well. I should add that after a reboot from UI, my device got a solid red status led. After power cycling it, it started working again with latest version!

To be clear; no you can't add another mSATA device. Only one slot supports SATA. Steve

It also must be said, if you've created no floating rules, if you've created no VPN servers, and you still have ONLY the two default WAN rules - block private networks and bogon networks, nothing is getting in to your pfsense system. Jeff

That seems a bit too much for a SG-1100 as on IPsec VPN it tops at 46mbps already according to Netgate. https://www.netgate.com/products/appliances/ In that case SG-3100 would make sense to me as well. Wireguard isn't supported (yet) on Pfsense - just so you know. OpenVPN is. The second appliance you provided will "work" and seems reasonably priced. But it says "1 Gbit on Pfsense" and nothing about VPN performance. Also, if anything goes wrong you're pretty much on your own. So unless you like fiddling around more than you already have to you might rather spend the extra cash for a Netgate device. I have this device as I had it laying around and although performance is good, it already overheated once in 3 months time.

As long as you are not looking to do traffic inspection with snort or suricata, the sg-1100 will handle your needs perfectly. I use the sg-1100 on my 500/500 fiber with all basic networking services and pfBlockerNG. No problems, and single session throughput is around 480mbps. I have about 30 devices on my network and 4 very active simultanious users. So the sg-1100 is perfect for your needs, wallet, size and power consumption.

@serbus It was a hardware failure in this case. The unit was RMAed.

How complicated is your pfsense setup? If it's simple - minimal rules, minimal static DHCP leases, schedules, aliases, etc., if it were me, I would just type everything in from scratch. How experienced with pfsense are you? If you want to a straight swap, you need to export your settings from the SG-2440, edit them in a text editor to match the layout of the SG-3100, then import into the new pfsense box. If you do that carefully, it should work just fine. Keep in mind, the innards of the SG-3100 are different than those of the SG-2440. There's a switch hiding in the 3100 that needs to be accounted for. It's not impossible, but I've read over and over about users that are new to that layout getting stumped on upgrading. Here's the guide on the switch ports: https://docs.netgate.com/pfsense/en/latest/solutions/sg-3100/switch-overview.html Hope that helps. Jeff