3100 will reach "End of Life" in 5 days

jwt

@uzumaki likely one of the two is "old" then. I'll have someone in marketing find it and clean it up. thanks.!

uzumaki

@jwt Those were IMIX numbers in case you’re mistaking them for iperf3.

SteveITS

@uzumaki for reference for that comparison/difference, per https://shop.netgate.com/products/2100-base-pfsense :

Firewall (10k ACLs)
IPERF3 Traffic: 964 Mbps
IMIX Traffic: 249 Mbps

Also just for reference the 3100 was around $50 more expensive than the 2100, MSRP, IIRC, with half the RAM.

I mean I get it, because we have one and have eight-ish clients with one. But, the world moved on from 32 bit a while ago. We just moved a client last week who went from cable to gigabit fiber and I suggested they get a 4100 for the new office...they did not and kept the 3100. Just have to eval each situation I'd say...the ones that use VPN and/or 500+ Mbps and/or Suricata may be a better fit for the 4100. At least the 3100s will not just stop working.

In general I'd say Netgate has done a pretty good job keeping up older hardware...the SG-1000 for instance was "EOL" in 2019 but had updates through v22.05.

gweempose

How easy is it to transition from a 3100 to a 4100? I'm assuming you can just save your configuration and then use the .xml file to load the old settings onto the new device?

And one more question about the 4100. It looks like it has four 2.5 Gbps LAN ports, but the WAN port is only 1 Gbps. So even if I had a 2 Gbps feed coming from my ISP, the devices on my network would still only see about half that speed. Is this correct?

jimp

@gweempose said in 3100 will reach "End of Life" in 5 days:

How easy is it to transition from a 3100 to a 4100? I'm assuming you can just save your configuration and then use the .xml file to load the old settings onto the new device?

Since the 3100 has switched ports it can be a little trickier but TAC can convert the config for you, then all you'd have to do is import the adjusted config.

And one more question about the 4100. It looks like it has four 2.5 Gbps LAN ports, but the WAN port is only 1 Gbps. So even if I had a 2 Gbps feed coming from my ISP, the devices on my network would still only see about half that speed. Is this correct?

The labels on the ports are just labels reflecting the default assignments, you can reassign them any way you like. You can use any of the 2.5G "LAN" ports as WANs, you just need to change the interface assignments/config to match what you want.

johnpoz

@gweempose you can use any interface for wan. Just because port is "label" wan on the case doesn't mean you can't setup any other port as wan if you want.

I do believe there is some more too moving to 4100 from 3100.. The 3100 had switch ports, the 4100 has 6 discrete interfaces. So it would be a bit more than just import config - since the interfaces wouldn't be able to match up.

I do believe TAC would help you..

edit: hahah Jim beat me too it ;)

mer

@johnpoz said in 3100 will reach "End of Life" in 5 days:

Until it actually dies, or they no longer provide updates too it, I have no plans on replacing it ;)

I've got a SG-2440 that is in the same boat. I do have it sitting as a spare right now, but it still runs strong.

gweempose

@jimp said:

Since the 3100 has switched ports it can be a little trickier but TAC can convert the config for you, then all you'd have to do is import the adjusted config.

@johnpoz said:

I do believe TAC would help you..

Forgive my ignorance, but what is TAC?

SteveITS

@gweempose said in 3100 will reach "End of Life" in 5 days:

Forgive my ignorance, but what is TAC?

Netgate’s support. Go.netgate.com. To be clear if you’re moving to a Netgate appliance it’s a free support ticket for them to convert the config. Just have to say what interface goes where, VLANs, etc.

gweempose

@jimp said in 3100 will reach "End of Life" in 5 days:

The labels on the ports are just labels reflecting the default assignments, you can reassign them any way you like. You can use any of the 2.5G "LAN" ports as WANs, you just need to change the interface assignments/config to match what you want.

Ah. That makes sense. I'm currently only using two ports on my 3100. My cable modem goes into the WAN port, and then one of the LAN ports goes to a 2.5 Gbps network switch. So I guess on the 4100 I would make one of the four 2.5 Gbps ports the WAN port, and make one of the other 2.5 Gbps ports the LAN port. I would then have a full 2.5 Gbps capable network. Is this correct?

netplumbers

@jimp said in 3100 will reach "End of Life" in 5 days:

The 23.09 release will include support for the 3100 yet since it's based on FreeBSD 14 which still has 32-bit ARM support, but it may be the last release. Hard to predict if we may need a 23.09.x point release for example which could still target the 3100.

We do usually put out patches for PHP/shell script type issues via the system patches package for some previous releases but we don't have a set schedule for those types of fixes.

FreeBSD is dropping 32-bit ARM support upstream in FreeBSD 15 so not a lot we can do there, the 3100 is Netgate's last 32-bit ARM system.

Thank you for the clarification. In recognition of this update, when is a realistic last responsible moment to target to retiring the 3100 with the understanding the security updates are critical for any device that remains in production? For personal deployments, the replacement is not inexpensive.

SteveITS

@gweempose said in 3100 will reach "End of Life" in 5 days:

I would then have a full 2.5 Gbps capable network. Is this correct

As far as the connections yes. The store shows for the 4100:

Firewall(10k ACLs)
IPERF3 Traffic: 4.09 Gbps
IMIX Traffic: 1.40 Gbps

Usually I find speed tests are about halfway in between those numbers (speaking in general) so you should be OK but remember Suricata or other packages that interfere with or inspect packages will take CPU time and hence could slow things a bit once you get to the limit of your 2.5 Mbps Internet connection.

@netplumbers said in 3100 will reach "End of Life" in 5 days:

when is a realistic last responsible moment to target to retiring the 3100 with the understanding the security updates are critical

I'm not with Netgate but not every pfSense release has security fixes, so I don't know there is a direct answer to your question. Sometimes, they have backported PHP-code security patches via the System Patches packages, for instance I think they did that for 2.6 after 23.01 released but before 2.7 was out. You may just have to review release notes for future versions.

adamw

@jimp
Are there any drop in replacements for 3100 in the making?
E.g. 3164 with a 64 bit CPU? :)

stephenw10

@netplumbers said in 3100 will reach "End of Life" in 5 days:

when is a realistic last responsible moment to target to retiring the 3100

Yes, it's hard to put a fixed date on that but I run a 3100 here and am looking at replacing it when the next release happens which should be 24.03. Before then if there's an issue that requires a point release we can rebuild against the current branch. As mentioned we usually back port patches for some time so really it would be acceptable to run a 3100 until a vulnerability is discovered after 24.03 is released that cannot be patched at runtime IMO.

Steve

dan2112

@jimp I have a 3100 I was going to put up on ebay, but with this news I am reluctant to put it up for sale a when I know it ill not receive updates. I can not in good conscience sell it. I would rather give it back to Netgate for recycling/lab use. Is this possible?

Dan

gweempose

With the 4200 now available for pre-order, I'm assuming this would be the most logical unit to replace my EOL 3100?

SteveITS

@gweempose In terms of specs/capability the 2100 is a step down and the 4200 a step up. What’s your use case, bandwidth, packages, VPN, etc.?

gweempose

@SteveITS I get over a gig down from my cable company, and I have a 2.5 Gbps network, so I definitely want something that can take full advantage of that. I don't currently use a VPN on my router, but that seems like something that could come in handy. I also don't currently run any packages, although there are a few I find intriguing.

SteveITS

@gweempose With that speed, definitely the 4200. The 2100 won't get to a gig.

stephenw10

Yup the 4200 is a big step up from the 3100 but you would need that for 2.5G internal routing.