SG-2440 / SG-4860 appliances - A few questions…
-
@gonzopancho:
Ya know Stan, I'll put up with a lot of crap, but you attempting to talk people out of supporting the project isn't one of them.
Please stop.
I think reusing some pre-existing hardware for a beginner or buying some refurb super cheap hardware to experiment with pfsense on will probably only lead to those same people buying good hardware from the pfsense store. I know for me, personally, when my recycled personal boxes start failing they will almost certainly be getting replaced with hardware from the pfsense store.
Using old stuff was low-risk and so gave me the opportunity to learn how much I like pfsense. I do think that if you have the money and you like pfsense, the pfsense store appliances are the way to go.
I think that when you need something that will absolutely positively work and will last and won't cost you a mint in down time, like the situations described above, I'd go straight to the pfsense store and buy there.
-
Thanks for the reply jahonix. Much appreciated. I have had a very good experience with the pfSense team over the years. The community is wonderful and I agree that supporting the project is a good thing.
@pf2.0nyc:
1. Is it worth the $200 for the two extra interfaces?
Not necessarily.
You can use VLANs and a managed switch to create more interfaces if need be in the future.Understood and thank you. We currently use many VLANs however our switching hardware is a very limiting factor at present. Perhaps this answers the question - the $200 for more interfaces is cheaper than spending $1,000 per location on upgraded switching hardware.
@pf2.0nyc:
2. How is the wireless adapter in terms of range and connectivity?
… Each location would make use of three SSID's...You will probably separate the traffic into different subnets anyway and VLANs are the best bet for this. Hence a managed switch will come handy. See above.
Except for rare cases I try to put the AP where it is best suited (coverage wise). That's usually not where my router is located and I use an external AP.We do that currently. Three SSID's via two VLANs on the wireless adapter. I'm wondering about range, sticky connections, how quickly it drops off, etc. This is a non-standard business situation where we have employees that work from home. They want to be on the phone (Google Voice or Skype) and be able to walk around their home. They don't need to be able to drive down the street but they should be able to get up and walk away from the AP without a drop in signal.
If these are too new perhaps the $$ spent on a wireless adapter would be better spent on proper WAP's?? (opinions welcome)
@pf2.0nyc:
3. Footprint/Size and Heat - What is the size (outside dimensions) of the appliances and how do they handle heat and environmental variables such as humidity?
quoted from the store:
Form Factor Standard mini-ITX 170mm x 170mm
Power Consumption 7W (idle)
Fanless operation from 0°C to 65°C ambient temperature.Heat shouldn't be a problem and if it's warm in your closet you won't have condensation anyway.
It should be ok if other equipment currently survives.170mm = ~6.69" which is why I said roughly 7"x7". Was looking for feedback from someone who has had hands on these things.
Can they be rack mounted??
@pf2.0nyc:
4. Security - Is there any way to physically secure the devices?
Feel free to attach an L-bracket and screw it wherever you like.
This device does not have KVM so it's unlikely someone attaches a serial cable to it and starts fiddling on the console which can be password-protected.As far as I read the features of pfSense are superior to Mikrotik's.
The people behind this project are great and commercial support is available if needed.
The hardware is beefy and only consumes 7W (idle) - an APU needs 11W.
What else can you ask for?I agree that with no KVM it's pretty safe. Hate to beat a dead horse but if you can attach L-brackets does that mean you could attach ears and rack it??
Thanks again.
-
I would not spend the extra $200 on 2 extra interfaces. I'd spend the extra $200 on a managed switch.
-
yep
-
@pf2.0nyc:
On the other hand, I personally believe that there is an inherent conflict of interest that presents itself the minute a for-profit entity emerges from a community-based open-sourced project such as the *BSD derivatives.
FreeBSD, OpenBSD and NetBSD all have foundations that seek out donations. These are 501
3 (or, in the case of OpenBSD, roughly the Canadian equivalent.)That said, I don't see the conflict of interest you assert. Moreover, COI, by itself, is not typically a concern. It is hidden conflict-of-interest that is a concern (and in some cases, illegal.)
@pf2.0nyc:
If the project is truly open-source then the only “secret sauce” is the implementation and pairing the hardware with the software (hello Steve Jobs).
I don't think you'll find many who agree with your assertion that this is the 'secret sauce', or your example of Apple, especially Apple led by Mr. Jobs. Note to any respondent: I'm typing this on a Macbook. I don't have a problem with Apple, but describing OS X or iOS as "open source" seems problematic. To me, Open Source means that the source code is open, and licensed such that others can fork it. By that definition, pfSense software is Open Source.
@pf2.0nyc:
When the developers of the open-source community work for or have a vested interest in the for-profit entity it hurts the community.
All of the main developers of pfSense are employed by either Rubicon Communications (Netgate) or Electric Sheep Fencing. There are also a group of people in the community who contribute, but most of the work on pfSense comes from that "coreteam". Here is a post from last year that goes through the numbers. https://forum.pfsense.org/index.php?topic=76140.0
@pf2.0nyc:
They hold back on things like cost savings on optimal hardware, economies of scale, tricks, tips, configurations, etc.
If you wish, please provide specific examples of this occurring, so we can discuss them in public. In some ways, capitalism, the very system you say is fundamentally flawed (below, and yes, it is flawed), serves as a blocking function for the behavior you ascribe. If an entity seeks rents that are too high, another entity may decide that there is sufficient incentive to compete. Since the software is Open Source, there is no effective way for the first entity to impede the second from a technical standpoint.
@pf2.0nyc:
I believe it is fundamentally flawed –but so is capitalism.
As is every other political or economic system.
@pf2.0nyc:
Look what happened to the housing markets. When your obligation to your shareholders is greater than to your customers it is only a matter of time until you lose customers.
Without ratholing the discussion too badly, I don't think the situation with the housing markets (I assume you're speaking of the pre-2006 housing bubble, followed by the 2007-2011 bust, and all of the financial shenanigans that accompanied same, as well as the U.S. subprime mortgage crisis, which was caused more by consumer debt (financed by mortgage-backed securities and collateralized debt obligations such as credit default swaps) was purely driven by shareholder valuation. The US government had a lot to do with it, since the FHA, Freddie Mac and Fanny Mae (these last two are not US government, but are government-sponsored) are all huge backers of the US mortgage market.
@pf2.0nyc:
When the answer is “you should have bought a service contract” or “too bad you aren’t a gold/platinum/silver/diamond level member” the community will self-destruct and pull the for-profit entity down with it.
My objection (upthread) was that someone stepped in to derail. We don't stop anyone from loading pfSense software on the hardware they find or source from anywhere. We don't disable drivers for hardware we don't sell. We provide (but do not require) paid support for hardware we do not sell, and we answer a lot of technical support questions in this forum and others.
-
I would not spend the extra $200 on 2 extra interfaces. I'd spend the extra $200 on a managed switch.
Let's be clear, there is more to the "extra $200" than two more Ethernet interfaces.
First, the extra $200 is $406 - $254, or $152.
Second, the 4860 is a quad core @ 2.4GHz board with 8GB RAM, while the 2440 is a dual core @ 1.7GHz with 4GB RAM.
So 2X the RAM, nearly 3X the CPU if measured as cores x clock speed, and yes, two more Ethernets for a 59% increase in price.
Agreed that if all you care about is the 2 extra interfaces, then a managed switch is a better investment.
-
Hello pf2.0nyc,
$500 Complete appliance (SG-4860)
$199 Includes one year of pfSense Premium Software Support (~$17 each month)
$0.00 Installation, testAnd ready to go, because time is also money as I see it right
It forces an unfair monopoly which eventually destroys the open-source project or turns the overall project into a for-profit project.
Likes mOnOwall is now??? The project is OpenSource but the code writers are not living from
love an fresh air alone! And on the other hand for code writing their is often a need for getting
materials as development platforms and devices, but the benefit for us all is then perhaps that
we get new things such as QuickAssist support, AES-NI support and so on. Or how many money
did you spend for that great work until now? Nothing? But then please let them also do what
they need to do, that this project is running liquid, please. OpenSource is free of charge but not
free of cost, it costs the time from all the developers they spend on and time is money.is cheaper than spending $1,000 per location on upgraded switching hardware.
Cisco SG300-28 - 28 Port Layer3 Switch is for ~$400
Ubiquiti Networks UniFi AP Enterprise WiFi System UAP-3 (Pack of 3) ~$200
And the software WiFi Controller is free of charge and runs under Linux really good!and pairing the hardware with the software (hello Steve Jobs).
He made it for the crazy ones and not for the ruffians and his project is also still
alive and no one is angry about.They want to be on the phone (Google Voice or Skype) and be able to walk around their home. They don't need to be able to drive down the street but they should be able to get up and walk away from the AP without a drop in signal.
Then fast roaming on Layer2 & Layer3 is really urgent needed often, because this are
so called real time tasks and are not forgiving some blackouts, but perhaps you are the lucky
one owed to the circumstances that there are not so many users in the WLAN. I mostly use
a WLAN Controller for fast roaming tasks on L2 & L3.They hold back on things like cost savings on optimal hardware, economies of scale, tricks, tips, configurations, etc.
If so you will not receive an answer on your question here from them!
What do you mean with tips and tricks? Something like activating TRIM support for SSD or mSATA
or fine tuning the Intel NICs? It was all shown here in the forum and this is free for all to read!When the answer is “you should have bought a service contract” or “too bad you aren’t a gold/platinum/silver/diamond level member” the community will self-destruct and pull the for-profit entity down with it.
If you have no support contract you can use the forum as you are doing here now and lets
growing the community, am I right?The units I have priced are the SG-4860 at about $850 (with 30gb storage, wifi card and the console cable)
So $850 for a firewall that should work for 5 years, right?
$850 price / 5 years = $170 per each year
$170 p. year / 12 month = ~$15 per each month
$15p. each month / 3 family members = $5 per nose in the household
$5 per nose / 31 days = 0.17 cent per nose in the household and day -
pf2.0nyc, I don't get your point with Wifi, multiple SSIDs, a managed switch and the need for more physical pfSense ports.
You already have a managed switch in place AND you are using VLANs with your Wifi AP, right?
Why don't you feed the pfSense a VLAN trunk then and avoid the need for more physical interfaces?How is it set up currently?
-
They want to be on the phone (Google Voice or Skype) and be able to walk around their home. They don't need to be able to drive down the street but they should be able to get up and walk away from the AP without a drop in signal.
Someone needs to understand the physics of radio frequency energy.
-
They want to be on the phone (Google Voice or Skype) and be able to walk around their home. They don't need to be able to drive down the street but they should be able to get up and walk away from the AP without a drop in signal.
Someone needs to understand the physics of radio frequency energy.
Or all wave functions. Light and audio also follow an inverse law.
