SG-1000 microFirewall Optical Illusion
-
Maybe someone can direct me to a different thread, but this is ARM processor? Which generation ARM? Does this mean you can put pfSense on Pi?
I know there was no ARM processor support for pfSense in the past.
-
Maybe someone can direct me to a different thread, but this is ARM processor? Which generation ARM? Does this mean you can put pfSense on Pi?
I know there was no ARM processor support for pfSense in the past.
Yes it is ARM. No it does not mean you can (or would want to) run pfSense on a Pi.
It only means that this one specific ARM device will work.
-
Hi just a question. Would this support an extra nic or wire-less on USB?
-
Hi just a question. Would this support an extra nic or wire-less on USB?
If there are FreeBSD/arm drivers for them, perhaps. We do not recommend using USB NICs, however. It will support using VLANs if you need to address more than two networks.
-
Maybe someone can direct me to a different thread, but this is ARM processor? Which generation ARM? Does this mean you can put pfSense on Pi?
I know there was no ARM processor support for pfSense in the past.
Yes it is ARM. No it does not mean you can (or would want to) run pfSense on a Pi.
It only means that this one specific ARM device will work.
Hi jimp,
I would be interested to run pfSense on a Pi. I just setup a OpenVPN Server on a Pi and it was a real Pain.
I'd much prefer pfSense's implementation of OpenVPN.
Open VPN on a Pi is helpful for sitations where I need to remote into a site infrequently and cannot justify running a PC or appliance. Or in the event where I cannot replsce the existing router.I hope that pfSense will make the ARM version available so people can run it on a Pi or other low cost hatdware.
Best Regards
-
Maybe someone can direct me to a different thread, but this is ARM processor? Which generation ARM? Does this mean you can put pfSense on Pi?
I know there was no ARM processor support for pfSense in the past.
Yes it is ARM. No it does not mean you can (or would want to) run pfSense on a Pi.
It only means that this one specific ARM device will work.
Hi jimp,
I would be interested to run pfSense on a Pi. I just setup a OpenVPN Server on a Pi and it was a real Pain.
I'd much prefer pfSense's implementation of OpenVPN.
Open VPN on a Pi is helpful for sitations where I need to remote into a site infrequently and cannot justify running a PC or appliance. Or in the event where I cannot replsce the existing router.I hope that pfSense will make the ARM version available so people can run it on a Pi or other low cost hatdware.
Best Regards
Did you get any useful OpenVPN bandwidth from the Pi CPU?
-
"Did you get any useful OpenVPN bandwidth from the Pi CPU?"
Enough bandwidth for one user to run a VNC connection at 1080P (pi3, full Raspbian install)
Using the Pi as a DNS blackhole (pi-hole) i can get VPN throughput of around 4Mbit/sec when connecting with an iPhone.
Pi CPU remains below 20% when using AES256/SHA1. Thats just from looking at yhe CPU indicator of the Raspian GUI.
-
I would be interested to run pfSense on a Pi.
It's my understanding that the Pi, in addition to having only 100Mbps ethernet, has that ethernet port on a USB bus. Someone correct me if I'm wrong. I can see a lot of use cases for the Pi, but until it gets a proper Ethernet chipset, I won't even use it to replace my Sheevaplug (NAS with 2nd gen Drobo and BIND DNS server), much less as a pfSense box.
-
Hi Whosmatt,
Yes you are correct in regards to the ethernet port. Onboard ethernet would be preferred…
With any luck there'll be a BSD driver for that USB/ethernet interface.I wouldn't use a pi in a production environment... but making pfSense available on ARM would certainly be a positive move as it would lower the cost of getting into pfSense and the power consumption.
The SG-1000 probably caters for that need already... but 150$US might be out of many people's budget...
-
Any idea when this will be released? I ordered mine about 2-3 weeks ago and eager waiting for it ;D
-
… ordered ... 2-3 weeks ago ...
First come, first serve.
They seem to be working on it heavily. https://twitter.com/pfsense/status/799762396436832256 -
Since its dependant on 2.4, you're not going to see them until at least a week after 2.4 is released, I would guess.
-
To the discussion on the PI having it's Ethernet connected over USB. That's right. But think of the Banana Pi, where the Gigabit Ethernet is mounted likewise. The throughput will never reach even half of the link speed, but who cares… it's still more than enough for most setups and this way seems to be rather common on cheap hardware.
I'm still wondering, why the SG-1000 doesn't have wireless on board. The USB header may be a good idea, but an USB slot, mounted in upward direction could be used without opening the box. Putting anything with a radio inside the aluminium case would rather be a tribute to Mr. Farraday.
What's the target group for this device?
-
The pfSense Hangout from yesterday discussed this. I hope JimP won't mind me sharing his list of use cases, as it may give people a better idea of what niches this unit fits.
SG-1000 Use Cases
● Small footprint / low space needs
● SOHO, Small Networks, Small Branch Office, Remote Employees
● Portable firewall, e.g. plug between laptop and untrusted network
● Managed Service Providers (MSP) endpoint in a client
● Internal firewall/router for network segments in a small/medium businesses
● Home Office / Remote User VPN
● IoT Security Endpoint – Segment IoT devices away from the rest of a network
● IPMI or other management port Firewall
● … anything else that might need a firewall at moderate throughput with a low power draw!And it comes with a Gold sub which gives you access to the updated 600+ page manual as well as 20+ hour-long training videos (the pfSense monthly Hangouts) on all aspects of pfSense, all for $149.
-
I cannot image the small footprint use case besides a wall plug or a cap rail. But it's definitely not designed for that.
Soho and Co: Througput?! Remote: Mobile Router+SG-1000?! Most mobile routers are LTE only nowadays w/o an ethernet plug. Likewise on the airports, hotels, …
MSP - ok. But interfaces with?
If ok. Throughput?
Home office/ru vpn ok. Same as MSP use case.
IoT devices ... aren't they trending towards wireless technologies, too?
For low power - if you need to extend the mini router with additional hardware, the savings on power consumption are to be neglected, IMHO.Call me simple-minded, but I am still not convinced, what the typical target group could be...
-
if you need to extend the mini router with additional hardware
What?
It's supposed to be a 2 interface mini router. Period.
Extending with additional hardware is better suited in other devices. You'll get that once you overcome your "must be ARM/small/cheap" tunnel view. -
Just because you can't think of it, doesn't mean it doesn't exist. There are probably hundreds of more potential uses we haven't even thought of, those were given as easy examples.
There are a lot of places in the world that don't even have access to enough bandwidth to justify high-end hardware (like giant rural areas in the US – even the average bandwidth available to anyone in the US is, on average, ~14Mbit/s), or applications that require the capabilities of a firewall like pfSense but have no specific bandwidth requirements. The SG-1000 will do >100Mbit/s which is more than enough for many environments.
If your head is in big cities/data centers then it's probably not thinking in the right areas (but it could work there, too, in the right niche). Not everyone is lucky enough to have to care about gigabit home or business Internet. Lots of small businesses around where I live are still on low-end DSL/cable connections that probably don't go over 10Mbit/s.
Think less about what someone might do with it in an urban settings and consider other places. A sat link in the middle of the desert, grandma's DSL line that you have to support, etc.
-
if you need to extend the mini router with additional hardware
What?
It's supposed to be a 2 interface mini router. Period.
Extending with additional hardware is better suited in other devices. You'll get that once you overcome your "must be ARM/small/cheap" tunnel view.You could do wireless via the OTG port – this works (I have it going on one of my SG-1000s). An OTG cable going to a USB wireless dongle.
I don't have access to a 3G/4G device to try but that most likely works as well.
-
To the discussion on the PI having it's Ethernet connected over USB. That's right. But think of the Banana Pi, where the Gigabit Ethernet is mounted likewise. The throughput will never reach even half of the link speed, but who cares… it's still more than enough for most setups and this way seems to be rather common on cheap hardware.
Yeah, you're right. There seems to be a lot more choice these days in that space, including the new UP board x86 stuff. Like I said, I'm still rocking a Sheevaplug dev kit. It's considerably less powerful CPU-wise than any Pi (I mean, it's 8 years old or so now) but holds its own for me in my use case, mostly because it does have 1Gbps ethernet.
And I think the Pi gets by with USB based 100Mbps ethernet precisely because it's not designed for anything with high networking throughput (and i'm using "high" loosely here). Sure it makes a great automation server, or a controller for a Unifi network, etc. But not much in the way of a NAS or router/firewall.
-
Soho and Co: Througput?!
Most small offices that I've seen have modest WAN connections that would seem a perfect use case for the SG-1000. The home offices are a different story; residential cable internet is getting really fast on the downstream at least.