SG-1000 microFirewall
-
First pfSense ARM appliance ever, SG-1000 microFirewall. You can purchase official pfSense appliances from the pfSense store and Netgate store.
- TI AM3352 ARM 600Mhz CPU
- 512MB DDR3
- 4GB eMMC
- 2x 1GbE ports.
- ideal for SOHO / remote worker application
Feel free to ask questions about the unit!
-
I received mine months ago, but it is sitting collecting dust. I require some advice. I have a white box mini-PC running pfsense currently. It has four Ethernet ports. I am using only LAN and WAN, but the other two are configured/available for use. I want to repurpose that box, so I purchased the SG-1000, and now I need to migrate to it.
So, my question is, is it possible to export my config from the current box and import it into the SG-1000? I assume that if I can, I will still need to tweak things for my SG-1000. If not, what is the best way to migrate? It is just a home/office so that I can afford a reasonable amount of downtime.
-
Delete the two extra interfaces from Interfaces > (assign) and then you should be able to make a backup and import it to the SG-1000. It will prompt you to reassign the interfaces after importing, then pick the new interfaces and save, then apply and it will reboot with the new mappings.
-
I bought one of these about 3 weeks ago and I'm pretty disappointed with it, I must say. I had been running pfSense on a book-size micro-atx Intel dual core Celeron, but it was a pain to keep cool (CPU was built in and came with no fan on heatsink) and it took up a fair amount of space that I didn't have. Since I got a big increase in my pay, I decided to support the pfSense project by buying one of your hardware solutions, since I've been using it for a few years. I was going to buy the $300 model but then say the new SG-1000, which looked even more appealing since it was smaller and half the price.
As soon as I received it the problems started: I could see inside the case and wanted to add a MicroSD card but I _couldn't get inside the damn thing! The one lonely screw seemed to be screwed in by Hercules himself! I tried about 3 different size Phillips head screw drivers and they all just tore the screw up since a) I don't have a vice to hold the unit in place and b) I can't press on it too hard because I fear bending/breaking it. This also prevents me from using the $10 mounting kit that I purchased.
After about 30 minutes I decided to give up on opening it and move on to replacing the old one with this one. It literally took me about 5 tries and about 45 minutes to get the damn thing working completely. I plugged the MicroUSB cable into the UART port and it would keep getting stuck at various points during the boot process, the internet would be working, but unbound would be dead and the web configurator would be dead also since it had hung before Nginx started. Once I got it loaded up fully I restored my backup configuration, which lead to more hangs. Over about the next week, either the webUI would die and the serial console would give me nothing, but the internet would still work as expected or everything would just flat out lockup and I have would no internet connection and would be forced to reboot by pulling the power cord. This would happen about every 2-4 days. Also during this the webUI would regularly state that the CPU was pegged at 100% but when I would pull up top over serial it would show only about 40% usage.
I finally just decided to do a full factory reset and start from scratch, hoping maybe that would fix the lockups. It did fix the hangs during boot, but my serial console it still dead if I connect to it after the device has fully booted (I just get a black screen, pressing enter or ctrl-c or anything else does nothing) and it still locks up. About 3 hours after I did the reset it completely killed my connection. I was downloading a few things at about 13 MB/sec (I have Verizon Fios 150 Mbps, soon to be ~1 Gbps) and watching a YouTube at 1080P so it didn't put that much load on to it. It's not like I put a huge load on it, I have about 12 devices in my home network, only about 4 or 5 are active at a time and are mostly streaming devices/phones, the only thing that does a lot is my home server and that's sporadic. Since there isn't a temperature sensor in the device I have no idea how hot it's getting. It's warm to the touch and the infrared thermometer I have shows that the inside PCB/Heatsink is around 125F.
Hopefully these hiccups will resolve themselves or maybe I received a bad unit because I feel like I'm not receiving what I paid for considering my cobbled together solution gave me no issues over the 3 years I was using it. Also since I couldn't comment in the thread regarding the crypto-unit, I do feel that it is deceptive to mention that it has it, but failing to mention that it's not currently supported, because the assumption is that if you mention it, it's supported, especially when you're the ones selling the devices. That's kind of like Intel saying in their specs sheet that their newest CPU has 15 cores but when you install Windows/Linux/OS X you only see 6, then you reach out to them and they say "we never said that they were able to be used right now, we're just showing that they're there and will be able to be used at some point in the future". You'd be a little upset wouldn't you? Myself I don't care that much about the crypto-unit, I just want the stupid thing to work as well as the one I used to have._
-
This post is deleted! -
@le_top:
Very similar experience to brando56894 on my end.
I've reported the issues here and there on the forum.I could believe that one the replies said "That bug report is for a beta version. Expect bugs." while the official page says "Though the firmware is labeled “BETA” it has proven to be very stable with only a few minor items remaining to be addressed before its release."
It's been released for 7 months - how long is it going to be in "BETA" state.
I am disapointed with the buy (and I bought two supposing that the hardware was validated by the company building PFSense).
I'm sorry you're not satisfied with your purchase, while software is in BETA state, final version should arrive within the next few weeks. I replied to you on the thread you have opened, please follow up when you get access to the console https://forum.pfsense.org/index.php?topic=134552.0
-
I bought one of these about 3 weeks ago and I'm pretty disappointed with it, I must say. I had been running pfSense on a book-size micro-atx Intel dual core Celeron, but it was a pain to keep cool (CPU was built in and came with no fan on heatsink) and it took up a fair amount of space that I didn't have. Since I got a big increase in my pay, I decided to support the pfSense project by buying one of your hardware solutions, since I've been using it for a few years. I was going to buy the $300 model but then say the new SG-1000, which looked even more appealing since it was smaller and half the price.
As soon as I received it the problems started: I could see inside the case and wanted to add a MicroSD card but I _couldn't get inside the damn thing! The one lonely screw seemed to be screwed in by Hercules himself! I tried about 3 different size Phillips head screw drivers and they all just tore the screw up since a) I don't have a vice to hold the unit in place and b) I can't press on it too hard because I fear bending/breaking it. This also prevents me from using the $10 mounting kit that I purchased.
After about 30 minutes I decided to give up on opening it and move on to replacing the old one with this one. It literally took me about 5 tries and about 45 minutes to get the damn thing working completely. I plugged the MicroUSB cable into the UART port and it would keep getting stuck at various points during the boot process, the internet would be working, but unbound would be dead and the web configurator would be dead also since it had hung before Nginx started. Once I got it loaded up fully I restored my backup configuration, which lead to more hangs. Over about the next week, either the webUI would die and the serial console would give me nothing, but the internet would still work as expected or everything would just flat out lockup and I have would no internet connection and would be forced to reboot by pulling the power cord. This would happen about every 2-4 days. Also during this the webUI would regularly state that the CPU was pegged at 100% but when I would pull up top over serial it would show only about 40% usage.
I finally just decided to do a full factory reset and start from scratch, hoping maybe that would fix the lockups. It did fix the hangs during boot, but my serial console it still dead if I connect to it after the device has fully booted (I just get a black screen, pressing enter or ctrl-c or anything else does nothing) and it still locks up. About 3 hours after I did the reset it completely killed my connection. I was downloading a few things at about 13 MB/sec (I have Verizon Fios 150 Mbps, soon to be ~1 Gbps) and watching a YouTube at 1080P so it didn't put that much load on to it. It's not like I put a huge load on it, I have about 12 devices in my home network, only about 4 or 5 are active at a time and are mostly streaming devices/phones, the only thing that does a lot is my home server and that's sporadic. Since there isn't a temperature sensor in the device I have no idea how hot it's getting. It's warm to the touch and the infrared thermometer I have shows that the inside PCB/Heatsink is around 125F.
Hopefully these hiccups will resolve themselves or maybe I received a bad unit because I feel like I'm not receiving what I paid for considering my cobbled together solution gave me no issues over the 3 years I was using it. Also since I couldn't comment in the thread regarding the crypto-unit, I do feel that it is deceptive to mention that it has it, but failing to mention that it's not currently supported, because the assumption is that if you mention it, it's supported, especially when you're the ones selling the devices. That's kind of like Intel saying in their specs sheet that their newest CPU has 15 cores but when you install Windows/Linux/OS X you only see 6, then you reach out to them and they say "we never said that they were able to be used right now, we're just showing that they're there and will be able to be used at some point in the future". You'd be a little upset wouldn't you? Myself I don't care that much about the crypto-unit, I just want the stupid thing to work as well as the one I used to have.
Have you ever contacted our support for the issues you experienced?_
-
@le_top:
Very similar experience to brando56894 on my end.
I've reported the issues here and there on the forum.I could believe that one the replies said "That bug report is for a beta version. Expect bugs." while the official page says "Though the firmware is labeled “BETA” it has proven to be very stable with only a few minor items remaining to be addressed before its release."
It's been released for 7 months - how long is it going to be in "BETA" state.
I am disapointed with the buy (and I bought two supposing that the hardware was validated by the company building PFSense).
I'm sorry you're not satisfied with your purchase, while software is in BETA state final version should arrive within the next few weeks. I replied to you on the thread you have opened, please follow up when you get access to the console https://forum.pfsense.org/index.php?topic=134552.0
-
This post is deleted! -
@le_top:
I'm sorry you're not satisfied with your purchase, while software is in BETA state final version should arrive within the next few weeks. I replied to you on the thread you have opened, please follow up when you get access to the console https://forum.pfsense.org/index.php?topic=134552.0
I hope the team gets it together by september then.
Rest assured, the issues you have experience are not supposed to happen. I just replied to your thread ;)
-
Since I've had mine, I have added a VPN client interface (NordVPN) for all outbound traffic and once I got that going well I noticed a couple of things.
1. The units run warm on their backs and this was seemingly causing periodic lockups, but if you mount the SG1000 so that the vents are vertical on the long side and allow air to convect vertically without blocking the bottom, top or vented side, it runs quite cool. I achieved this by simply hanging the unit off the side of my bench by it's Ethernet cables. Problem solved. Much more stable that way.
2. Also I learned the hard way to NEVER do an update without first doing a full reboot. That lesson involved two separate install from scratch events. (I don't learn that fast)
The only problem I find now is that the VPN interface or traffic thru it stops off and on and I'm forced to do a reboot to re-connect. At this point I'm not yet sure if it's the device, OpenVPN or the host dropping my full time connection. Next year when my Nord account expires I'll switch to another source and see if that makes a difference.
Since my segment of the network is the only thing using the SG1000, I just run my desktop as a static IP outside of the SG1000 DHCP server range so It's an easy connection to jump into it no matter what happens.
-
I'm glad that I'm not the only one that has been experiencing regular hiccups on this device. I bought a few months ago, registered it in august.
After the latest upgrade, a week or two ago, the device won't produce a DHCP inwards, and no matter inner IP what I tried, I couldn't reach it, so I had to remove it. No Internet connection either.. For all purposes it's dead.
I need help fixing this, where should I look for info?
On a side note, it also surprises me how hot this thing runs. I'll try to mount it vertically and see.
IT also surprises me to see the CPU regularly peaking at over 50% for doing absolutely nothing (not even streaming), just by me logged into the device for admin purposes. Is that normal?Thanks in advance!
-
The DHCP issues were a bug in snapshots, it was fixed shortly after. Simply install the 2.4.0-RELEASE and you should be good to go!
Heat wise, device does produce a bit more heat, but it's normal. I mount mine vertically as well !
Regarding the CPU spikes, it's normal to see more intensive CPU usage while logged in as it's a single core CPU.
-
Hello,
Any plans for making an SG-1000 with a WiFi accespoint in it ? I would love to have something small to take with me to hotel rooms etc.
Thanks.
-
@Georget27:
Any plans for making an SG-1000 with a WiFi accespoint in it ? I would love to have something small to take with me to hotel rooms etc.
No, but you can attach a USB wireless adapter to the USB OTG port, so long as it's supported by the drivers on pfSense/FreeBSD.
-
I have been working on this case with support since Aug 25 (#27001). As indicated in the notes I ran extensive testing on the firewall in question only to be told that support could not replicate the problem that it must be an issue with the particular unit I had. We paid to send the firewall back and we received it back with a new board inside. When I plugged it in I had the exact same issue. By this time the issue is two months old. The client that purchased the firewall has been using a borrowed firewall during this time. Now I am told it is a bug #7532 and that I have to wait for the bug fix.
So here are my concerns. If this is a bug and support was supposed to have tried to replicate the problem why did they indicate they could not.
When I look at the bug I notice that it is stated that it was to be fixed in 2.4.1 but then pushed to 2.4.2 and now 2.4.3
So how long do we have to wait so that the product purchased over two months ago is usable since in the meantime the client has a firewall that is useless to them. This may not seem like an issue to you but it is to the client who is a small non-profit company with little money to spend on IT which is why we went with this unit to begin with.
I am not happy at all with pfSense at this point. -
I've owned many Netgates and installed them for clients over the years. I just wanted a good home Net-facing edge box, so I purchased the SG-1000 3 weeks ago. It's been really inconsistent. Here are a few observations:
The CPU is at 100% continuously in the webGUI. I did connect with a USB console cable and checked the processes with top -aSH. netstat was at times 1200%+ of CPU. It was immediately niced, but over the course of ~60 seconds it popped to the top (punn intended) 10 or so times ranging from 500% of CPU to 1200%. This makes web page load times incredibly inconsistent. Especially anything that hits google analytics or akamai strangely. Even this page on the pfSense docs takes 8-10 seconds to load –> https://doc.pfsense.org/index.php/High_Load_Troubleshooting
Other pages load ridiculously fast as they should. I have 60Mb/s download speeds on raw pipe at the modem when using naked ethernet.
It's fascinating. Any insight is appreciated. This behavior occurs with no extra packages and even the internal DNS resolver/forwarder turned off. (It was unbearable with it on ;-) (I had PFBLocker and OpenVPN installed but I removed them just to see if it would have a positive effect, so there are no packages currently installed) And only 3 port forwarding rules for non standard ports that use for sftp access for remote file access.
I love pfSense, always have. Happy to give whatever data is necessary to troubleshoot the issue.
Thanks!
-
As was noted in one of the other threads where you made similar comments, it looks like you're seeing a side effect of a bug with netstat that was recently fixed in FreeBSD: https://forum.pfsense.org/index.php?topic=139255.0
-
Interestingly, I saw a few things in the logs that looked like a issue with IPv6 DHCP on the WAN interface (my ISP does not provide that - they'll have to eventually ;-) So I turned that off. Magically, the CPU is now visible on the main page. It live updates correctly. It's still high, as you would expect without the netstat change which is forthcoming, but it goes down to 50%, 64%, 84%, but never goes to 100%. The routers performance is significantly improved. Thought I'd share my experience. Thanks for all you guys do.
-
I've had mine for almost a year. Overall, I'd say fairly stable. The install procedure, and console access is a bit of a challenge - but the documentation is solid and very helpful there. Make sure you enjoy serial ports and console connections. Not that this is a 'normal' operation - typically the unit runs fine.
For completeness, I must say I did just have a brick event, but I'm not sure if that was an improper shutdown problem.
Overall pfsense has come a long way - the unit has been reliable, configurable, robust, and this unit absolutely sips power and is so small you can install it pretty much anywhere.
I'd highly recommend this model for any home or small business location.
