SG Series desktop appliances
-
I see the new SG-3100 is coming out. Is this compliant with the v2.5 AES-NI requirement? From what I can find, it isn't, but I would like to confirm before purchase. Thank you!
Yes, it's compatible. All Netgate / pfSense hardware has AES-NI or its own cryptographic accelerators required for 2.5.
-
will the SG3100 show all interface as assignable in software or 3 interface with the 3rd only acting as a dumb switch. not worried about the bandwidth limitation if they are assignable.
-
Each port can be assignable, switch supports VLAN's.
-
Each port can be assignable, switch supports VLAN's.
Sorry for the naive follow-up, I haven't used pfSense in ages and have recently been looking to return; does this mean the 4 switched ports can be used as individual ports/networks (e.g. LAN, DMZ1, DMZ2) and traffic can be routed via firewall policies between them?
Also, is the SG-3100 capable of handling synchronous Gigabit traffic? I'm asking about basic NAT/PAT traffic, anything encrypted (IPsec) will be restricted to around 30-40Mbps as that's all the remote side would be capable of.
Thanks,
-Alex -
Sorry for the naive follow-up, I haven't used pfSense in ages and have recently been looking to return; does this mean the 4 switched ports can be used as individual ports/networks (e.g. LAN, DMZ1, DMZ2) and traffic can be routed via firewall policies between them?Yup!
Also, is the SG-3100 capable of handling synchronous Gigabit traffic? I'm asking about basic NAT/PAT traffic, anything encrypted (IPsec) will be restricted to around 30-40Mbps as that's all the remote side would be capable of.
Yes, device can do up to a gigabit synchronous. IPsec maxes out around 300mbps, while OpenVPN throughput is up to 95Mbps.
-
Excellent, thanks… I think I'll be placing my order soon enough!
-
Thank you!
-
Considering SG3100. Is it only a single core CPU? (thought it was a dual/quad core)
What do I need to know about the factory Gold version in a year when it expires? I would not be renewing the Gold subscription, but would want to continue to use the hardware, and I would want to continue to be able to apply incremental patches and even whole version (2.5) upgrades after that 1 year period. Would I have to wipe and install the community version? Does it just drop functionality to community version? Does it stay at the current version and no further patches / upgrades will apply?
thanks!
-
The SG-3100 will have a recovery partition which will allow you to always reinstall your SG-3100 without downloading images. You will always be able to use the factory version, not Community Edition.
-
Currently I'm running a test vm on a host that is overkill and want to replace it. I'm looking for new hardware and I don't want to build it. It has to be fanless and low power. I want to buy something that is future-proof and can't figure out what packages you can run.
I've read that the ipsec vpn throughput of the SG-3100 is about 300 mbps. I'm not sure if this is a Netgate statement or confirmed in an actual test. My internet is 200 mbps down, but looking to upgrade to 400 mbps.
I want to install these packages:
-
VPN ipsec (all outbound traffic)
-
pfBlockerNG
-
snort or suricata
-
Freeradius2
Optional package:
- HAVP
Would these packages work on a SG-3100 without loss in performance?
Or should I get a SG-2440/SG-4860? Any other suggestions?https://www.netgate.com/support/supported-pfsense-packages.html
-
snort SSD/HDD is strongly recommended
-
suricata SSD/HDD is strongly recommended
Do I also need a mSATA?
Thanks!
-
-
Yes, those IPsec numbers are correct. SG-3100 seems like a great choice for you. As for SSD, it's recommended but not "a must". We don't sell M.2 'B' SSD options for the SG-3100 just yet (but we intend to). I suggest you try running Snort or Suricata first off internal eMMC, I doubt you will have issues.
-
Yes, those IPsec numbers are correct. SG-3100 seems like a great choice for you. As for SSD, it's recommended but not "a must". We don't sell M.2 'B' SSD options for the SG-3100 just yet (but we intend to). I suggest you try running Snort or Suricata first off internal eMMC, I doubt you will have issues.
Will the SG-3100 start shipping today?
-
The SG-3100 will have a recovery partition which will allow you to always reinstall your SG-3100 without downloading images. You will always be able to use the factory version, not Community Edition.
hmm that's too bad. There are too many vulnerabilities regularly discovered to make the factory image useful for more than a few months, never mind the lifetime of the hardware. So, unless you are will to stay subscribed to gold, This device is not really worth considering.
-
I'm not sure what you mean. Can you explain?
-
If I order an SG3100 on Nov1/2017 (assuming it has a 11-1-2017 recovery image on it)
I happily use it, under included gold subscription, applying upgrades and patches for a year, and on 11-1-2018 my gold subscription runs out. My options are 1) pay another 100+ US$ for another one year of gold subscription, or 2) revert it to the "factory image", from 11-1-20-17. To me, only the first option is worth considering.I was hoping there would be a third option, Don't pay for another year of gold, yet continue to run it (without any of the gold bonuses) like community edition, applying updates and fixes moving forward.
-
I'm not sure if you understand but you will be able to run the factory supplied install and receive updates after your subscription expires. Once your subscription expires you can:
- continue to use and update your device normally.
- use the previously supplied SG-3100 image (you can download it from our portal and use it for re-install even after your subscription expires).
-
Well, that sounds more like what I expected. So once the 1 year subscription expires, what exactly is the downside of not buying another year of gold?
-
No downsides, you can continue to use the device.
-
Yes, it's compatible. All Netgate / pfSense hardware has AES-NI or its own cryptographic accelerators required for 2.5.
Hi Ivor, do you know which Advanced/Miscellaneous/"Cryptographic Hardware" option to use for the SG-3100? (hardware shows Crypto: Marvell Cryptographic Engine and Security Accelerator)
(we restored a configuration from other hardware to it before checking the default setting, unfortunately)
-
Does it show none? No need for any just yet.
