SG Series desktop appliances

ivor

Yes, those IPsec numbers are correct. SG-3100 seems like a great choice for you. As for SSD, it's recommended but not "a must". We don't sell M.2 'B' SSD options for the SG-3100 just yet (but we intend to). I suggest you try running Snort or Suricata first off internal eMMC, I doubt you will have issues.

gsmornot

@ivor:

Yes, those IPsec numbers are correct. SG-3100 seems like a great choice for you. As for SSD, it's recommended but not "a must". We don't sell M.2 'B' SSD options for the SG-3100 just yet (but we intend to). I suggest you try running Snort or Suricata first off internal eMMC, I doubt you will have issues.

Will the SG-3100 start shipping today?

mervincm

@ivor:

The SG-3100 will have a recovery partition which will allow you to always reinstall your SG-3100 without downloading images. You will always be able to use the factory version, not Community Edition.

hmm that's too bad. There are too many vulnerabilities regularly discovered to make the factory image useful for more than a few months, never mind the lifetime of the hardware. So, unless you are will to stay subscribed to gold, This device is not really worth considering.

ivor

I'm not sure what you mean. Can you explain?

mervincm

If I order an SG3100 on Nov1/2017 (assuming it has a 11-1-2017 recovery image on it)
I happily use it, under included gold subscription, applying upgrades and patches for a year, and on 11-1-2018 my gold subscription runs out. My options are 1) pay another 100+ US$ for another one year of gold subscription, or 2) revert it to the "factory image", from 11-1-20-17. To me, only the first option is worth considering.

I was hoping there would be a third option, Don't pay for another year of gold, yet continue to run it (without any of the gold bonuses) like community edition, applying updates and fixes moving forward.

ivor

I'm not sure if you understand but you will be able to run the factory supplied install and receive updates after your subscription expires. Once your subscription expires you can:

• continue to use and update your device normally.
• use the previously supplied SG-3100 image (you can download it from our portal and use it for re-install even after your subscription expires).

mervincm

Well, that sounds more like what I expected. So once the 1 year subscription expires, what exactly is the downside of not buying another year of gold?

ivor

No downsides, you can continue to use the device.

SteveITS

@ivor:

Yes, it's compatible. All Netgate / pfSense hardware has AES-NI or its own cryptographic accelerators required for 2.5.

Hi Ivor, do you know which Advanced/Miscellaneous/"Cryptographic Hardware" option to use for the SG-3100? (hardware shows Crypto: Marvell Cryptographic Engine and Security Accelerator)

(we restored a configuration from other hardware to it before checking the default setting, unfortunately)

ivor

Does it show none? No need for any just yet.

SteveITS

Yes, I can pick None.  I just thought there should be an applicable choice since there is apparently the hardware for it.

SteveITS

I found two SG-3100s today and both are set to "BSD Crypto Device (cryptodev)" so I gather that is the default/correct setting.

mrdoork

Hello I am totally new to pfSense and dont have too much experience with network equipment and terms. I need a router for a 1gbps up and down connection, we'll be 2-3 users, will this be a good option?

It says 1gbps but does that mean that technically I would be able to upload at 1gbps while also downloading at the same speed? Or does 1gbps mean total?

Also, we play games pretty competitively which require good latency, are there any reasons why this would be a poor choice for that?  Would it be better?

Any kind of tips appreciated

SteveITS

@mrdoork:

Hello I am totally new to pfSense and dont have too much experience with network equipment and terms. I need a router for a 1gbps up and down connection, we'll be 2-3 users, will this be a good option?

It says 1gbps but does that mean that technically I would be able to upload at 1gbps while also downloading at the same speed? Or does 1gbps mean total?

Also, we play games pretty competitively which require good latency, are there any reasons why this would be a poor choice for that?  Would it be better?

Your message isn't quite clear which Netgate router you're asking about…the SG-3100?  (https://www.netgate.com/solutions/pfsense/sg-3100.html)  We've installed a few already, have one for our building, and even used one as a temporary router in our data center (long story) with no performance issues.  A 1 Gbps port can generally do that both up and down in full duplex mode but it also depends on your switch (or router, whatever is next in the chain) and of course your Internet connection which is likely slower than that.  Latency is probably far more dependent on your Internet connection than the router.

mrdoork

oh yeah sorry, I meant sg-3100 yes I forgot theres more in the series..

But yeah great, I think I'll just go for this then it looks pretty good

hudhacks

@ivor:

The SG-3100 will have a recovery partition which will allow you to always reinstall your SG-3100 without downloading images. You will always be able to use the factory version, not Community Edition.

@ivor - Why not able to use the Community Edition?

What is the main differences between Factory & Community Edition?

tia,
hud

ivor

This was discussed many times, there are no differences from factory and community edition apart from device specific tuning on factory and AWS / IPsec wizards. Community edition is a way to differentiate official appliances from 3rd party ones.

hudhacks

Thanks! Buying sg-3100 right now

ivor

Thank you! Let us know your experience with SG-3100 :)