SG-1000 microFirewall
-
Since I've had mine, I have added a VPN client interface (NordVPN) for all outbound traffic and once I got that going well I noticed a couple of things.
1. The units run warm on their backs and this was seemingly causing periodic lockups, but if you mount the SG1000 so that the vents are vertical on the long side and allow air to convect vertically without blocking the bottom, top or vented side, it runs quite cool. I achieved this by simply hanging the unit off the side of my bench by it's Ethernet cables. Problem solved. Much more stable that way.
2. Also I learned the hard way to NEVER do an update without first doing a full reboot. That lesson involved two separate install from scratch events. (I don't learn that fast)
The only problem I find now is that the VPN interface or traffic thru it stops off and on and I'm forced to do a reboot to re-connect. At this point I'm not yet sure if it's the device, OpenVPN or the host dropping my full time connection. Next year when my Nord account expires I'll switch to another source and see if that makes a difference.
Since my segment of the network is the only thing using the SG1000, I just run my desktop as a static IP outside of the SG1000 DHCP server range so It's an easy connection to jump into it no matter what happens.
-
I'm glad that I'm not the only one that has been experiencing regular hiccups on this device. I bought a few months ago, registered it in august.
After the latest upgrade, a week or two ago, the device won't produce a DHCP inwards, and no matter inner IP what I tried, I couldn't reach it, so I had to remove it. No Internet connection either.. For all purposes it's dead.
I need help fixing this, where should I look for info?
On a side note, it also surprises me how hot this thing runs. I'll try to mount it vertically and see.
IT also surprises me to see the CPU regularly peaking at over 50% for doing absolutely nothing (not even streaming), just by me logged into the device for admin purposes. Is that normal?Thanks in advance!
-
The DHCP issues were a bug in snapshots, it was fixed shortly after. Simply install the 2.4.0-RELEASE and you should be good to go!
Heat wise, device does produce a bit more heat, but it's normal. I mount mine vertically as well !
Regarding the CPU spikes, it's normal to see more intensive CPU usage while logged in as it's a single core CPU.
-
Hello,
Any plans for making an SG-1000 with a WiFi accespoint in it ? I would love to have something small to take with me to hotel rooms etc.
Thanks.
-
@Georget27:
Any plans for making an SG-1000 with a WiFi accespoint in it ? I would love to have something small to take with me to hotel rooms etc.
No, but you can attach a USB wireless adapter to the USB OTG port, so long as it's supported by the drivers on pfSense/FreeBSD.
-
I have been working on this case with support since Aug 25 (#27001). As indicated in the notes I ran extensive testing on the firewall in question only to be told that support could not replicate the problem that it must be an issue with the particular unit I had. We paid to send the firewall back and we received it back with a new board inside. When I plugged it in I had the exact same issue. By this time the issue is two months old. The client that purchased the firewall has been using a borrowed firewall during this time. Now I am told it is a bug #7532 and that I have to wait for the bug fix.
So here are my concerns. If this is a bug and support was supposed to have tried to replicate the problem why did they indicate they could not.
When I look at the bug I notice that it is stated that it was to be fixed in 2.4.1 but then pushed to 2.4.2 and now 2.4.3
So how long do we have to wait so that the product purchased over two months ago is usable since in the meantime the client has a firewall that is useless to them. This may not seem like an issue to you but it is to the client who is a small non-profit company with little money to spend on IT which is why we went with this unit to begin with.
I am not happy at all with pfSense at this point. -
I've owned many Netgates and installed them for clients over the years. I just wanted a good home Net-facing edge box, so I purchased the SG-1000 3 weeks ago. It's been really inconsistent. Here are a few observations:
The CPU is at 100% continuously in the webGUI. I did connect with a USB console cable and checked the processes with top -aSH. netstat was at times 1200%+ of CPU. It was immediately niced, but over the course of ~60 seconds it popped to the top (punn intended) 10 or so times ranging from 500% of CPU to 1200%. This makes web page load times incredibly inconsistent. Especially anything that hits google analytics or akamai strangely. Even this page on the pfSense docs takes 8-10 seconds to load –> https://doc.pfsense.org/index.php/High_Load_Troubleshooting
Other pages load ridiculously fast as they should. I have 60Mb/s download speeds on raw pipe at the modem when using naked ethernet.
It's fascinating. Any insight is appreciated. This behavior occurs with no extra packages and even the internal DNS resolver/forwarder turned off. (It was unbearable with it on ;-) (I had PFBLocker and OpenVPN installed but I removed them just to see if it would have a positive effect, so there are no packages currently installed) And only 3 port forwarding rules for non standard ports that use for sftp access for remote file access.
I love pfSense, always have. Happy to give whatever data is necessary to troubleshoot the issue.
Thanks!
-
As was noted in one of the other threads where you made similar comments, it looks like you're seeing a side effect of a bug with netstat that was recently fixed in FreeBSD: https://forum.pfsense.org/index.php?topic=139255.0
-
Interestingly, I saw a few things in the logs that looked like a issue with IPv6 DHCP on the WAN interface (my ISP does not provide that - they'll have to eventually ;-) So I turned that off. Magically, the CPU is now visible on the main page. It live updates correctly. It's still high, as you would expect without the netstat change which is forthcoming, but it goes down to 50%, 64%, 84%, but never goes to 100%. The routers performance is significantly improved. Thought I'd share my experience. Thanks for all you guys do.
-
I've had mine for almost a year. Overall, I'd say fairly stable. The install procedure, and console access is a bit of a challenge - but the documentation is solid and very helpful there. Make sure you enjoy serial ports and console connections. Not that this is a 'normal' operation - typically the unit runs fine.
For completeness, I must say I did just have a brick event, but I'm not sure if that was an improper shutdown problem.
Overall pfsense has come a long way - the unit has been reliable, configurable, robust, and this unit absolutely sips power and is so small you can install it pretty much anywhere.
I'd highly recommend this model for any home or small business location.
-
Glad you like it. Thanks for taking time to share your experience with it :)
-
Hi.
I would like to ask if this little thing can handle a WAN 360/360 Mbit connecting. I'm thinking will this be bottleneck for requests from the internet?
-
No, 360/360 is too much for it. Instead I recommend SG-3100, Minnowboard Dual-E or wait a few months for espresso.bin.
-
Thank you.
Maybe you can help me with my other post.
