SG-1100
-
I'm so excited! Is that weird to get enthusiastic about a firewall offering? LOL
And it's about time (in a good way, not being sarcastic...) that there's an affordable 3 port firewall box from Netgate. Hurry up now and make the wall mounting brackets.
Jeff
-
-
So what is the default Switch Configuration for the SG-1100?
-Rico
-
-
Can you upgrade the RAM? If not any plans on providing a version with 4 GB ram? 1 GB just doesn't cut it with pfBlockerNG and a more advanced config.
-
Not that I'm aware of
-
It's an EspressoBin board inside, RAM is soldered to the board. Now the ExpressoBin boards appear to be available in varying memory configs though.
There was a picture of the board on the twitter announcements.
-
@grimson You might have a point there, I just checked my pfSense which is running in a VM at the moment and I'm looking at this below. I'd be running just under 80% memory usage on the SG1100 looks like? Seems like bandwidthd is a hog according to top, could dump that.
Memory usage 38% of 2002 MiB
SWAP usage 20% of 1022 MiB -
Can you upgrade the RAM? If not any plans on providing a version with 4 GB ram? 1 GB just doesn't cut it with pfBlockerNG and a more advanced config.
Does pfBlockerNG use that much though? Perhaps it depends on the aliases being held in memory. We generally have a few rules that "allow from the US" so don't have a lot of active pfBlockerNG aliases.
I looked at a couple routers and one on a SG-3100 without packages is around 200 MB, while a PC running pfBlockerNG and Suricata is around 730 MB it says. Another SG-1100 running pfBlockerNG and Suricata is around 500 MB currently.
Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
Upvote 👍 helpful posts! -
Maybe I'm not sure what to look at, I'm not super familiar with reading the top command
Memory usage reported on dashboard 38% of 2002 MiB
Top results are;
Mem: 177M Active, 1116M Inact, 160M Laundry, 396M Wired, 199M Buf, 101M Free -
FreeBSD will grab free memory to use for things like caching so you can't always go by specifically how much is used and free as a guide. Free RAM is wasted RAM, they say.
Odds are your memory needs are lower than the used % shown, but that isn't necessarily true 100% of the time.
-
@teamits said in SG-1100:
Does pfBlockerNG use that much though? Perhaps it depends on the aliases being held in memory. We generally have a few rules that "allow from the US" so don't have a lot of active pfBlockerNG aliases.
Well I monitor memory usage with telegraf, and during normal operations it uses between ~600 and ~900 MB (not including buffers). But when pfBlockerNG updates it lists (with TLD enabled) the memory usage (again without buffers) goes up to ~1400 MB with spikes to ~1800 MB. So this would likely force the SG-1100 to swap, which IMHO is a no-no for a firewall.
For reference I'm using GeoIP, the PRI1 IP feeds for IPv4 and IPv6 and DNSBL for adblocking, so my lists aren't insanely huge. I also don't use any kind of IPS/IDS which would increase memory usage too. And that's a setup I would recommend for home users.
Also just to make it clear, I have no personal interest in buying any of the appliances for myself, as I'm a firm believer of using standard components to build all my PC devices by myself. Though I'm still looking for a IMHO good Netgate appliance I could recommend with a clear conscience to home users around me.
And all of this is obvious only my personal preference and opinion.
-
when pfBlockerNG updates it lists (with TLD enabled) the memory usage (again without buffers) goes up to ~1400 MB
Hmm, interesting. I usually have the updates running early morning so don't ever see that.
I was looking at Memory Usage on the dashboard/home page.
I don't see that the 3100 even has swap so I doubt the 1100 does.
-
@teamits said in SG-1100:
I don't see that the 3100 even has swap so I doubt the 1100 does.
SSH in and run top. I bet you will see swap there.
-
SSH in and run top. I bet you will see swap there.
Actually I did that, just didn't post it:
Mem: 17M Active, 317M Inact, 193M Wired, 82M Buf, 1461M Free
Swap:PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND
4364 unbound 2 20 0 54780K 37068K kqread 1 17:23 0.34% unbound
...Filesystem Size Used Avail Capacity Mounted on
/dev/diskid/DISK-E6E28698s2a 7.0G 930M 5.5G 14% /
devfs 1.0K 1.0K 0B 100% /dev
/dev/diskid/DISK-E6E28698s1 34M 2.0M 32M 6% /boot/u-boot
/dev/md0 3.4M 124K 3.0M 4% /var/run
devfs 1.0K 1.0K 0B 100% /var/dhcpd/dev -
SG-1000 only had 512MB RAM, no swap, and people still managed to run things like that on there.
-
Any thoughts on adding an internal LTE module?
-
Any thoughts on adding an internal LTE module?
Looks like it's a "NO", because there's no internal sim slot to talk to an internal LTE modem module. Here's some Reddit posts about it:
https://www.reddit.com/r/PFSENSE/comments/adj0jb/announcing_netgates_espressobinbased_sg1100/edhzaah
This box has a couple of USB ports, so an external LTE solution should work...
Jeff
-
If you need a LTE connection, my suggestion would be to get a LTE modem that hands it off via ethernet.. This removes any need for freebsd support for the device.
-
@akuma1x Thanks for the info
