Better option for $$$ than Protectcli FW6C with 16GB ram & 512GB M2?

chrismacmahon

The SG-5100 would exceed your needs, at $799.

The SG-3100 would probably meet your needs, with it's everyday low price of $349.

fabrizior

@chrismacmahon
Thanks for the quick expert advise and sales pitch. Was wondering how long that'd take. :-) Impressive.

I always purchase to "exceed" current needs, y'know: tomorrow ain't today and "would probably meet my needs" just doesn't make it past the architects or the finance guys. Though I understand I didn't give you enough info to make any better of an assessment.

protectli published VPN benchmark specs for the FW6C on what I can presume is an ideal lab network of:
OpenVPN AES-256-CBC/SHA256: 580 Mbps
IPsec AES-256-GCM/SHA256: 880 Mbps
Unencrypted: 940 Mbps
Granted, there's no indication of what traffic payload they pushed or how...

Is there a corresponding NetGate benchmark for OpenVPN across the SG-*100 devices?

chrismacmahon

We are working on both Intel QuickAssist and the ARM crypto accelerator. Once those are complete I would expect speed bumps in all areas.

The numbers are similar for the SG-5100 and the device from the company that does not fund pfSense.

The SG-3100 is less.

fabrizior

Thanks @chrismacmahon.
Regarding expansion on the SG-5100:
The product sales page says
8GB eMMC Flash on board
4GB DDR4 2400 MHz DIMM (max 16 GB, 1x 260-pin SODIMM)
Expansion: 1x Mini-PCIe (PCIe), 1x M.2 2242 B/B+M (USB 3.0/SATA), 1x Nano SIM

Is there a preferred M.2 SSD, or any other details for SSD selection I should consider, besides a 42mm form factor? What does "B/B+M" mean?

After reading https://docs.netgate.com/pfsense/en/latest/solutions/sg-5100/m-2-sata-installation.html
It appears there is only one SODIMM socket. Is that correct?

Is the PCIe "expansion" slot usable? Doesn't look like there's any room for a card on the SG-5100 or XG-7100.

https://docs.netgate.com/pfsense/en/latest/solutions/sg-5100/io-ports.html
says that the Intel SoC Integrated MAC ports (IX0-IX3) don't support ALTQ traffic shaping directly and that tagged vlans should be used if that feature is desired. Is this also the case with the ETH2-ETH7 on the XG-7100?

stephenw10

B or B+M refers to the slot keying that determines what card types will fit:
https://en.wikipedia.org/wiki/M.2#Form_factors_and_keying

Any m.2 42mm SATA card should work there. It does not support NVMe.

The PCIe expansion is via a mPCIe slot.

There is one SO-DIMM slot, yes.

The AtlQ restriction applies to the ix driver on any hardware including the XG-7100. However there it's not a problem on the Eth1-8 ports as they are connected internally by VLAN anyway.

Steve

chrismacmahon

As an aside, The SG-5100 is now 699.00: https://store.netgate.com/SG-5100.aspx

fabrizior

@stephenw10 what would one typically put in the pci slot on a sg-5100? It doesn’t exactly apprar as if I could toss a 10G card in there...

stephenw10

Typically it would not be used at all.
But I imagine almost everyone who has used it would be for a wifi card. The case has antenna holes.
However I would really only do that if you happen to have the hardware available or, like me, are just testing.
WIFI hardware support in FreeBSD/pfSense is not great so a separate access point is almost always preferable.

Steve

jahonix

@fabrizior said in Better option for $$ than Protectcli FW6C with 16GB ram & 512GB M2?:

I'm supporting both residential and 12hx5d business traffic on this connection.

So you use the device somewhat professionally, right? Still consider buying something else than "dedicated" hardware from Netgate or other professional stuff like Supermicro?

If you want to buy SFP+ capable hardware today chances are, you are looking at Netgate's XG-7100 or XG-1537 1U. The latter obviously is a Supermicro chassis and I'd expect so see a Supermicro board inside as well.
If SFP+ is not yet needed then the Netgate SG-5100 wins by price.

Just my € 0,02

fabrizior

Thank you gentlemen. I appreciate your time and feedback.