SG-1000 microFirewall Optical Illusion



  • INTRODUCING THE
    SG-1000
    microFirewall

    https://netgate.com/products/sg-1000.html

    Optical illusion.


  • Banned

    Wow. Over 100 Mbps throughput. Released just in time to be obsoleted by the average cable internet bandwidth offering.



  • Looks interesting. The inclusion of a Gold Subscription is nice.

    I would expect a bit more bandwidth. My Asus RT-N66U with a 600Mhz MIPS can push over 200Mbit as a router, though it is running Linux.

    With things like the ER-X for ~$50, I dunno if I can justify this SG-1000. I am glad to see new offerings though.

    The optical illusion definitely caused me some confusion… :)


  • Banned

    This may be an excellent box to run Asterisk on.



  • I think they should start an Evangelist program where they give free units to any forum member with more than +4000 posts and +468 karma…



  • @KOM:

    I think they should start an Evangelist program where they give free units to any forum member with more than +4000 posts and +468 karma…

    ;)

    In all seriousness though, I have messaged pfSense employees saying that exact thing. Encouraging forum members to participate by creating educational threads focused on current hardware/features would be great.

    Very often, people mention the community around a project being a major influence when deciding what product to use.



  • I think this is an excellent option; something I've long awaited.  I'd not hesitate to deploy this at our small branch offices; most have 10 or so users and a 20Mbps tops WAN connection.. Even the SG-2220 is overkill for that.  I'd rather buy two of these for the same price and have a failover pair.


  • Administrator

    @sirozha:

    Wow. Over 100 Mbps throughput. Released just in time to be obsoleted by the average cable internet bandwidth offering.

    There are plans to improve the bandwidth, but current technical limitations have to be overcome. Gigabit nics are on there for a reason.


  • Administrator

    @Nullity:

    @KOM:

    I think they should start an Evangelist program where they give free units to any forum member with more than +4000 posts and +468 karma…

    ;)

    In all seriousness though, I have messaged pfSense employees saying that exact thing. Encouraging forum members to participate by creating educational threads focused on current hardware/features would be great.

    Very often, people mention the community around a project being a major influence when deciding what product to use.

    I agree, we could experiment with some neat things like that.

    FWIW, I started toying around with the idea of recognizing pfSense Gold members in their forum bio again. Hopefully I can make some headway on that.



  • I like it, I wonder how it will compare to the upcoming Minnow Board.



  • @KOM:

    I think they should start an Evangelist program where they give free units to any forum member with more than +4000 posts and +468 karma…

    Here.  Let me fix that for you…

    ... and 0 smite.



  • This thing looks awesome.

    I have a Supermicro A1SRi-2558F in an Akasa fanless case.  8GB RAM and an SSD.  I use the device as the router for our FiOS 150/150 at our house.  There are 6 of us and a lot of devices.  I run Squid / SquidGuard to keep track of the kids and run OpenVPN so I can easily connect from work.

    I know my current system is probably overkill but would the microfirewall be too under-powered?  It would be neat to sell my system and replace it with this super low power device that still runs pfSense.

    Chad



  • @Nullity:

    With things like the ER-X for ~$50, I dunno if I can justify this SG-1000. I am glad to see new offerings though.

    The Edge router line is very interesting and may meet the needs of some folks but the gui is sadly lacking and trying to use the command line is very frustrating when you only do it a couple times a year. Wife took one look at it and said "nope" keep looking, not because she couldn't deal with it but because she is retired and doesn't want to have to.

    I feel I gave my Edge Routera reasonable effort hoping to have a cheap, low power and fast replacement for my SmoothWall on an old Dell GX-110 SFF box but the amount of effort required when changes needed made was just too high. I initially moved to pfSense on my old Dell, replaced the Dell with an HP 7900 SFF and now have an SG-2440 that met all my requirements but cheap. On the other hand it is dead simple to use and the wife feels she could keep it working as easily as a consumer grade router if I keel over.



  • @cwagz:

    This thing looks awesome.

    I have a Supermicro A1SRi-2558F in an Akasa fanless case.  8GB RAM and an SSD.  I use the device as the router for our FiOS 150/150 at our house.  There are 6 of us and a lot of devices.  I run Squid / SquidGuard to keep track of the kids and run OpenVPN so I can easily connect from work.

    I know my current system is probably overkill but would the microfirewall be too under-powered?  It would be neat to sell my system and replace it with this super low power device that still runs pfSense.

    Chad

    Maybe the 512MB of RAM would be a limitation and perhaps the 150Mbps+ statement might put it at the top of its capabilities with your FiOS.  If I still had my 50x5 cable connection I'd be all over it though.


  • Banned

    What's USB OTG for?



  • @sirozha:

    What's USB OTG for?

    Connecting USB OTG devices.



  • I wonder what the J8 header is for…Maybe some gpio pins.


  • Banned

    @NOYB:

    @sirozha:

    What's USB OTG for?

    Connecting USB OTG devices.

    Care to elaborate?


  • Netgate


  • Banned

    @Derelict:

    https://www.google.com/search?q=USB+OTG&ie=utf-8&oe=utf-8

    ??

    Thanks for posting the link because I don't know how to use Google.

    Now, all the sarcasm aside, I guess the original question was, How is a USB OTG port on something that's essentially a mini computer different from a traditional USB port that has been a fixture on computers for over a decade now? What USB device can I connect to this USB OTG port that I cannot connect to a USB port not labeled OTG on any other computer?

    OTG could mean this device can be powered via the USB port. Can it?



  • most arm devices are usb-slave only (like you cell phone). usb-otg means they can be both slave or master / your average pc can not be a slave, it is always a master ( the terminology is probably wrong, but thats how i perceive the whole OTG thing)



  • @sirozha:

    What USB device can I connect to this USB OTG port that I cannot connect to a USB port not labeled OTG on any other computer?

    An example might be connecting it to a regular PC and being able to mount the filesystem, in addition to being able to use the port as a regular USB port; i.e connecting flash storage or something.  I don't know what it's for, really, since there's already a USB console port next to it as far as I can tell.  Maybe for firmware updates or something?



  • @sirozha:

    This may be an excellent box to run Asterisk on.

    Asterisk already runs great on Raspi3 :)



  • @jdillard:

    @sirozha:

    Wow. Over 100 Mbps throughput. Released just in time to be obsoleted by the average cable internet bandwidth offering.

    There are plans to improve the bandwidth, but current technical limitations have to be overcome. Gigabit nics are on there for a reason.

    Cool!  I've been craving a portable pfSense firewall/router for traveling.  The SG-1000 will fit the bill if it's beefy enough to install a few packages like pfBlocker.  I'm looking to improve my travel router/firewall/AP setup.  I currently use a Linksys WRT-54GS with dd-WRT for travel.



  • @stan-qaz:

    The Edge router line is very interesting and may meet the needs of some folks but the gui is sadly lacking and trying to use the command line is very frustrating when you only do it a couple times a year.

    Since Chris switched over to Ubiquiti, i hope he can get involved in the GUI development, to see a better one in the Edge-Line.



  • Asterisk already runs great on Raspi3 :)

    But now you will be also able to install a pfSense on that small SG-1000 and set it up as a small Captive Portal
    into existing networks, also a separate Radius Server is able to set up fast and/or a log server that is secured
    "like" a firewall will be nice to see in many companies to save their log files, also able to think about is you may
    need sometimes a smaller or or little device for doing sniffing or with some network tools measuring from an
    other point in the network likes you PC or laptop so that small SG-1000 is really interesting for many peoples
    as I see it right.

    The Edge router line is very interesting and may meet the needs of some folks but the gui is sadly lacking and trying to use the command line is very frustrating when you only do it a couple times a year.

    they have some nice small to bigger router devices that would be fine rocking together with pfSense in
    my eyes as a firewall only option and for sure it will be also looking likes a real router or firewall.

    Since Chris switched over to Ubiquiti, i hope he can get involved in the GUI development, to see a better one in the Edge-Line.

    Wich Chris was switching over to what? Is Chris Buechler now working at UBNT now? Or do you mean
    he is switching over to that smaller UBNT routers? Would you please so friendly and tell me something about.



  • @BlueKobold:

    Since Chris switched over to Ubiquiti, i hope he can get involved in the GUI development, to see a better one in the Edge-Line.

    Wich Chris was switching over to what? Is Chris Buechler now working at UBNT now? Or do you mean
    he is switching over to that smaller UBNT routers? Would you please so friendly and tell me something about.

    in case you missed this: https://forum.pfsense.org/index.php?topic=114659.0;all



  • @sirozha:

    This may be an excellent box to run Asterisk on.

    I suppose if you like to edit the config files by hand. I say this because you wont have enough ram to use freepbx without it paging constantly. Actually I'm thinking of the pogoplugs 128MB of ram that's insuffucient so I guess 512 would be enough but it still seems a bit expensive for this purpose. A rpi3 is superior and cheaper. The only advantage this thing has is disk on module which I'm unsure if it's more reliable then flash memory or not.
    The second nic don't really serve any purpose for asterisk.



  • I just ran across the info on this little device. I am going to assume that it will run the latest, greatest version of pfSense? I have been trying to deal with the limited amount of power that I get from a 30A connection (I live in my travel trailer when I am working contracts). I was thinking about the J19000 because the price was do-able and the power very do-able.

    In the end, this device might might fit the bill, because I can connect the WAN to my cable modem and the LAN could be connected to my Nighthawk AC1900 since I can create VLAN and connect small switches for very network needs. So I guess this is going to be on the list when the device is available. I guess I would have like to have seen 1 or 2 Gb (because memory is cheap), same with the eMMC. I can pay $27 for a 32Gb, but I am sure that I will do just fine with 512M/4GB.



  • Sorry to ask again, but will the SG-1000 support packages?  Looking for very basic pfBlocker, FreeRADIUS.  Snort/Suricata would be a dream but doubt it.

    I may have to bump it up to the SG-2220 as a good, portable travel pfSense setup if the SG-1000 isn't beefy enough.  (I'm looking to build a nice solution for when I travel and stay in hotels/conferences/family homes and am currently using a DD-WRT setup, which is wonderful for Wi-Fi/repeating/client/AP but lacks the full UTM setup I can get in pfSense.)


  • Rebel Alliance Developer Netgate

    yes, it will support some packages. Exactly which ones we have not fully defined yet. Snort/suricata are highly unlikely.



  • Very nice.

    I'll wait until they get offered without the Gold subscription and under $80.

    (You can get a mini system with quad core N3150 with dual nics for $170).

    You need to make money, I know, but the competition is fierce.

    @NOYB:

    INTRODUCING THE
    SG-1000
    microFirewall

    https://netgate.com/products/sg-1000.html

    Optical illusion.



  • You can get a mini system with quad core N3150 with dual nics for $170

    With 2+ GB RAM, 32 GB SSD and not from some fly-by-night company?



  • AsRock is not a flyby company that I know?

    You should know that most motherboards are made by the same handful of companies, so quality is not really an issue anymore.

    I am willing to spend $60 more dollars for the memory and the ssd, in a system that will be 4x as powerful.

    I am all about open/standard components so you can fix/replace them yourself.

    @KOM:

    You can get a mini system with quad core N3150 with dual nics for $170

    With 2+ GB RAM, 32 GB SSD and not from some fly-by-night company?



  • Cool, I ordered one.

    I was wondering when we'd see ASIC stuff in networking gear.



  • If I were to push a pair of these into service as an OpenVPN client and server, can anyone guess at the throughput, assuming a good connection.

    What is the purpose of the sd-card?



  • What is the purpose of the sd-card?

    That's probably the boot drive.



  • I think they should start an Evangelist program where they give free units to any forum member with more than +4000 posts and +468 karma…

    I used to use a 6in4 tunnel, from gogo6 to get IPv6.  They sent me one of their hardware adapters for free, because of all the help I was providing in the forum.  They even wanted me to go to Los Angeles, to make a presentation at an IPv6 conference, but I passed on that.

    I never used that adapter though as, at that time, my firewall was openSUSE Linux on which I ran their tunnel software.  They apparently shut down the tunnel shortly after my ISP started offering IPv6 last spring.



  • Maybe someone can direct me to a different thread, but this is ARM processor? Which generation ARM? Does this mean you can put pfSense on Pi?

    I know there was no ARM processor support for pfSense in the past.


  • Rebel Alliance Developer Netgate

    @uknownme123:

    Maybe someone can direct me to a different thread, but this is ARM processor? Which generation ARM? Does this mean you can put pfSense on Pi?

    I know there was no ARM processor support for pfSense in the past.

    Yes it is ARM. No it does not mean you can (or would want to) run pfSense on a Pi.

    It only means that this one specific ARM device will work.


Locked