SG Series desktop appliances


  • Galactic Empire Netgate Administrator

    PAGE UPDATE IN PROGRESS

    SG series desktop appliances at-glance. You can purchase official pfSense appliances from our store.

    SG-3100

    • ARM v7 Cortex-A9 @ 1.6 GHz with NEON SIMD and FPU
    • 2GB DDR4L
    • 8GB eMMC Flash
    • 2x 1 Gigabit Ethernet Ports, configured as dual WAN or one WAN one LAN. Four-port 1 gbps Marvell 88E6141 switch, uplinked at 2.5 gbps to the third port on the SoC for LAN.
    • SOHO / remote worker application

    ![](https://i.imgur.com/H8hYCXU.png]<br /><br />[b]SG-2440[/b]<br /><br />- Intel Atom 1.7 GHz 2-Core<br />- 4GB DDR3L<br />- 8GB eMMC Flash<br />- 4x Intel 1GbE<br />- Small and Medium Business / Gigabit speeds<br /><br />[img]http://i.imgur.com/GwMCrV6.png[/img]<br /><br />[b]SG-4860[/b] - EOS<br /><br />- Intel Atom 2.4 GHz 4-Core<br />- 8GB DDR3L<br />- 32GB eMMC Flash<br />- 6x Intel 1GbE<br />- Small and Medium Business / Gigabit speeds<br /><br />[img]http://i.imgur.com/HNnyEO0.png[/img]<br /><br />Ask any questions you may have about these units!)



  • What the heck is going on with Netgate pricing in the past few months? The 2220 and 2440 both doubled in price to $887 and $1137 respectively. The prices were premium before, but this is just absurd.


  • Galactic Empire Netgate Administrator

    @paftdunk:

    What the heck is going on with Netgate pricing in the past few months? The 2220 and 2440 both doubled in price to $887 and $1137 respectively. The prices were premium before, but this is just absurd.

    It's because of bundled support, select community support for old pricing!



  • I see the new SG-3100 is coming out.  Is this compliant with the v2.5 AES-NI requirement?  From what I can find, it isn't, but I would like to confirm before purchase.  Thank you!


  • Galactic Empire Netgate Administrator

    @gjkjunk:

    I see the new SG-3100 is coming out.  Is this compliant with the v2.5 AES-NI requirement?  From what I can find, it isn't, but I would like to confirm before purchase.  Thank you!

    Yes, it's compatible. All Netgate / pfSense hardware has AES-NI or its own cryptographic accelerators required for 2.5.



  • will the SG3100 show all interface as assignable in software or 3 interface with the 3rd only acting as a dumb switch. not worried about the bandwidth limitation if they are assignable.


  • Galactic Empire Netgate Administrator

    Each port can be assignable, switch supports VLAN's.



  • @ivor:

    Each port can be assignable, switch supports VLAN's.

    Sorry for the naive follow-up, I haven't used pfSense in ages and have recently been looking to return; does this mean the 4 switched ports can be used as individual ports/networks (e.g. LAN, DMZ1, DMZ2) and traffic can be routed via firewall policies between them?

    Also, is the SG-3100 capable of handling synchronous Gigabit traffic? I'm asking about basic NAT/PAT traffic, anything encrypted (IPsec) will be restricted to around 30-40Mbps as that's all the remote side would be capable of.

    Thanks,
    -Alex


  • Galactic Empire Netgate Administrator

    Sorry for the naive follow-up, I haven't used pfSense in ages and have recently been looking to return; does this mean the 4 switched ports can be used as individual ports/networks (e.g. LAN, DMZ1, DMZ2) and traffic can be routed via firewall policies between them?
    

    Yup!

    Also, is the SG-3100 capable of handling synchronous Gigabit traffic? I'm asking about basic NAT/PAT traffic, anything encrypted (IPsec) will be restricted to around 30-40Mbps as that's all the remote side would be capable of.

    Yes, device can do up to a gigabit synchronous. IPsec maxes out around 300mbps, while OpenVPN throughput is up to 95Mbps.



  • Excellent, thanks… I think I'll be placing my order soon enough!


  • Galactic Empire Netgate Administrator

    Thank you!



  • Considering SG3100. Is it only a single core CPU? (thought it was a dual/quad core)

    What do I need to know about the factory Gold version in a year when it expires? I would not be renewing the Gold subscription, but would want to continue to use the hardware, and I would want to continue to be able to apply incremental patches and even whole version (2.5) upgrades after that 1 year period. Would I have to wipe and install the community version? Does it just drop functionality to community version? Does it stay at the current version and no further patches / upgrades will apply?

    thanks!


  • Galactic Empire Netgate Administrator

    The SG-3100 will have a recovery partition which will allow you to always reinstall your SG-3100 without downloading images. You will always be able to use the factory version, not Community Edition.



  • Currently I'm running a test vm on a host that is overkill and want to replace it. I'm looking for new hardware and I don't want to build it. It has to be fanless and low power. I want to buy something that is future-proof and can't figure out what packages you can run.

    I've read that the ipsec vpn throughput of the SG-3100 is about 300 mbps. I'm not sure if this is a Netgate statement or confirmed in an actual test. My internet is 200 mbps down, but looking to upgrade to 400 mbps.

    I want to install these packages:

    • VPN ipsec (all outbound traffic)

    • pfBlockerNG

    • snort or suricata

    • Freeradius2

    Optional package:

    • HAVP

    Would these packages work on a SG-3100 without loss in performance?
    Or should I get a SG-2440/SG-4860? Any other suggestions?

    https://www.netgate.com/support/supported-pfsense-packages.html

    • snort SSD/HDD is strongly recommended

    • suricata SSD/HDD is strongly recommended

    Do I also need a mSATA?

    Thanks!


  • Galactic Empire Netgate Administrator

    Yes, those IPsec numbers are correct. SG-3100 seems like a great choice for you. As for SSD, it's recommended but not "a must". We don't sell M.2 'B' SSD options for the SG-3100 just yet (but we intend to). I suggest you try running Snort or Suricata first off internal eMMC, I doubt you will have issues.



  • @ivor:

    Yes, those IPsec numbers are correct. SG-3100 seems like a great choice for you. As for SSD, it's recommended but not "a must". We don't sell M.2 'B' SSD options for the SG-3100 just yet (but we intend to). I suggest you try running Snort or Suricata first off internal eMMC, I doubt you will have issues.

    Will the SG-3100 start shipping today?



  • @ivor:

    The SG-3100 will have a recovery partition which will allow you to always reinstall your SG-3100 without downloading images. You will always be able to use the factory version, not Community Edition.

    hmm that's too bad. There are too many vulnerabilities regularly discovered to make the factory image useful for more than a few months, never mind the lifetime of the hardware. So, unless you are will to stay subscribed to gold, This device is not really worth considering.


  • Galactic Empire Netgate Administrator

    I'm not sure what you mean. Can you explain?



  • If I order an SG3100 on Nov1/2017 (assuming it has a 11-1-2017 recovery image on it)
    I happily use it, under included gold subscription, applying upgrades and patches for a year, and on 11-1-2018 my gold subscription runs out. My options are 1) pay another 100+ US$ for another one year of gold subscription, or 2) revert it to the "factory image", from 11-1-20-17. To me, only the first option is worth considering.

    I was hoping there would be a third option, Don't pay for another year of gold, yet continue to run it (without any of the gold bonuses) like community edition, applying updates and fixes moving forward.


  • Galactic Empire Netgate Administrator

    I'm not sure if you understand but you will be able to run the factory supplied install and receive updates after your subscription expires. Once your subscription expires you can:

    • continue to use and update your device normally.
    • use the previously supplied SG-3100 image (you can download it from our portal and use it for re-install even after your subscription expires).


  • Well, that sounds more like what I expected. So once the 1 year subscription expires, what exactly is the downside of not buying another year of gold?


  • Galactic Empire Netgate Administrator

    No downsides, you can continue to use the device.



  • @ivor:

    Yes, it's compatible. All Netgate / pfSense hardware has AES-NI or its own cryptographic accelerators required for 2.5.

    Hi Ivor, do you know which Advanced/Miscellaneous/"Cryptographic Hardware" option to use for the SG-3100? (hardware shows Crypto: Marvell Cryptographic Engine and Security Accelerator)

    (we restored a configuration from other hardware to it before checking the default setting, unfortunately)


  • Galactic Empire Netgate Administrator

    Does it show none? No need for any just yet.



  • Yes, I can pick None.  I just thought there should be an applicable choice since there is apparently the hardware for it.



  • I found two SG-3100s today and both are set to "BSD Crypto Device (cryptodev)" so I gather that is the default/correct setting.



  • Hello I am totally new to pfSense and dont have too much experience with network equipment and terms. I need a router for a 1gbps up and down connection, we'll be 2-3 users, will this be a good option?

    It says 1gbps but does that mean that technically I would be able to upload at 1gbps while also downloading at the same speed? Or does 1gbps mean total?

    Also, we play games pretty competitively which require good latency, are there any reasons why this would be a poor choice for that?  Would it be better?

    Any kind of tips appreciated



  • @mrdoork:

    Hello I am totally new to pfSense and dont have too much experience with network equipment and terms. I need a router for a 1gbps up and down connection, we'll be 2-3 users, will this be a good option?

    It says 1gbps but does that mean that technically I would be able to upload at 1gbps while also downloading at the same speed? Or does 1gbps mean total?

    Also, we play games pretty competitively which require good latency, are there any reasons why this would be a poor choice for that?  Would it be better?

    Your message isn't quite clear which Netgate router you're asking about…the SG-3100?  (https://www.netgate.com/solutions/pfsense/sg-3100.html)  We've installed a few already, have one for our building, and even used one as a temporary router in our data center (long story) with no performance issues.  A 1 Gbps port can generally do that both up and down in full duplex mode but it also depends on your switch (or router, whatever is next in the chain) and of course your Internet connection which is likely slower than that.  Latency is probably far more dependent on your Internet connection than the router.



  • oh yeah sorry, I meant sg-3100 yes I forgot theres more in the series..

    But yeah great, I think I'll just go for this then it looks pretty good



  • @ivor:

    The SG-3100 will have a recovery partition which will allow you to always reinstall your SG-3100 without downloading images. You will always be able to use the factory version, not Community Edition.

    @ivor - Why not able to use the Community Edition?

    What is the main differences between Factory & Community Edition?

    tia,
    hud


  • Galactic Empire Netgate Administrator

    This was discussed many times, there are no differences from factory and community edition apart from device specific tuning on factory and AWS / IPsec wizards. Community edition is a way to differentiate official appliances from 3rd party ones.



  • Thanks! Buying sg-3100 right now


  • Galactic Empire Netgate Administrator

    Thank you! Let us know your experience with SG-3100 :)


Locked
 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy