SG-1000 <–> SG-3100 ..... Gap


  • Rebel Alliance

    Are there any plans for a 3 or 4 port device more akin to the APU devices.
    I want to replace multiple APU routers for the future 2.5 roll out.
    I have specific size restrictions and the SG-3100 is to large.

    Should I look at Protectli 4 Port E3845 devices? (or similar)
    Would like to buy Netgate and support the project.


  • Galactic Empire

    If two ports are enough, I strongly recommend our Minnowboard Turbot Dual-E models:

    https://store.netgate.com/MBT-2220-system.aspx

    https://store.netgate.com/MBT-4220-system.aspx


  • Rebel Alliance

    Thanks, I was looking for the extra port ideally.

    Is there a reason why these MBT's are not listed on the "pfSense Hardware Systems"?


  • Galactic Empire

    They were supposed to be official appliances, however due the HDMI bug that would take too long to fix in FreeBSD we were forced to sell hardware only. Read here https://www.netgate.com/blog/introducing-sg-2320-and-sg-2340-appliances.html

    I have quad core model, pfSense works perfect on it. It's even recognized as SG-2340 or SG-2320 as pfSense.


  • Rebel Alliance

    Thank you for your responses to my questions.
    However, I still have no suitable 3 port hardware replacement for the APU in the near future.

    I have a number of SG-1000's which are delightfully small, but they get hot in enclosed environments and also need a switch for additional Lan ports.



  • @ivor:

    … due the HDMI bug ... we were forced to sell hardware only.

    Thanks for the clarification!
    I asked about the differences some time ago but never got an answer until now.



  • @Gil:

    However, I still have no suitable 3 port hardware replacement for the APU in the near future.

    There's still the APU2 available. 3 Intel NICs and AES-NI implemented. You can even choose a version with 4GB Ram.
    Get a Gold subscription to support the project along with the APUs. Isn't it great to have a choice?


  • Rebel Alliance

    Perfect plan.
    Thanks for the tip.



  • @ivor:

    They were supposed to be official appliances, however due the HDMI bug that would take too long to fix in FreeBSD we were forced to sell hardware only. Read here https://www.netgate.com/blog/introducing-sg-2320-and-sg-2340-appliances.html

    I have quad core model, pfSense works perfect on it. It's even recognized as SG-2340 or SG-2320 as pfSense.

    Can you elaborate (or give a link) on what the HDMI issue is? The netgate post is vague and describes the issue as a show-stopper. However, you seem to have it running pfsense well.



  • You cannot use the HDMI port to output video with FreeBSD. Other than that the device should work.
    But you can't sell it commercially if an anvailable port isn't working or gives troubles.


  • Rebel Alliance Developer Netgate

    @jahonix:

    You cannot use the HDMI port to output video with FreeBSD. Other than that the device should work.
    But you can't sell it commercially if an anvailable port isn't working or gives troubles.

    Not quite. The HDMI port works fine so long as the monitor is plugged in at boot time.

    What you can't do is boot headless and then attach a monitor later to reach the console after the system is up and running. It won't have video output until the hardware is rebooted.

    If you don't care about that, or have it plugged into a KVM or HDMI switch then it's a moot point, but it was enough for us to not sell it as a firewall device directly.



  • Thank you for the details re the HDMI connection.


  • Rebel Alliance

    For my circumstances I would be happy to accept the HDMI / Free BSD issue. But the MT devices are relatively large and only have 2 x NICs.
    I still believe that Netgate has a gap in supported devices, which lies between the SG-1000 and the SG-3100.
    The APU2 appears to fill this nicely, with a small form factor, 3 x NICs, and AES-NI support.
    It will run the community version of pfSense (at least up to v2.5) and it seems that you can also purchase gold support for it –??

    Netgate used to sell APU devices with the Netgate brand. Is there a reason why they could not do this with APU2 devices?
    Is it a commercial hurdle with PC Engines?


  • Galactic Empire

    Relatively large?  I'm having trouble understanding where exactly you want to deploy these devices. I would understand if it's space station or a submarine, but Minnowboard is not relatively large, it's very small.



  • ROTFL

    @Gil:

    Netgate used to sell APU devices with the Netgate brand.

    And now they sell devices built to their specs from ADI engineering.

    You will almost always want a device with just one more port. Been there, done that.
    I'd personally use a managed switch with VLANs and "one more" will end at VLAN ID 4096…


  • Rebel Alliance

    From a networking view point, I certainly wouldn't argue. I'd no doubt be out of my depth in any case.
    However, we don't all have the luxury of installing remote devices in racks with controlled environments and unlimited power sources.
    From my perspective; pfSense provides more than an opportunity for an Enterprise level solution, but it also filters down to very hardy, small & inexpensive devices that will do incredible things.

    I am interested in the comment about ADI building for PC Engines. I have no idea about who is providing the engineering for what.
    I don't wish to tread on any toes regarding the politics of hardware development, I just want maximum choices & also to see the project continue through appropriate support.


  • Galactic Empire

    No, ADI doesn't build for PC Engines. We use ADI Engineering as manufacturer.



  • @Gil

    However, I still have no suitable 3 port hardware replacement for the APU in the near future.

    You will be able to go with the pfSense SG-2440 as you need one or two ports more! In the other way please
    accept that the development and engeenering team is working hard on newer devices, but to solve them all
    they are doing here and there something that all users, customers and clients will be sorted right. Please
    accept this. For sure the newer ARM devices range or further series will be a first try out and yes, for small
    companies this can be really different to hit the right point or value the most of us have. I am pretty sure
    that they will not leace the other alone, but lokking what is going on exactly now in time I mean, is also
    really urgent;

    • C2000 Serie was out
    • AES-NI, QAT and DPDK are on the road
    • ARM support was comming and each pfSense image must be more then for other platforms matching the only
      one platform due to drivers and other things, so there is no way to offer a small pfSense genric ARM image!!!
    • ARM64 support is on the road
    • C3000 platform is under construction and testing
    • Rewriting pfSense 3.0 and totally new from the sratch

    Perhaps we will see at one day something between this both units (SG-1000 and SG-3100) others vendors
    as SolidRun ClearFog Base and Pro will be offering that "gap" between those units too! So it is not only able
    to tend on the pfSense it selfs.

    So you see it will be happen all at this time and if the pfSense version 3.0 will be done I think they will have more
    time to solve other things as you and others are asking here.

    For my circumstances I would be happy to accept the HDMI / Free BSD issue. But the MT devices are relatively large and only have 2 x NICs.

    MT divices are coming with one or two ports and you wish to have one more then three ports, is this right?

    I still believe that Netgate has a gap in supported devices, which lies between the SG-1000 and the SG-3100.

    If there will be at one day a smalle ARM based unit that will be able to delivers 2, 3, 4 and 6 Ports you will be
    impressed, but only because you are asking they don´t do it. And ARM64 support is also on the road!

    The APU2 appears to fill this nicely, with a small form factor, 3 x NICs, and AES-NI support.

    You may be able to get another different case and inserting a miniCPie card that is offering dual GB LAN Ports.

    It will run the community version of pfSense (at least up to v2.5) and it seems that you can also purchase gold support for it –??

    With each hardware from here or there you will be able to get a Gold membership if you are interested in! It is hardware
    indipendent thing as I am right informed and will support the project.

    Netgate used to sell APU devices with the Netgate brand.

    When and where this was done?
    APU1C4 DIY Kit

    This kit was sold in the netgate sjop, but as a APU1Cx kit and nothing to do with netgates
    others prodcut range or hardware in their shop. Other do as well here in Germany, they were
    selling products from PC Engines, Soekris and MikroTik like their customers were asking for.

    Is there a reason why they could not do this with APU2 devices?

    What should they do with the APU2Cx platform? You and me, if we both are running a real shop or company
    will be able to call PC Engines and order perhaps >1000 units from them, to sell them then in our shop,
    company or over elsewhere without any issues or hassle. They are rpoducing and selling now their own
    hardware nothing more and nothing less.

    Is it a commercial hurdle with PC Engines?

    Why? They sell to everyone such as private or business clients without any problems.


  • Rebel Alliance

    Thanks for the reply and all the info.

    In answer to your question about the Netgate APU purchases, they were done as complete units - not the kit: (APU1d4)

    http://store.netgate.com/mobile/APU4.aspx

    I install this equipment in remote sites under harsh climates. The APU routers have performed very well - reaching extreme CPU temperatures that would boil water.
    This is also a concern for the thermal properties of an SG-1000; there is not much room for natural air convection. Has anyone enhanced the heatsink on an SG-1000 ?

    Regarding the Minnow options:
    The MBT units don't have 3 ports, which means I need to add additional hardware for a second LAN port - there is very limited room in the security boxes.

    My comments are not meant as criticisms, I am very impressed with the hardware that has been available and with the pfSense developments. I am simply conveying my perspective as a user (albeit - one who pushes the envelop of endurance a little).



  • When are new x86 models coming out. I'm concerned about being able to run only arm binaries on these new models.


Log in to reply