New to pfSense & SG-3100 - first impressions
dr.spaceman last edited by dr.spaceman
tl;dr it rocks.
I've had the SG-3100 for a few weeks now and I'm brand new to pfSense. I have to say I very impressed with both pfSense and the 3100.
First off, I saw a number of questions here and elsewhere before I purchased the SG-3100 on whether it can handle gig internet speeds. One of the first things I tested was throughput with iPerf. With a basic config, I hit 940 Mpbs with ease. The processor only hit 42% using default iPerf settings. I don't have a gig Internet pipe so I used iPerf.
I now am running Unbound as a resolver and pfBlockerNG with some ad blocking lists, as well as some Geo blocking lists and a few threat lists (both in and outbound), along with an IPSec server, DHCP server, and "default" Snort in passive mode (I'm just observing/playing with it), and a few VLAN's. I haven't yet repeated the iPerf tests, but I have hit 500 Mpbs down/32 Mbps up on a 300/30 pipe with all that running. It did push the processor to 80% at one point, but RAM never went above 11%.
Unbound as a resolver on this thing, even though it is a small network, is snappy. I previously used a nice SOHO/small business class router with Pi-hole on a Raspberry Pi (as a forwarder). When I first added Pi Hole with the old router I had, it made a noticeable improvement in web page load time. pfSense with pfBlockerNG is even faster, even as a resolver instead of a forwarder.
The granualarity in the configuration is awesome. The firewall capabilities are phenomenal and the alias feature is pure gold. I have an IoT VLAN and have been able to lock all the devices down nicely and with ease. I have one stupid IoT device that has hard coded DNS and NTP that can't been changed and that loves to fill up my logs with constant and pointless DNS and NTP requests, but I have been able to intercept those requests and force it to use the 3100 for those services.
I'm using DDNS as well and the setup was easy and flawless - and you get like 30 provider choices! The logs are great and easy to use to figure out what's going on on your network. The widgets on the home page are nice and the built in "diagnostics" utilities are quite useful.
I still have a lot of things to learn and try, but I must tip my hat to the guys at Netgate! Incredible work!