SG-1100
-
@teamits said in SG-1100:
Does pfBlockerNG use that much though? Perhaps it depends on the aliases being held in memory. We generally have a few rules that "allow from the US" so don't have a lot of active pfBlockerNG aliases.
Well I monitor memory usage with telegraf, and during normal operations it uses between ~600 and ~900 MB (not including buffers). But when pfBlockerNG updates it lists (with TLD enabled) the memory usage (again without buffers) goes up to ~1400 MB with spikes to ~1800 MB. So this would likely force the SG-1100 to swap, which IMHO is a no-no for a firewall.
For reference I'm using GeoIP, the PRI1 IP feeds for IPv4 and IPv6 and DNSBL for adblocking, so my lists aren't insanely huge. I also don't use any kind of IPS/IDS which would increase memory usage too. And that's a setup I would recommend for home users.
Also just to make it clear, I have no personal interest in buying any of the appliances for myself, as I'm a firm believer of using standard components to build all my PC devices by myself. Though I'm still looking for a IMHO good Netgate appliance I could recommend with a clear conscience to home users around me.
And all of this is obvious only my personal preference and opinion.
-
when pfBlockerNG updates it lists (with TLD enabled) the memory usage (again without buffers) goes up to ~1400 MB
Hmm, interesting. I usually have the updates running early morning so don't ever see that.
I was looking at Memory Usage on the dashboard/home page.
I don't see that the 3100 even has swap so I doubt the 1100 does.
-
@teamits said in SG-1100:
I don't see that the 3100 even has swap so I doubt the 1100 does.
SSH in and run top. I bet you will see swap there.
-
SSH in and run top. I bet you will see swap there.
Actually I did that, just didn't post it:
Mem: 17M Active, 317M Inact, 193M Wired, 82M Buf, 1461M Free
Swap:PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND
4364 unbound 2 20 0 54780K 37068K kqread 1 17:23 0.34% unbound
...Filesystem Size Used Avail Capacity Mounted on
/dev/diskid/DISK-E6E28698s2a 7.0G 930M 5.5G 14% /
devfs 1.0K 1.0K 0B 100% /dev
/dev/diskid/DISK-E6E28698s1 34M 2.0M 32M 6% /boot/u-boot
/dev/md0 3.4M 124K 3.0M 4% /var/run
devfs 1.0K 1.0K 0B 100% /var/dhcpd/dev -
SG-1000 only had 512MB RAM, no swap, and people still managed to run things like that on there.
-
Any thoughts on adding an internal LTE module?
-
Any thoughts on adding an internal LTE module?
Looks like it's a "NO", because there's no internal sim slot to talk to an internal LTE modem module. Here's some Reddit posts about it:
https://www.reddit.com/r/PFSENSE/comments/adj0jb/announcing_netgates_espressobinbased_sg1100/edhzaah
This box has a couple of USB ports, so an external LTE solution should work...
Jeff
-
If you need a LTE connection, my suggestion would be to get a LTE modem that hands it off via ethernet.. This removes any need for freebsd support for the device.
-
@akuma1x Thanks for the info
-
@akuma1x Thanks for the info
Honestly, and I forgot about those, I would go like @johnpoz suggests - 4G LTE thru ethernet. However, you're talking about $90 - $300 brand new from Amazon, from the likes of Cradlepoint, Huawei, MoFi, and KuWFi. Used are on ebay, but I would still stick with something from Cradlepoint.
Here's an old conversation from the forum talking about a failover interface utilizing a Cradlepoint modem.
https://forum.netgate.com/topic/76584/multi-wan-setup-with-4g-cradlepoint-not-working/17
Jeff
-
Is it still advisable to edit the xml file for the vlan config?
I had lotsa issues in porting an APU2 config to a SG-1100. -
Is it still advisable to edit the xml file for the vlan config?
I had lotsa issues in porting an APU2 config to a SG-1100.Splicing that in will speed things up considerably, so it's still a good idea. Same with any of the switch-based units. After you import you should be able to create the tags and then assign them, then apply and it will reboot, but hand editing the config is faster if you know how.
Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!
Need help fast? Netgate Global Support!
Do not Chat/PM for help!
-
@jimp wouldn‘t this be a great hangout topic?
Moving from homemade XY to Netgate integraded Switch Hardware or vice versa.
config.xml VS GUI
Since more and more Netgate devices with Switch pop up I think this question will come more often now?
I‘d enjoy it.
-Rico
-
@jimp Is it worth considering writing a script to edit the config file? I can see a lot of users migrating configs
-
@jimp Is it worth considering writing a script to edit the config file? I can see a lot of users migrating configs
If it is more than a find replace for interface names I might be interested. I've done the find/replace before and the hard part was knowing what the new ones were.
For some strange reason the video out on my box I generally run pfSense in (when it's not in a VM) is cut off at the bottom and I can't see the command line to do the adapter select/replace when restoring a foreign config. Tried overscan adjustments etc and didn't work, please don't @ me here, don't want to clutter this thread up.
But anyway, yes I'm interested in this process.
-
If it is more than a find replace for interface names I might be interested. I've done the find/replace before and the hard part was knowing what the new ones were.
I was kind of thinking that the script would pull the interface settings from the "new device" default config file; and port them across to the desired config file.
ie: an input config and an output config
My question is: Is it only the 'interfaces" portion of the xml that requires changing? Or is it more comlpex than that if you have bridges etc.. ? -
the script would pull the interface settings from the "new device" default config file; and port them across to the desired config file
Typically the interface is tied only to where it is assigned, e.g. LAN, and then LAN is referenced elsewhere.
Also it has been a while but I am pretty sure that when restoring one is prompted to assign interfaces, if they differ from interfaces in the backup.
Often what I do on a new device is pull up the default config, look at the interface names to see what they are, look at the hardware settings like power/crypto, and then restore and edit the hardware settings back again.
Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
Upvote 👍 helpful posts! -
Will there maybe be a wall-mount bracket available for the SG-1100?
Jeff
-
when restoring one is prompted to assign interfaces, if they differ from interfaces in the backup.
This usually works ok, but it went pair shaped for me. I think it is to do with the vlans on the SG-1100 ?
-
@gil Thought I'd retry editing the xml config from the APU2 and then uploading it to my SG-1100.
I cut & pasted the 'interfaces" portion of the APU2 xml - using the default 'interfaces' from the SG-1100 xml.
Then uploaded it to the SG-1100
The SG-1100 then required manual re-configuration via the console as it couldn't assign ports and had no vlans. - hence no lan connectivity.
Do I need to copy other portions of the xml - such as the Vlan section? & any other sections?
