What is the difference between pfsense netgate appliance ( software base ) and pfsense open source install on your PC
-
Hi everyone, i am planning to use pfsense in our office as a firewall. We are going to use IPSEC VPN for site to site vpn connection and mobile phone clients. My first plan is to buy a PC and install pfsense but a im considering also to buy netgate sg 5100 because its small and less power consumption. My question is, is there any difference on the sofware pfsense you donwload and install on your pc and the netgate pfsense appliance ( netgate sg 5100 or other netgate pfsense model ) thanks for your answer.
-
Much lower power requirements, compatible hardware and hardware support (with optional software support.)
-
@KOM thanks. How about the pfsense software itself? is there any difference? The features and functions
-
Close to none - or nothing at all.
pfSense running on some PC-look-alike downloaded from here or a dedicated device like these is identical.
I'm using using an old recycled office desktop PC - some 10 years old.
Cons : Uses 5 times more power as a dedicated device like this.
Pros : I have 2 other PC's like this on stock, so when it finally breaks, I'll be back online within one hour - no other delays or costs. These type of PC's can be found by the millions on the surface of earth, just add a NIC with at least one extra Ethernet port. -
Yeah, the differences are small in terms of the software. There are some packages available in factory that are not available in CE, AWS Wizard, IPSec profile exporter. You can do those things manually anyway it's just much easier via the packages.
We are able to tune the factory images in some ways as we know what hardware they are running on. The CE images have to be compatible with everything.
But mostly by buying hardware from us you are funding development and you can be sure future versions will be compatible as we test that on all our hardware before release.Steve
-
Hi @stephenw10, thanks for you response. I decided to purchase netgate pfsense router. What model should i buy? We have 3 offices in different locations in our country. Our main office has a 35 computers and 2 data servers. Our 2 branches offices has the same 4 computers and 1 data server. And we have also android tab clients for every offices that are running into remote areas. We would like to connect them into 1 network using VPN IPSEC. Hope you could help us. Thanks and more power
-
https://www.netgate.com/blog/choosing-the-right-netgate-appliance.html
if i can make a suggestion
i think that the sg-3100 will suffice for your 2 branches offices
I would consider putting an SG-5100 in your main office -
3x SG-5100
-Rico
-
yeah if budget is not a problem i will go with 3 x SG-5100 myself
-
What bandwidth do you have available at each site? What bandwidth do you need between sites?
Steve
-
..... exact. If the bandwidth is far less then 1 Gbs, a SG-1100 will do.
Edit : for the 2 branches offices. -
uhm it could become a bottleneck with only 1gb ram, personally i would suggest the sg-1100 only for home or small environment where there is no need for extra packages
plus the sg-3100 have four-port 1 gbps Marvell 88E6141 switch, uplinked at 2.5 gbps
if you think that the business can grow in time (and we hope so) it would be more efficient to buy at least the sg-3100
better to have more than less, but this is only my 2 cents -
@stephenw10 we have fiber optic connection with 50Mbps in the main office and 20Mbps each for the 2 branches
-
@kiokoman sg 3100 for 2 branches and sg 5100 for the main office is a good idea. Thanks bro. But i would like to here also what @stephenw10 steve suggestion
-
@kiokoman you mention the RAM. if i will build a pc for my pfsense, what specs do you suggest? Thanks
-
personally i'm in love with netgate products, we are talking about freebsd here, compatibility and stability are important, you won't be able to build yourself something better with less money then the sg3100/sg5100 , any i3 / i5 can do what you want, even older pc but do you realy want to use something unreliable/you don't know if it's 100% compatible to your business? power consumption and warranty is also something to take in mind if it's on 24/24/365
It could be only my perception but if you take a look at the forum people have alot more trouble (that could be easily fixable or not) from VM or assembled machine vs netgate product -
@kiokoman said in What is the difference between pfsense netgate appliance ( software base ) and pfsense open source install on your PC:
you won't be able to build yourself something better with less money then the sg3100/sg5100
What about the J1900? They appear to be cheaper than the SG3100.
-
if you think that building something based on the j1900 is better
to me they fall to something unreliable/you don't know if it's 100% compatible
there are also that famous chinese crap that they sell on amazon if you want to spend less money
personally i will never put something not officially supported in a business environment if i can avoid it and if i don't have the time to track down possible problem/incompatibility. but if people like to be a guinea pig .. be my guest. i have nothing more to add, i won't start a flame a la playstation vs xbox. let him decide what is best for his business based on what @stephenw10 will officially suggest̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
Please do not use chat/PM to ask for help
we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
Don't forget to Upvote with the 👍 button for any post you find to be helpful. -
@kiokoman i completely agree with you. I want the sg 3100 and 5100. Thank you so much bro. But i want also to hear what @stephenw10 thinks, or suggest.
-
For a 20Mbps connection with 4 computers behind it the SG-1100 is ideal. It can easily do 20Mbps of VPN traffic assuming the connection latency and packet size etc will allow it.
You could probably also use that at the main office but I would probably go to an SG-3100 there to be safe or if you ever wanted to use additional packages.
The SG-5100 is probably overkill at any of those locations unless you think the available connection bandwidth will increase any time soon.Steve
