Moving to Netgate appliance -- a few questions
-
I've been using pfSense on an old computer and it's time to move to a more practical long-term device. The SG-2100 appliance is about the right fit, but I have some questions.
Installing the pfSense software on one's own hardware requires no registration and no account setup. If I purchase a Netgate appliance, is there any need to register or use the appliance in conjunction with an account?
The appliance will be used as a firewall between LANs. It will have not have ongoing access to the internet. In my current configuration, I have set WAN with a static IPv4 address. I would assume that the WAN on the SG-2100 can also be configured with a static IPv4 address—is this correct?
-
@pf-beginner There is no need for any netgate/pfsense account for your new appliance - other than I assume the account you use to purchase it?
But no there is no registration or account setup needed.
And yeah you can set static IP on wan..
-
@johnpoz Thanks very much for the clarification.
In looking over the SG-2100 specs, I just noticed that the LAN ports are actually a switch and not discrete ports.
In my current test setup, I have two single-port network cards and the on-board NIC of the computer for a total of three discrete ports. In the pfSense software, these ports are listed as individual interfaces and I have entitled them as WAN, LAN1, and LAN2.
Do you know how the pfSense Plus software will list the ports on an SG-2100? I assume WAN will be listed as WAN, but how will the LAN1-4 ports be listed considering they are on a switch? Will LAN1-4 be listed as VLANs, or ports, or something else? Will each port appear as a separate interface?
One last question about the actual packaging of Netgate units. I live in Europe and with customs and import fees, it’s not practical to purchase from the official Netgate store. Instead the purchase will be made through an official Netgate partner. Do Netgate products come packaged with some sort of security seal on the box? I’ve heard that when Cisco ships network products, they ship them in a package with factory seals so that the end user can have confidence that the unit has not already been put into service or otherwise compromised.
-
The units I have purchased here in the states - the boxes were sealed, in a pretty netgate box.. But I don't recall if was like a "security" sort of seal..
And the units if I recall were also inside anti static bags. Also sealed I do believe - its been a while since ordered a unit..
As to the switch ports - say on a 3100 they look like this
That is one of my units at a remote location.. And then assignment of interfaces like this
I don't have a 2100 to play with.. But I believe they are really sim to the 3100 as far as the switch ports and such.. But where the 3100 has a port broken out as opt and 1 as wan.. I believe the 2100 has only a wan combo port..
Maybe someone that has a 2100 can chime in..
Keep in mind you can end up calling the ports whatever you want ;) Its just the assignment of which physical port is which.. And they are called out like you see above with lan1 - 4..
If your a fan of discrete ports (I am), you could always move up to the 5100 ;)
BTW: Those pictures are from unit running 2.4.4p3 - but I don't believe anything really changed with 2.5/21.02 from that standpoint. My units are in remote locations with nobody on site currently due to covid.. So their upgrades have been postponed until things get back to normal and people actually in the offices again.
-
@pf-beginner said in Moving to Netgate appliance -- a few questions:
actually a switch and not discrete ports
The 2100 ports are here.
-
There is a big difference between a switch port and a actual discrete interface.. Be it you use the switch port for 1 specific vlan or not.. Its not the same..
While functionally they can be discrete - at a hardware level its not the same. For 1 the 4 ports of the switch share the uplink to the routing..
All comes down to what your actually going to do with the device - there can be advantages with having switch ports, all comes down to what your actually doing..
I personally like have true discrete physical interfaces on my router, because I do switching on an actual switch ;)
-
@johnpoz well sure but if that’s not a concern the 3100 costs more. And it has the PHP bugs. Just pointing out the option.
-
@johnpoz Thanks for the detailed information on the switch port setup! I don't have a multi-port NIC to try this out with, but how would a 4-port pcie NIC be treated by pfSense? Would it also be considered to be a switch, or would it be four true discrete ports? Would the answer to this be based on how the pcie NIC was designed?
@SteveITS Thanks for the link. I will have to study this in some detail. I just read though it, but its somewhat confusing.
It seems somewhat counterintuitive to use VLANs to make the ports "discrete"... almost like the opposite of what a true discrete port would be. Anyway, I will look at it in more depth tomorrow and perhaps it will make more sense.
-
@pf-beginner said in Moving to Netgate appliance -- a few questions:
use VLANs to make the ports "discrete"
It emulates it so they behave like separate ports.
-
@pf-beginner re: 4 port card, it is four ports. The switch works that way because of the hardware Netgate uses in those models.
-
You might want to do what I did. I bought a Qotom mini PC with i5 CPU, 4 GB of memory, 64 GB SSD and 4 Intel Ethernet ports, though other configurations are available. With an i5 CPU, they also have more performance than those Netgate boxes. They're shipped from Hong Kong, for what that's worth. I'm quite happy with mine.
-
@steveits said in Moving to Netgate appliance -- a few questions:
And it has the
PHPbugsI was more thinking : 'arm' issues.
Up until "3100" the devices are "arm" processor based.
The 5100 and up are 'intel' based.
I can't say the latter is better (intel gets hotter = uses more electricity that can sum up over a year - as you saw with your 'pc' solution).Btw : I'm also a "discrete NIC fan", although I could share 10 times my combined network traffic need over just one multiplexed port == VLAN (WAN, and several LAN's) as my ISP delivers 22 Mbit/sec.
-
I was thinking of getting a Qotom, but availability is an issue… and then I thought about building a custom box. With the current chip shortage, there are not many low powered processors available right now; on some of them, there was a delivery time of over a month. About the only build I could put together in the next week or so would be so over powered and power hungry it was somewhat ridiculous. A Netgate should meet my modest requirements and at least be efficient.
-
I bought my Qotom a couple of months ago and it took just over a week to arrive.
