In the market for a Netgate appliance

mnhim001

Hi,

I am currently in the market for a Netgate appliance. I will be setting this up in my home, my current upload/download speed is 500mbps but I will be upgrading to 1gig service soon. Can someone recommend me a model that would fit my needs?

I also currently have a Netgear RAXE500 Wifi Router, which I would like to continue using as a router. Does this defeat the purpose of putting in a Netgate device? I just don't want to redo all my port forwarding and IP reservations again.

I was thinking, I put install the devices like this: Frontier ISP>Netgate>Netgear router>Wifi & other hubs and switches

Please let me know if their is a better way to do this. Thank you.

rcoleman-netgate

@mnhim001 In the area of devices that are currently for sale and will definitely fit your needs... the 6100 is the one you want to go with.

The 7100 would work, too, but is more expensive.

Does the RAXE500 support WAP only mode? If so you would be just fine putting it behind the Netgate pfSense unit.

If you are not planning on running packages that are heavy load on the NAND storage go with this unit: https://shop.netgate.com/products/6100-base-pfsense

If you are going to run things like Squid (or other proxies), Suricata or Snort go with this unit: https://shop.netgate.com/products/6100-max-pfsense

SteveITS

@mnhim001 Using both complicates things and does sort of make the Netgate redundant. Best case in that setup the Netgate would use 1:1 NAT to forward all ports to the Netgear. Then you're using double NAT.

Another option is to use the Netgate as the firewall, set up the port forwards again, and use the Netgear as an access point. Some can be set up as an access point, for others one can just connect a LAN port to the Netgate and leave the WAN disconnected, and it will just bridge the wireless and LAN.

re: speeds, "it depends." :) There is a table at https://www.netgate.com/appliances with speeds for VPN, firewall, etc. VPN to the router uses a lot of CPU hence it is slower. IDS will use CPU. So it depends what you do with it.

mnhim001

@steveits said in In the market for a Netgate appliance:

Another option is to use the Netgate as the firewall, set up the port forwards again, and use the Netgear as an access point.

I think that is what I am going to end up doing. The Netgear device can be setup as an AP.

rcoleman-netgate

@mnhim001 That's precisely what I would do in your shoes.

mnhim001

@rcoleman-netgate said in In the market for a Netgate appliance:

the 6100 is the one you want to go with

Why would you recommend the 6100 over the 2100? I was initially looking at the 2100, but can't justify spending the extra money for the 6100. Most important feature to me is the maintain the speed my ISP provides which will be 1gig upload/download.

On the 6100 (not Max), it has 2x m.2 slots, can I put in a NVMe SSD in that slot and be used as the primary or secondary storage?

SteveITS

@mnhim001 said in In the market for a Netgate appliance:

6100 over the 2100

If you look at the comparison table it has speeds for various cases. For the 2100 I wouldn't expect gigabit:

L3 Forwarding
IPERF3 Traffic: 2.20 Gbps
IMIX Traffic: 594 Mbps

Firewall (10k ACLs)
IPERF3 Traffic: 964 Mbps
IMIX Traffic: 249 Mbps

The 3100 and 5100 are no longer available, ergo the 6100.

rcoleman-netgate

@mnhim001
Why would you recommend the 6100 over the 2100?

Why: "but I will be upgrading to 1gig service soon"

mnhim001

@rcoleman-netgate said in In the market for a Netgate appliance:

Why: "but I will be upgrading to 1gig service soon"

Good enough reason!!!