Difference of whitebox vs SG-6100
-
Hi Guys,
Hoping that you can help me compare. I have a Lenovo ThinkCenter desktop as whitebox for my pfSense CE and has been running for years now. Below are the specs:
Intel(R) Core(TM) i3-4130 CPU @ 3.40GHz
4GB RAM
500GB HDD
3 1Gb PORT
-WAN (500Mbps shared internet, with Static IP using bridge mode PPPoE)
-LAN
-OPT (100Mbps shared internet, with Static IP)Current use of my whitebox pfSense CE:
-Static Routing
-IPSec VPN (Site to Site VPN)
-OpenVPN (for work from home access)
-DHCP IPv4
-Multi WAN Loadbalancing and Failover
-ntopng
-Firewalls and NATPerformance wise, is it better if I upgrade my white box to Netgate SG-6100 and expect enhancement of my current setup?
Sorry guys, I am almost new to pfSense and this was just passed on to me from the previous personnel handling the machine.
Thank you!
-
@lmendoza An sg6100 is based on atom running at 2.2Ghz
You have an i3 running at 3.4 GhzAnd 4gigs of ram is enough, since you aren't into pfblocker or ids/ips.
Yes, an sg 6100 would do the job, but it can't produce ANY performance benefits too.
If you also need support you can upgrade ce version to plus
And last but not least sg 6100 is out of stock until mid april
-
Does my whitebox still enough if it caters almost 100 employees excluding 15 sites connected via IPSec VPN?
Im also doing reserach for my cost/benefit, since I am not to familiar with the diffrence I opted the use of netgate forum for help :)
Thank you
-
@lmendoza said in Difference of whitebox vs SG-6100:
Does my whitebox still enough if it caters almost 100 employees excluding 15 sites connected via IPSec VPN?
Im also doing reserach for my cost/benefit, since I am not to familiar with the diffrence I opted the use of netgate forum for help :)
Thank you
That whitebox has ample performance to deliver your needed performance in that scenario. You would need fully used 2.5Gbit WAN and Internal interfaces to come anywhere near the performance limits of that hardware, with the packages you are using.
-
So in conlcusion I can stay to my whitebox assuming that I will still use the same services as mention above. Even if I those 15 sites are connected to my whitebox via IPSec.
Please correct me also if I'm wrong, I can upgrade my CE to Plus for my machine to have a prioritized firmware updates, since Plus has more bug fixes than the CE?
Thanks
-
The 6100 would likely use significantly less power than i3-4130 desktop.
The C3558 in the 6100 has QAT which gives it far better IPSec performance than you would expect from the CPU speed.
However for a 500Mbps WAN you likely wouldn't see any difference in performance terms.Steve
-
@lmendoza said in Difference of whitebox vs SG-6100:
So in conlcusion I can stay to my whitebox assuming that I will still use the same services as mention above. Even if I those 15 sites are connected to my whitebox via IPSec.
Please correct me also if I'm wrong, I can upgrade my CE to Plus for my machine to have a prioritized firmware updates, since Plus has more bug fixes than the CE?
Thanks
@lmendoza said in Difference of whitebox vs SG-6100:
So in conlcusion I can stay to my whitebox assuming that I will still use the same services as mention above. Even if I those 15 sites are connected to my whitebox via IPSec.
Please correct me also if I'm wrong, I can upgrade my CE to Plus for my machine to have a prioritized firmware updates, since Plus has more bug fixes than the CE?
Thanks
Yes you can.
Pfsense+ does not offer firmware updates for whiteboxes, so pfsense+ for you would be to support the project, possible access to support and access to the added features/packages that + offers. The first reason alone should be argument enough for +
-
What do you mean by "Pfsense+ does not offer firmware updates for whiteboxes"
does this mean that even if I change my CE to Pfsense+ it will not check any further updates, for example: since 22.01 is the latest, it will not update further?
-
@lmendoza said in Difference of whitebox vs SG-6100:
What do you mean by "Pfsense+ does not offer firmware updates for whiteboxes"
does this mean that even if I change my CE to Pfsense+ it will not check any further updates, for example: since 22.01 is the latest, it will not update further?
Ahh, we need to define firmware updates :-)
PfSense+ is a freeBSD Operating System based Firewall - pfSense+ is as such a operating system => Software.
It runs on a piece of hardware that has a CPU, NICs, a BIOS/UEFI ROM and so on. Those pieces of hardware has firmwares that can be updated (ie: BIOS updates, CPU microcode updates, NIC Firmware updates).When running a whitebox, that hardware will not recieve firmware updates from pfSense+. You have to update those firmwares yourself. When running pfSense+ on a Netgate Appliance, firmware updates for the hardware is delivered by pfSense+ as well.
IMPORTANT:
You can/will always get updates/new versions of pfSense+ (The OS/firewall software) as long as you are subscribed/licensed. -
@keyser said in Difference of whitebox vs SG-6100:
IMPORTANT:
You can/will always get updates/new versions of pfSense+ (The OS/firewall software) as long as you are subscribed/licensed.Or own supported Netgate hardware
-
@lmendoza said in Difference of whitebox vs SG-6100:
Intel(R) Core(TM) i3-4130 CPU @ 3.40GHz
Only thing I can add here is the age of the box. That proc dates from what, 2014. I don't see an issue there, where I usually see issues with older devices is the motherboard (dried caps- I've seen more than a few bulged caps with leaked electrolyte stuff crystalized on top) and drive failure if the drive is as old as the rest of the computer. So an honest look at the motherboard, blowout the dust too, make sure the fans spin and aren't gunked up... If the drive is that old consider replacement- basic maintenance... vs. a new router that comes with support.
-
IMHO the topmost threats to those older machines are :
1: HDD failure
2: PSU failureA good cabinet with adequate cooling will prong the lifetime of components & capacitors substantially.
Both can be changed and have the system up & running in less that 1hr.
It seems to be a commercial install, where $$ isn't that much of an issue.
IMHO : The 6100 would add :
Power (wattage) saving & BTU saving (heat)
RMA possibility (quick replacement assurance) , for a period.
Free pfSense+ license (factory built in)Could be worth to consider if downtime impacts lots of people.
/Bingo
-
You might consider a Qotom mini PC. I bought one last year (see sig) and they come in a variety of configurations. They seemed to have pfsense in mind when the designed them.
-
@jknott said in Difference of whitebox vs SG-6100:
You might consider a Qotom mini PC. I bought one last year (see sig) and they come in a variety of configurations. They seemed to have pfsense in mind when the designed them.
My friend got Qotom mini PC, and i immediately discovered several very annoying issues with it. If there is a power outage, device doesnt power back on when power comes back. You have to manually press the power on switch to power it on. And unlike every other device out there, Qotom decided that this "feature" should be controlled with the jumper setting instead of BIOS setting. To make this even more confusing for inexperienced users, this option is actually available in BIOS, however, it gets completely ignored and it does nothing. After setting the jumper in correct position, device powers on automatically as soon as power is applied.
Majority of Qotom customers are buying these devices to use them as firewall appliances and routers. Why they decided that this should be default setting on all of their devices is beyond me. Also. Not everyone wants to open brand new box and fiddle with jumpers. There is no manual for this. I had to google it. Its a known problem with Qotom devices.
Another issue is built in PC speaker that works without issue when you power on device. I can clearly hear BIOS beep. However, once pfSense boots up there is no classic beeping sound that indicates that pfSense is finished loading. Also, there is no beeping sound when you initiate reboot from pfSense. Why? Because all beeping sound gets redirected from internal PC speaker to integrated sound card. Yes. Beeping sound is actually there but you can hear it only when you plug in your headphones into 9mm jack.
There is another issue that may scare some people. If you press power button while pfSense is up and running, device will shut down and you wont be able to power it back on. Device doesnt power on even if you pull the power cord out and put it back in. You actually have to pull it out, press and hold the power on button, and while holding it, put the power cord back in. And then device will power on.
Also, there is no CoreBoot BIOS available for any Qotom devices.
All above issues aside, once you install pfSense, it all works. Device is cool and silent. It runs stable without any additional issues.
-
@nimrod
I have about 15 x i5/i3 Qotoms home + work
All of them adhere to the Bios setting of : "State when power is lost"What model is your "problem child" ?
Was this the "jumper doc" ?
https://www.youtube.com/watch?v=-2pZi3hf2f4 -
@bingo600 said in Difference of whitebox vs SG-6100:
@nimrod
I have about 15 x i5/i3 Qotoms home + work
All of them adhere to the Bios setting of : "State when power is lost"What model is your "problem child" ?
Its Q710G4 Celeron J3455.
I told my friend to go with Netgate or Protectli, but "its too much money" he said.
-
Of those issues, the only one I have is the speaker. But I don't have much of a need for it. The power on setting is in the CMOS of mine.
-
It doesnt matter to me really. Thats something my friend has to live with. As for me, im running Protectli FW6D with zero issues.
-
@nimrod said in Difference of whitebox vs SG-6100:
It doesnt matter to me really. Thats something my friend has to live with. As for me, im running Protectli FW6D with zero issues.
Protectli seems to be a rebranded Yanling
https://www.ylipc.com/product/category/network_serverI have just got a HYSTOU 6 port i3-7100 - Yanling clone , for playing around with.
https://www.ylipc.com/product/N13L6
https://eu.protectli.com/product/fw6b/Has the older Intel gigabit interfaces emX , but the price was less than $200 for 8GRam + 160GB HDD , and powerusage low.
I see no difference in quality from my i3 Qotom's
It uses a "Cisco console RJ45 plug" instead of a "Real DE-9" plug. -
@bingo600 said in Difference of whitebox vs SG-6100:
@nimrod said in Difference of whitebox vs SG-6100:
It doesnt matter to me really. Thats something my friend has to live with. As for me, im running Protectli FW6D with zero issues.
Protectli seems to be a rebranded Yanling
https://www.ylipc.com/product/category/network_serverI have just got a HYSTOU 6 port i3-7100 - Yanling clone , for playing around with.
https://www.ylipc.com/product/N13L6
https://eu.protectli.com/product/fw6b/Has the older Intel gigabit interfaces emX , but the price was less than $200 for 8GRam + 160GB HDD , and powerusage low.
I see no difference in quality from my i3 Qotom's
It uses a "Cisco console RJ45 plug" instead of a "Real DE-9" plug.I actually ordered my unit from Yanling directly. Protectli is just providing sales in USA, technical support, hardware upgrades and excellent documentation. Yanling is original manufacturer. And this is not your typical low quality cheap Chinese hardware. These units are very expensive, but build quality is unmatched. Qotom is no match when it comes to build quality. And CoreBoot BIOS can be installed on all Yanling units. Unlike Qotom, they just work with zero hassle. But thats why they cost more.
