SG-3100: have all 32bit related issues been fixed?

Cabledude

Hey all,

Used SG-3100's are relatively cheap nowadays. Because of the decent firewall and internet performance it is an interesting model: full pfSense features in a low power package.

However, there have been topics about issues linked to the 32bit aspect of this design.

Re: Snort won't start after upgrade to 21.02 on SG-3100

I intend to use the appliance as a home router for OpenVPN, Suricata, pfBlockerNG, Avahi and maybe some other packages.

Have all 32bit related issues been fixed now? Can I expect more of them as time passes?

Thanks,
Pete

SteveITS

@cabledude The issues with PHP PCRE and others were resolved in 21.05.1:
https://docs.netgate.com/pfsense/en/latest/releases/21-05-1.html
No issues at any of our clients.

As for the future, I don't know that anyone can say. There aren't many other models that are 32 bit. But, Netgate did get these issues fixed on an EOL device so that's a nice result.

Cabledude

Thank you Steve. Does this mean an SG-3100 can run any package available today, reliably?
I am using an SG-1100 and it has been running wonderfully reliably for over a year now. The sole reason I am looking into the 3100 is that it has a little more performance in firewall and internet speed. The other option would be a 4100, but that model is quite expensive (over 800 USD here in Europe) while I can get a 3100 for about 200.

SteveITS

@cabledude said in SG-3100: have all 32bit related issues been fixed?:

Does this mean an SG-3100 can run any package available today, reliably?

As far as I know, yes. We don’t run many besides Suricata/Snort, pfBlocker, and the APC packages. I seem to recall reading it can’t do ZFS ? but that’s not really operational. All ours were upgrades anyway.

Cabledude

Thank you. Then maybe a 3100 could work for one or two years. I am still hoping we could be seeing a new ARM design, positioned above the 2100 but priced more moderately than the 4100.

@steveits said in SG-3100: have all 32bit related issues been fixed?:

All ours were upgrades anyway.

Wondering what you mean by this? You are talking about 3100's you deployed, right? Did you upgrade hardware?

Pete

SteveITS

@cabledude My comment was in reference to ZFS which is now the default for new installs but IIRC not compatible with 32 bit ARM. When upgrading, it doesn’t reformat the disk.

rcoleman-netgate

@steveits Correct. 3100 and 1000 aren't able to run ZFS.

mcury

SG-3100 is a device that I like very much..
Specially the switch..

The only thing that is missing in my opinion is softflowd, which is not working.
Others complain about the telegraf,..

I use pfblockerng, acme, wireguard, nut, lots of vlans..

Exporting logs to graylog works great, but I don't like bandwidthd, darkstat and ntopng is too heavy..
So, only missing softflowd..

luckman212

@mcury What collector would you export your netflow to (if you had the option).

mcury

@luckman212 To Graylog, although I didn't test this netflow option in Graylog yet.
A few years ago I used nfsen/nfdump, but now softflowd is not working.

michmoor

@mcury said in SG-3100: have all 32bit related issues been fixed?:

sed nfsen/nfdum

I have exported to GrayLog at one point. I just have no idea how to make the data useable, i.e. create pretty charts.

mcury

@michmoor I'm exporting logs to it, but not netflow..

Using these extractors to parse the data: https://github.com/loganmarchione/Graylog_Extractors_pfSense