Hardware Available at the pfSense Store



  • We now offer direct hardware sales via our online marketplace. There are 3 platforms available now, with more to come in the future.

    Check out our current offerings here:
    https://store.pfsense.org/hardware/



  • No company name, no address, no phone, no email, no privacy policy?  ???



  • Figure it's implied that it's ESF, where you can find full contact details and a privacy policy. But yeah that should be more clear on the site. Thanks for the feedback.



  • Don't get me wrong, I think it's great, especially since some models aren't readily available everywhere/for everyone.



  • @cmb:

    Figure it's implied that it's ESF, where you can find full contact details and a privacy policy. But yeah that should be more clear on the site.

    http://electricsheepfencing.com/#our-policies  says "We only do services, no shipping."
    Definitely needs some indication of shipping pricing etc.

    The store does not list any software - wouldn't this be a good place to list support contracts?

    What legal jurisdiction does ESF operate under?  I see the company is based in Texas, but should say specifically.



  • Speaking of hardware - I see one of the adverts in this web site is www.netgate.com pushing their m1n1wall box running on an alix.  Is this appropriate adverts for pfsense's own web site?



  • @Criggie:

    Speaking of hardware - I see one of the adverts in this web site is www.netgate.com pushing their m1n1wall box running on an alix.  Is this appropriate adverts for pfsense's own web site?

    Personally, I want to stop the adverts altogether.  Others in the company support continuing them for partners.

    Some things you might want to consider, however:

    • Netgate is, by far, the largest and longest supporter of the project

    • pfSense HQ is co-located with Netgate in our Austin, TX offices

    • Netgate acts as the shipping department for the store

    • Netgate's owner is the majority shareholder of ESF (you know, the company behind pfSense)

    Given these, your concern, while understandable, seems a little … apprehensive?

    If there were ever a company closely aligned with pfSense, it is Netgate.



  • The shop is a very good idea.
    Are you going to sell many different hardware appliances or will you stick to like 3 to 5 different "grades"?

    I bought the USB stick to support you a little bit :)



  • I don't know what you mean by "many".

    I would say that there will be "several" hardware offerings this year.



  • I was going to support the good cause and buy two machines from you. However, there is a slightly, iny tiny, small, problem  ;D ;D ;D

    I attached a screenshot.

    This is for shipping to The Netherlands. If I may, the UPS/Fedex's of this world must be completely mentally retarded. For that amount of money I can depart from Schiphol Airport Amsterdam and fly to New York myself.

    So, sorry, I really wanted to buy two machines and in the process support the good cause  :-[

    On another note: couldn't you go via Amazon Marketplace? I've never had these insane shipping costs when ordering from Amazon USA.

    Just a thought  :P



  • Banned

    @Hollander:

    If I may, the UPS/Fedex's of this world must be completely mentally retarded. For that amount of money I can depart from Schiphol Airport Amsterdam and fly to New York myself.

    ROFL… Insane indeed.



  • …not to forget the customs fun. And then you end up with trash like this (see photo),,  btw. inside there were two SAS HDDs, I desperately needed them, otherwise would have returned them....

    But in the Netherlands you have other options:

    http://www.applianceshop.eu/index.php/?___store=en

    :-)

    ...they do some advertising on the forum, too and I was very satisfied with the service!




  • @gonzopancho:

    I don't know what you mean by "many".

    I would say that there will be "several" hardware offerings this year.

    Any plans on adding anything soon? There's a pretty big gap in price and functionality of what's currently available. Habey has a nice looking 1U that I've been thinking about getting…might even pay a little more if it came in red ;)
    http://www.habeyusa.com/products/fw-1044-1u-4-gbe-w-bypass-segment-fanless-network-hub/

    Edit: speling



  • The C2758 was just added about a week ago.
    https://store.pfsense.org/c2758/
    It's sold out already, more are on the way.

    There will be more to come.



  • @chemlud:

    …they do some advertising on the forum, too and I was very satisfied with the service!

    Actually, they don't.



  • I love the idea of pfSense selling their own hardware, but am lost as to what the unit capabilities are.  the C2758 would be great, but how many concurrent connections would it support? Sorry, but I'm not knowledgable enough to translate the raw pass-through numbers to connections.

    We're a catholic k-8 school in need of firewall and content filtering…..Currently running a sonicwall 2400



  • May firewall vendors artificially limit "connections".  Sonicwall is one such vendor.

    We do not.

    See the discussion here under "Feature Considerations"
    https://www.pfsense.org/hardware/#sizing



  • @gonzopancho:

    May firewall vendors artificially limit "connections".  Sonicwall is one such vendor.

    I don't believe they do (not that I would ever recommend those horrible pieces of junk to anyone).  I think he's referring to this statistic:

    Per http://www.sonicwall.com/us/en/products/NSA-2400.html#tab=specifications
    Connections per second 4,000/sec

    I have no idea where they get those numbers from, but their other numbers are very similar to the c2758.  I don't believe anything Dell says about Sonicwall, though.  Those things perform terribly and are a nightmare to administrate and exhibit very odd behavior.



  • No arguments from me on the sonicwall.  They've been a giant pain in my butt as long as I have had to deal with them.  And that was even BEFORE Dell took over!

    And no, I have no idea where they pull those numbers from.  I guess I was more concerned with the throughput.  But I guess if I load it up with memory it should handle the web filtering.  I'll wander the boards to find out more about that.

    Thanks for slapping me upside the head to realize exactly what I should be looking at!



  • I'm not sure what they mean by "connections / sec".

    Typically this is a web server metric.

    A dual Intel Xeon X5670 (2 * 6 cores @ 2.93 GHz, 2 threads per core) with 24GB of RAM will do 500K connections/sec to nginx.
    I've not measured it, but the C2758 cores each benchmark pretty close to a 5600 series ("Westmere ") Xeon.  The C2758 only has 8 cores (not 12 in the system above) and they each run at 2.4GHZ, not 2.9GHz, but overall, I'd bet the C2758 can do at least 400K connections/sec in a similar benchmark.

    Maybe they mean new connections / second to the IPsec endpoint.  We haven't measured it.

    If they mean packets per second (pps), then that number sucks by comparison.  In an Untuned state, the hardware will run 585Kpps per interface without the overhead of pf.  Those are minimum-sized (64 byte) packets.

    With a bit of tuning, and a single stateful rule installed in the packet filter, the rate goes up to nearly 800Kpps.

    Their IMIX is oddly stated at 1280 byte UDP packets.  That's not mixed.  Typical firewall vendor BS.
    http://en.wikipedia.org/wiki/Internet_Mix

    Assuming an IMIX of PPS * ( 7*(40+14) + 4*(576+14) + 1*(1500+14) )/12*8, the IMIX thoughput for this is 2.267Gbps, which, you will note, is faster than the interfaces.  This shatters the quoted IMIX throughput for the Sonicwall NSA 2400 (235 Mbps)

    And we're after far (far) more.  Stay tuned.  I LOVE this hardware, and plan to make the most out of it for pfSense.

    By comparison, here are the numbers for a PC Engines APU:
    154.17 Kpps -  raw routing  (est IMIX throughput = 437 Mb/s)
      88.12 Kpps - with a single, stateful 'pf' rule installed  (est IMIX thoughput = 250Mbps)

    Note that even this is faster than the NSA 2400 you pointed to.

    So there it is, a real-world result, the C2758 is about 10X faster than an APU, and I've just gotten started.



  • And the lower-end, Sonicwall does limit the number of nodes behind the firewall (that use the firewall).
    http://help.mysonicwall.com/sw/eng/305/ui2/23100/System/Licenses.htm

    Here is a reseller of Sonicwall node licenses, just so you can check prices.
    http://www.sonicguard.com/NodeUpgrades.asp

    To be fair, some Sonicwall devices (such as the NSA 2400) come with an "unrestriced" node license.

    There are some very early benchmarks (using iPerf, which I loathe) of the C2758 here:
    http://store.pfsense.org/c2758/



  • Isn't The C2758 Product page @ http://store.pfsense.org/c2758/ Misleading?!?!?!

    It clearly states "No additional usage or feature based pricing.  Unlimited users, firewall rules, VPN connections, etc."

    However, the Quick Start Guide @ http://support.netgate.com/index.php?/Knowledgebase/Article/View/18/9/where-can-i-find-the-c2758-quick-start-guide, on page 7 states "One year of pfSense Certified software updates and bug fixes
     One year of Netgate’s pfSense Certified premium add-ons for pfSense 2.1"

    Which in my mind at least, tells me there is feature based pricing.. At least in that there is a renewal for whatever 'premium add-ons' are included. Shouldn't mention of this appear in the fine print of the product page?

    Also, since I'm bound to be starting a mess here, can clarification be added on Netgate/ESF for these purchase? The documentation clearly states in numerous places, that this is a Netgate firewall, yet, that is left off the pfSense page, leading one to believe this is an ESF product. This seems deceptive.

    I understand Netgate is now a majority? share holder of ESF, but ESF != Netgate and Netgate != ESF. It seems you have two separate companies by design, yet you are merging the two or using them like they are one.

    Who's collecting the money from this purchase directly? ESF? or Netgate?

    Is ESF directly reselling Netgate equipment (Netgate is a supplier)? or am I buying Netgate directly, who then in turn makes a donation to ESF? Who's responsible for the warranty?

    I am probably not the only one wondering about this last set of questions, and I don't mean to be creating problems, I'd just like clarity. If I decide to buy one of these, I'd like to know who is it truly benefiting from the purchase.



  • @gonzopancho:

    And the lower-end, Sonicwall does limit the number of nodes behind the firewall (that use the firewall).
    http://help.mysonicwall.com/sw/eng/305/ui2/23100/System/Licenses.htm

    Wow. The more I learn about just how bad they are the more I don't understand how the company has been in business for so long. The day I retired the Sonicwall was one of the happiest days of my life (at least that's how I remember it).

    Like I said, I don't believe anything they say about Sonicwall devices. My experience and reading user forums has taught me that they never perform anywhere even close to what the specs say, and unless you're doing just basic firewalling from LAN to WAN they don't ever actually work as expected either.



  • @Sn3ak:

    Isn't The C2758 Product page @ http://store.pfsense.org/c2758/ Misleading?!?!?!

    It clearly states "No additional usage or feature based pricing.  Unlimited users, firewall rules, VPN connections, etc."

    However, the Quick Start Guide @ http://support.netgate.com/index.php?/Knowledgebase/Article/View/18/9/where-can-i-find-the-c2758-quick-start-guide, on page 7 states "One year of pfSense Certified software updates and bug fixes
     One year of Netgate’s pfSense Certified premium add-ons for pfSense 2.1"

    Obviously there is some editing to do.

    @Sn3ak:

    Which in my mind at least, tells me there is feature based pricing.. At least in that there is a renewal for whatever 'premium add-ons' are included. Shouldn't mention of this appear in the fine print of the product page?

    See above.

    @Sn3ak:

    Also, since I'm bound to be starting a mess here, can clarification be added on Netgate/ESF for these purchase? The documentation clearly states in numerous places, that this is a Netgate firewall, yet, that is left off the pfSense page, leading one to believe this is an ESF product. This seems deceptive.

    I understand Netgate is now a majority? share holder of ESF, but ESF != Netgate and Netgate != ESF. It seems you have two separate companies by design, yet you are merging the two or using them like they are one.

    Your "understanding" is flawed.  Netgate is not a majority shareholder of ESF, but the principals of Netgate are the majority shareholders of ESF.

    You are correct when you state "ESF != Netgate and Netgate != ESF".  That said, the two companies are co-located in the same office space, and I tend to use what people and resources are available for the tasks at-hand.

    @Sn3ak:

    Who's collecting the money from this purchase directly? ESF? or Netgate?

    Is ESF directly reselling Netgate equipment (Netgate is a supplier)? or am I buying Netgate directly, who then in turn makes a donation to ESF? Who's responsible for the warranty?

    In answer to both of your questions: Which store did you buy it from?  There is your answer.

    @Sn3ak:

    I am probably not the only one wondering about this last set of questions, and I don't mean to be creating problems, I'd just like clarity. If I decide to buy one of these, I'd like to know who is it truly benefiting from the purchase.


  • Netgate Administrator

    @gonzopancho:

    I'm not sure what they mean by "connections / sec".

    No, seems odd for a firewall.

    Perhaps the nearest thing might be state table inserts per second? Or maybe state table searches per second?
    See this thread for some big numbers:
    https://forum.pfsense.org/index.php?topic=72810.0

    Steve



  • Note that all of our equipment is suitable for US power standards. If you live outside the United States, be aware you may need to find a different power adapter / power supply to use your equipment.

    (from http://store.netgate.com/International-Order-Payment-W9C111.aspx)

    Can someone comment it? Do I need to buy additional power supply if I want to use it in Europe?


  • Netgate Administrator

    Almost certainly not.
    The vast majority of computer equipment are using switching power supplies with 90-250V input so you can use them in Europe or the US. You may need a different power lead to connect the PSU to the wall socket but these will be easily available locally to you.
    There are some exceptions to this though (some laptops and similar power bricks for example) so best to ask about the exact product.

    Steve



  • Gents, one thing that would really help is more detail on the performance.

    I'm looking for a box that will give about 25MBPS on AirVPN:

    • 4096 bit RSA keys size

    • AES-256-CBC Data Channel

    • 4096 bit Diffie-Hellman keys size

    • HMAC SHA1 Control Channel

    • TLS additional authorization layer key: 2048 bit

    • Perfect Forward Secrecy through Diffie-Hellman key exchange DHE.

    Can you advise me? I posted this here instead of just emailing as I thought the reply might be useful for others too.



  • @nashton:

    Gents, one thing that would really help is more detail on the performance.

    I'm looking for a box that will give about 25MBPS on AirVPN:

    • 4096 bit RSA keys size

    • AES-256-CBC Data Channel

    • 4096 bit Diffie-Hellman keys size

    • HMAC SHA1 Control Channel

    • TLS additional authorization layer key: 2048 bit

    • Perfect Forward Secrecy through Diffie-Hellman key exchange DHE.

    I'm assuming you likely mean Mbps (bits). The VK-T40 and C2758 platforms we sell will both do well upwards 25 Mbps with those parameters. The 2D13 is the only system we sell that would struggle to reach 25 Mbps across a VPN with those parameters.

    You may have issues reaching 25 Mbps with VPN providers along those lines for reasons entirely unrelated to your firewall. 25 Mbps probably isn't too difficult to reach, but that depends on what kind of load the provider's servers and network are under, how far away you are from the VPN server, and how far the ultimate destination of your traffic is from the VPN server. The higher latency makes it more difficult to achieve high throughput (see "long fat pipe") depending on how high it is. Some providers also significantly over-subscribe their networks and/or servers and hence perform poorly during peak times. I'm not familiar with that provider in particular so not sure what you can expect.



  • What is the difference between the VK-T40E and the Netgate APM4?  They seem to be identical.  We want to begin to replace the old watchguards at all of our satellite sites.  thanks.



  • They are identical.

    You may want to wait for RCC-VE.



  • Hello,

    The pfSense store states the routers come with one year of 'ESF Premium Software Support'.

    Is this phone support or e-mail support, etc.?


  • Rebel Alliance Developer Netgate

    The bundled support is primarily handled via ticket system / e-mail / chat, but may include a phone call initiated by a support representative if circumstances dictate that it's necessary.



  • Hey,

    So I am very excited to see the new hardware options on the pfsesne store.

    The question I have is with a 1G up and down and a desire to run Suricata which would one be better off with, the SG-2440 or the SG-4860? No VPN traffic at all.



  • @Tiscan:

    Hey,

    So I am very excited to see the new hardware options on the pfsesne store.

    The question I have is with a 1G up and down and a desire to run Suricata which would one be better off with, the SG-2440 or the SG-4860? No VPN traffic at all.

    SG-2440
    Dual Core Intel® Atom™ C2358 1.7 GHz, with AES-NI and Intel QuickAssist

    SG-4860
    Quad Core Intel® Atom™ C2558 2.4 GHz, with AES-NI and Intel QuickAssist

    The SG-4860 comes with a higher CPU frequency, more cores and more RAM
    so it would be the better appliance.

    Overall let us not only taking at the todays CPU performance, but more at QuickAssist.

    For some applications with Intel QA using code, it will be changing and one of the common
    applications QuickAssist works for at this time is snort, so for those using Rangeley as a UTM
    or firewall appliance, it is a major consideration as I see it right. So perhaps you should find out
    at next if suricata also benefits from Intel´s QA or not and then what you have to do for activating
    in snort for using the Intel QA option to speed up the entire performance.  :o



  • Intel removed the version of firmware that would accelerate Snort.

    Read: don't believe everything you read on the Internet.

    The firmware for QAT these days will accelerate crypto and compression.



  • @Tiscan:

    Hey,

    So I am very excited to see the new hardware options on the pfsesne store.

    The question I have is with a 1G up and down and a desire to run Suricata which would one be better off with, the SG-2440 or the SG-4860? No VPN traffic at all.

    You'll want more cores.

    Someday I'll turn my attention to Snort/Suricata, DPDK and multi-core regex (probably with AVX/AVX2 acceleration.)

    Today is not that day.



  • Hi There
    Do you have a supplier in China or Hongkong for the PFSense devices that you mention on this forum… if you do, what is that shop name and contact, willing to bought some of it for my network..

    Appreciate asap reply...



  • OK, the new website is saying that:

    'Bundled' and 'Incident' support is for ticketing system/e-mail support, 24 hour response SLA

    'Professional Services' is for consulting via telephone, e-mail, etc.

    Is this correct?

    What is the pricing of Professional Services?



  • @ttblum:

    OK, the new website is saying that:

    'Bundled' and 'Incident' support is for ticketing system/e-mail support, 24 hour response SLA

    'Professional Services' is for consulting via telephone, e-mail, etc.

    Is this correct?

    What is the pricing of Professional Services?

    Professional services is for more involved projects, usually on a fixed fee basis with a specific scope. It's described in more detail here:
    https://portal.pfsense.org/professional-services.php

    Cost is dependent on the project, starts with a 2 hour minimum at $250 USD/hour, so $500 minimum. Email professional.services (at) pfsense dot org with the specifics of your project and we'll get you a quote.


Log in to reply