SG-2440



  • Hi All

    In 3 weeks I will be having 100mb/sec (down) and 20mb/sec (up) fibre installed at my place. I will be purchasing a new router as my current 7yr old router is a dinosaur! I am seriously considering the SG-2440 from the pfsense store as it is silent and would like to support the project.

    Before purchasing however I would like to know if it is powerful enough for

    a) my new fibre connection (it is upgradable 1gb/sec which I may consider in the future)

    b) I would like to run Snort and Squid proxy if possible - is 4GB RAM enough for this

    FYI: There are only 2 users that will be using this fibre connection on the LAN side but I do host an email server at home but this only has 4 users accessing it (two of which access it from the LAN side).

    I guess what I'm really asking is, is 4GB of RAM enough for what I want to use it for? The SG-4860  looks amazing with 8GB of RAM but its too pricey for me…hence these questions.

    Thanks and I can't wait to start using pfsense...finally!  :D



  • a) Sure, if all you're doing is Firewall and NAT.  No, if you're doing VPN, L7 shaping, Snort, etc.
    b) Maybe, depends on the ruleset and how many interfaces you're running on.  Memory usage is determined by the number and type of rules you enable and how you configure them.



  • @Jason:

    a) Sure, if all you're doing is Firewall and NAT.  No, if you're doing VPN, L7 shaping, Snort, etc.
    b) Maybe, depends on the ruleset and how many interfaces you're running on.  Memory usage is determined by the number and type of rules you enable and how you configure them.

    Thanks for your input  8)

    I may use VPN for remote access occassionally but it'll just be for me and used rarely. Not sure about L7 shaping but would like to have a tinker with Snort. I may use QOS to guarentee a certain amount of bandwidth of the one user on the LAN.

    In the beginning I will be using the WAN interface for the fibre connection and then using the LAN connection for the two users on the LAN. Later on I'd like to use a third interface for my ESXi server (which will use a few VLANs).

    My rules will be fairly basic: Allow all outbound and only allow port 25/443 to a few VMs on my ESXi host. I'm sure there will be a couple more than these but thats all I can think of for now.

    I could live without Squid and Snort but I'd like to know that they are there and available should I decide to use them.

    Let me ask this, if I don't use Squid but I do use Snort will 4GB of memory be ok?

    Let me also ask, if I don't Squid AND Snort will 4GB of RAM be ok?

    Appreciate the help!



  • Let me ask this, if I don't use Squid but I do use Snort will 4GB of memory be ok?

    This could good be running well.

    Let me also ask, if I don't Squid AND Snort will 4GB of RAM be ok?

    This is absolutely enough.



  • I'm hoping to pull the trigger this weekend to order this firewall.

    Since I live in the UK, what are my options for getting a power supply with a UK plug on it that will work with the SG-2440?



  • @zarje:

    I'm hoping to pull the trigger this weekend to order this firewall.

    Since I live in the UK, what are my options for getting a power supply with a UK plug on it that will work with the SG-2440?

    I personally would ask a pre-sales question about this behavior at the pfSense-store! Perhaps they can
    tell you what to do or they send you a GB ready one or what ever you should consider to buy in GB it self
    but better from them as a failing information about the forum! Email: sales@pfsense.org



  • Thanks!

    The order has been placed and I am now excited ;-)



  • So my SG-2440 arrived on the weekend and i have set it up with my Draytek 2820. The Draytek is used as an ADSL modem in bridged mode and I am using the PPPoE client on the WAN interface of the SG-2440 in pfsense.

    I seem to be having quite a bit of packet loss on the WAN interface. I thought it may be the speed/suplex setting? But I can't find where you can change this? I can see where you change the speed/duplex settings on other interfaces but not the WAN interface. Can someone help please?

    Not sure if theres something else I can check with regards to packet loss? I'm meant to be getting between 8 and 10mb/s but am currently getting under 3! If I run a continuous ping on the LAN interface from my desktop on the LAN there is zero packet loss but if i ping (say) 8.8.8.8 then I get up to 15% packet loss.

    I'm still finding my way around pfsense so would appreciate any help  ;)



  • Could be your phone line or the draytek adsl is a finicky thing at best



  • The Draytek is a real router and if it is not in the so called bridge mode your were creating a double NAT
    or router cascade.

    I seem to be having quite a bit of packet loss on the WAN interface.

    ok what Internet connection speed do you have? And what kind of Internet connection is that in real?
    (ADSL2+, VDSL, VDSL Vectoring, FTTH/FTTC)

    I thought it may be the speed/suplex setting?

    This could really good be.

    But I can't find where you can change this? I can see where you change the speed/duplex settings on other interfaces but not the WAN interface. Can someone help please?

    Forcing Interface Speed or Duplex Settings

    Not sure if theres something else I can check with regards to packet loss? I'm meant to be getting between 8 and 10mb/s but am currently getting under 3!

    From what Internet connection speed you got 8 MBit/s - 10 MBit/s or the 3 MBit/s?
    In normal SPI/NAT and firewall rules are "eating" some throughput likes 1% - 3% of all.
    And with a double NAT or router cascade you will have loss something likes 3% - 5% from all WAN throughput.
    If you have configured now something like Squid, Snort, SquidGuard, pfBlockerNG, QoS and VLANs it will
    be then "eating" even more and more and more from your entire throughput. What method for the measuring
    do you were using? iPerf from client to server will be the best thing in my eyes but NetIO would also march.

    If I run a continuous ping on the LAN interface from my desktop on the LAN there is zero packet loss but if i ping (say) 8.8.8.8 then I get up to 15% packet loss.

    This might be but is not really saying anything about the throughput capabilities from the SG-2440 in any kind
    of direction. Try out iPerf first at the WAN port and then through the Internet.



  • Thanks for the replies but I found the issue. I had selected the modulation type to "Multimode" instead of "ADSL2+" which was causing all the packet loss. Once I changed this everything worked great…no packet loss  :)

    I know the Draytek 2820 is a real router but you do have the option of turning it into a dumb ADSL modem:

    http://www.i-helpdesk.com.au/index.php?/Knowledgebase/Article/View/354/0/how-can-i-configure-my-vigor-router–in-bridged-mode

    Theres no double NAT going on here and the Draytek 2820 is purely a modem. No NAT. No wifi. No DHCP. No firewall!

    In fact, I have noticed my broadband speed has gone up from 8Mbit/s to 9Mbit/s.

    I am REALLY pleased with my SG-2440 purchase. I had my IPv6 tunnel up and running in no time. I'm really impressed with pfsense and the SG-2440.