Netgate pfsense SG 1100 Review & Speed Tests
HTML-код
- Опубликовано: 16 фев 2019
- Amazon Affiliate Store
➡️ www.amazon.com/shop/lawrences...
Gear we used on Kit (affiliate Links)
➡️ kit.co/lawrencesystems
Try ITProTV free of charge and get 30% off!
➡️ go.itpro.tv/lts
Use OfferCode LTSERVICES to get 5% off your order at
➡️ lawrence.video/techsupplydirect
Tesla Referral Program Offer
🚘 www.tesla.com/referral/thomas...
Lawrence Systems Shirts and Swag
👕 teespring.com/stores/lawrence...
Digital Ocean Offer Code
➡️ m.do.co/c/85de8d181725
HostiFi UniFi Cloud Hosting Service
➡️ hostifi.net/?via=lawrencesystems
Protect you privacy with a VPN from Private Internet Access
➡️ www.privateinternetaccess.com...
Google Fi Service Referral Code
📱g.co/fi/r/TA02XR
More Of Our Affiliates that help us out and can get you discounts!
➡️ www.lawrencesystems.com/partn...
Twitter
🐦 / tomlawrencetech
Patreon
🔗 / lawrencesystems
Our Forums
🔗 forums.lawrencesystems.com/
GitHub
🔗 github.com/lawrencesystems/
Discord
🔗 / discord
Our Web Site
🔗 www.lawrencesystems.com/
PIA Internet Access Affiliates Link
www.privateinternetaccess.com...
Official Netgate Link to purchase (NOT an Affiliate Link as I am not a re-seller)
www.netgate.com/solutions/pfs...
How to configure integrated Netgate Switches
www.netgate.com/resources/vid...
#pfsense #Firewalls 
Наука
kudos for saving the time , still watched the full video . thanks man
Great review Tom! Keep up the good work
Thanks for this video. I have been watching a lot of your videos here lately as I am looking for a better router/firewall for home use.
I've been anxiously waiting to see what you thought about this box. Thank you!
I almost bought one when I saw it on the Netgate website a couple months back. But I wanted to wait until you reviewed it! I knew you'd come through lol
Such uncreative scam.. u need to try more guy(s)
The pro at work. Thanks for the review.
Great video, really awesome info on all your videos. Any chance on the future for a review of the SG-5100?
Thanks for the review😀 have been waiting for this info. How well do you believe suricata or squid would run if added to the setup that you just reviewed?
For a home network you can get a quad core arm soc like the Rockchips etc with built in gig ethernet. My own Rockchip based soc runs armbian with pihole, samba, nfs, dlna, firewall, dhcp, dns over stubby (tls), 4 vlans and then some all without breaking a sweat, even while rsyncing backups over nfs at over 120 megabytes plus. Cable modem goes in through a usb2 ethernet adapter but you can also vlan it through a managed switch (roas).
The boards has versions (from the OEM) which have an sd card. You can get the board with 512 or 1 or 2 gigs of ram
This is a fantastic router for SOHO. If you compare it to high end devices is like trying to compare my wife's Kia spectra to a Porsche 911. The box is great for their specific use cases. Of course if you still try to race a Kia against a Porsche, you're going to have a clear winner. If you're watching this video and want a pfsense box for your home or small office don't hesitate.
was doing research on building a router kinda killed my idea watching and researching the sg-1100 short of the new banana pi router not much else that fits ALL my features i want , realistically 100mbs for me is great and being able to use the mpcie port for lte makes this device really cool for my use case !
Thanks for the video! Does this thing support "transparent" mode? Any ideas what a performance might be in L2 mode?
Cheers.
Just saw the video looks like a great small appliance. Can you provide an opinion? How would it work for small office with up to 6 users?
I bought the original SG-1000 via pre-order in November 2016. I believe this was the first ARM device they supported and sold directly. I paid $150USD plus freight. This device to this day still doesn't have support for the on board cryptographic accelerator. I contacted Netgate in early 2018 and was told that the drivers don't exist yet and that support is expected to be launched with pfSense 2.5. Buyer beware if you're expecting cryptographic accelerator support any time soon.
Actually, when it is detected (But inactive). It is because it has not been activated under the "Advanced Settings -> MIcs" menu. Setting it here will activate it standard for all crypto services. I honestly to not have a SG-1100, but it has been the case for all other PFsense boxes I've set up ... I'd appriciate if someone could confirm if it is the case with the SG-1100 also .... And sorry about your SG-1000 Brent. Does it has a AES chip onboard?
@@kimh9337 long response but you are 100% right it is disabled by default and must be enabled i have a 1100
I'm curious if you've tried loading pfsense on the non-netgate espressobin sbc that the sg1100 is based on since you have access to the firmware?
I wonder if it goes faster if you replaced the thermal paste with decent pads.
I'm thinking of changing my Edgerouter X + PiHole setup to something speedier when my house is routed for ethernet (been forced to use Powerlines at the moment).
Thank you for the warning
This a modified espressobin v7 .. they have removed the SD-slot and GPIO headers and added the verification chip ...
Exactly what I was going to say I have 2 Epressobin cards and wondered why you can't run PFSense on it I have no issue paying for the software as they have done the work to make it work correctly but why do I need to repurchase the hardware is just not right.
I hope pfsense will implement wireguard when 1.0 is released
Great review
Yeah, my old router/firewall at home has served me well but it's aging and running an older firewall distro and it really needs an upgrade. This looks like a way to go, a completely different quality level compared to the usual home router trash that's sold. I don't even want wifi on the router itself, for that matter - these days, you can buy good mesh systems that do a vastly better job anyway.
I recently moved to a Ubiquiti AP and it's been great. I have an old tower running PFsense, an 8 port desktop switch, and the AP for wireless. I don't like to have one system trying to do everything, it seems far better to get the right tools for each job.
Thanks for your review. Could you clarify whether those routing speeds in your test setup are with or without NAT.
With
What is the differencebetween this and the ESPRESSObin? Almost half the price.
Can I run NtopNG on any of those? SG-3100 or SG-1100? Is just for home usage.
Can I run all features on the 3100 ? no plans to use the VPN option.
Late to the party, again. Just got an SG-1100, I was using a Dell with pfsense, it was up and running. switched over to the SG1100, with no problems. So I was wondering what if I needed to do a clean install on SG1100. Looked at the specs and found the Micro USB is the console port. So do you use something like PUTTY to get to the SG1100 or will the SG1100 boot straight into the USB drive that has pfsense mounted on it? This is on a home network.
Waiting to set mine up. And, BTW, which video goes over setting up pfBlocker, for those of us who couldn't find it?
the title of the video is "Tutorial:Internet Filtering / Site Blocking Using pfblocker DNSBL on pfsense"
Pcengines' apu4c2 is right around the same price when you add in all the components you need, has 2x the ram, a fourth gigabit port, and at that price point would have a larger ssd.
And you said that the jumpers didn't jump out at you. ;)
I also used pcengines apus, I really like them, have about 40 in the field.
What I like about this device is the low power consumption.
The APU is a good option. They have AES-NI offload which will be required by upcoming pfSense releases (though of course I expect Netgate to support their own hardware regardless.) They do draw a little more power than these but nothing major.
please tell me more about the the requirement of upcoming pfSense releses. thx
@@kampfighterjet8662 They originally announced that the 2.5 will require AES-NI (or just built in AES crypto acceleration). Now, they've released this device. It's processor has AES acceleration, but drivers haven't been added to freebsd/pfsense.
And the other day, they said that 2.5.0 won't have the part that makes crypto a requirement. It's obvious that they'll release the "crypto-only" version only once in-OS-support exists for all their ARM AES crypto devices.
Do you buy direct from PC Engines? Or from a distributor?
Get a mikrotik if you want small box and GSM support...
I think you'd get better TCP perf in iperf3 if you changed the window setting. Just do -w 128M, and I bet you get over 900mbps.
Tom, great videos. What were the encryption settings and compression settings used in the OpenVPN portion of the testing? DH Parameter, Encryption Algorithm, NCP Algorithm, and Auth digest algorithm. Thanks in advance.
???
I am asking this question to compare my throughput. With IPVanish and their recommended settings, I am able to sustain ~120mb of my available 150mb internet connection using a Qotom I5 (with AES-NI) device through my VPN. I am wondering how you got such high throughput with such a low powered device. Is there an OpenVPN accelerator built in to this box? That's why I want to know the encryption settings.
@@jeffellington13 I think it's a fake test lol. He does a review of the sg3100 and says he won't do the openvpn test and that the company say up to 100MBs. So how the heck did he get 120 on the sg1100. No encryption? Lol. I don't even think the 3100 will get 100 stick with the qotom it's cheaper too.
@@cooloutac it is definitely not a powerhouse by any means. I’m a 12+ year user of pF and I have several deployments The unit I still use at home for over 2 years now is a Qotom i5 computer from Amazon. It has been a beast, running a few OpenVPN links and 7 vlans on my network flawlessly. When I bought the unit, I had to buy the ram separately and the ssd separate. I have no affiliation with any vendor at all and I tell you I am very pleased with my current config. I have 8gb ram and 128 Samsung ssd. This is the same computer with a different ram and ssd. I’m sure there is a newer version, but after running this unit, I cannot say enough good things about it.
Qotom Q355G4 4 LAN Mini PC 4Gb Ram 32Gb SSD Intel Core i5 Processor Fanless Mini PC Sophos Vyos Untangle Etc. www.amazon.com/dp/B071ZVQCYN/ref=cm_sw_r_cp_api_i_AJpNFbK7TFW2F
@@jeffellington13 I hear they are great and a great price
Would love to see a comparison to the edgerouter X.
edgerouter X does not have the same features.
hey the explanation of the jumpers is here on the globalscale website ftp://downloads.globalscaletechnologies.com/Downloads/Espressobin/ESPRESSObin%20V7/V7%20Quick%20Start%20Guide/
i think its for different boot options. the default globalscale boards have an SD card slot and netgate pfsense is using eMMC memory with uboot in the SPI so probably dont want to mess with the jumpers much.
Is there one you’d recommend with all the features at those speeds? TIA
that depends on the number of devices, for many networks the SG-3100 works great, but as your demands scale so does the need for faster hardware.
1:45 can you give an exemple of min cpu that could handle all that close to gb speed. Wont blame you if it doesnt just curious if intel nuc i5-4250u could handle.
probably
Do you have recommendations on how we can wallmount the SG-1100?
Zip ties
You should send me one
I have a 300/20 speed should I get this or the SG3100?
I was also considering an edge router.
depends on if you like features. The edge router has less of them.
This may sound stupid, I just want to make sure I’m getting this right before I buy this, I have a router from my ISP and I was thinking about replacing it. I should be able to use the SG-1100 as a router as well as a firewall? And why is it that I see so many people connect the SG-1100 to a switch? I saw someone on reddit say that it goes from modem -> SG-1100 -> switch ? Is this also correct or no?
It gets kind of complicated, because some ISP's don't just give out a straight up modem anymore, but an "all-in-one" device that acts as a modem, a router, a wireless AP and also has some wired switchports on the back (Typically a WAN port that connects to your modem, and then 4 or more LAN ports for end devices, such as PC's). You need to determine what you've got before you make a move.
The PFsense box will act as your router/firewall. It will route traffic between your internal network, and your ISP's network. One port will connect to your modem, and the other port will be your LAN port. There is usually one port that comes out of the LAN side, so without the switch, you would only be able to hook up one device at a time for internet access.
Instead, a switch is put in, and all devices will hook up to the ports on the switch. One switchport will be the PFsense box, and one port will probably go up to a wireless access point, which is basically just an entry point into the switch, for devices that do not have a physical Ethernet port.
The switch and the PFsense box are performing different functions, at different layers of the network stack. In simple terms, the switch is responsible for moving traffic around within your internal network, while the router (PFsense box in this case) is responsible for moving traffic between different networks (Between your internal network and your ISP's network).
They connect to switch for more ethernet ports or poe devices. Or to feel cool. Lol. And ya this can be a router and firewall.
Where can I buy the T-shirt?
teespring.com/en/get-cat-6
So this should be fine for home use, fiber 150/150, an unraid server, pc, not much hosted at home?
Yes
Good review. I didn’t buy one of these and went a different route as I was skeptical of the performance and especially its ability to run certain apps. But I agree it’s a bargain.
What did you go with?
This is a stupid question but where does this thing sit in my home network? From the WAN port on the netgate to a LAN port on my router? and from there it protects all of my devices on my network? I thought firewalls sit in front of the router. So it would make more sense that the ethernet cable from the antenna on my roof connected to the WAN on the Netgate and then an ethernet cable from the LAN on the Netgate to the WAN on my router. Even though that sounds wrong. lol HELP!
The latter. Lan to wan on router. Set router to ap mode make sure ur isp provide a modem.
Can be the OPT port configured as a second WAN port?
Yes
Ubiquiti has been doing for years now. Not sure why pfSense is so far behind!?
Has anyone else had a problem with "dodgy" ethernet ports on their SG-1100?
I've found that if I wiggle about the plug in the WAN port, it can lose connection.
(I've tried a couple of different cables.)
I still cannot get a VPN tunnel to my home IP for pfsense working
ruclips.net/video/dBOQnApxzzQ/видео.html
This dude does a solid tutorial, it helped me get mine working.
What are they going to do with all these "old" devices that don't support AES-NI when they get to v2.5?
This device has a crypto chip
@@LAWRENCESYSTEMS But currently not supported in the OS? I know the ARM port has a little way to go, maybe that's why.
@@LAWRENCESYSTEMS I was wondering about that
They ditched the requirement for AES-NI for 2.5. I saw that either on their website or Twitter account.
@@SpookyLurker The announcement wasn't that it was scrapped for 2.5 but that the requirement won't be in place for 2.5.0
As written, it leaves open the possibility of even 2.5.1 having the requirement.
the price is 170$, where you find it in 65$ ?
Based on your PF Sense recommendations, we decide to try one of these. Very poor performance. No rules on in/out, speed was 540Mbps, compared to an Edge Router X (Cheaper) nothing on, 890Mbps. Doing an RMA and trying a $380, 3100 next week. Hopefully it will out-perform the Edge-X.
As I said in the first 30 seconds of the video, if you want something faster, get the SG-3100.
Feedback please ^_^
Speed is not the only measurement for security.
They raised the price to $179. Why?
Hmm...this or EdgeRouter X?
Edge router for gaming. Pfsense for features
4 years and we still dont have a solution with all these features, for under 200$? ugh.
A cheap Gigabit port cost like 20 dollars with pci 1x connection to the mother board. LOL