An 11W pfSense Plus 1/2.5GbE Router, Firewall, and VPN Appliance

Рет қаралды 119,013

Күн бұрын

In our Netgate 4100 review, we see what this pfSense Plus-based router, firewall, VPN box, and more offers. We discuss OpenVPN performance, IPsec performance (using Intel QuickAssist), and do basic iperf3 testing across the 1GbE and 2.5GbE ports. Let us see what this Intel Atom C3338R processor-based system can handle.
STH Main Site Article: www.servethehome.com/netgate-...
STH Merch on Spring: the-sth-merch-shop.myteesprin...
STH Top 5 Weekly Newsletter: eepurl.com/dryM09
Join STH KZfaq membership to support the channel: / @servethehomevideo
----------------------------------------------------------------------
Where to Find STH
----------------------------------------------------------------------
STH Forums: forums.servethehome.com
Follow on Twitter: / servethehome
Follow on LinkedIn: / servethehome-com
Follow on Facebook: / servethehome
Follow on Instagram: / servethehome
----------------------------------------------------------------------
Timestamps
----------------------------------------------------------------------
00:00 Introduction
01:19 Netgate 4100 Hardware Overview
10:51 pfSense Plus Software Overview
13:10 1GbE, 2.5GbE, and VPN Performance
18:05 Power Consumption and Noise
20:09 Key Lessons Learned
24:27 Wrap-up
----------------------------------------------------------------------
Other STH Content Mentioned in this Video
----------------------------------------------------------------------
- Intel QuickAssist Adapter Guide by Generation: www.servethehome.com/intel-qu...
- Intel QAT 2016 - www.servethehome.com/intel-qu...
- Intel QAT 2017 - www.servethehome.com/intel-qu...
- Intel QuickAssist comes to FreeBSD in 2017 - www.servethehome.com/quickass...
- Topton and Kingnovy N5105 4x i225 Units: • NEW 2.5GbE Fanless Rou...
- Topton J4125 4x i225 Unit: • Physical or Virtual? A...
- Hunsn J4125 and i225 Unit: • 4x 2.5GbE Intel J4125 ...

Пікірлер: 181

@JeffGeerling Жыл бұрын

4:11 - Really wish WAN ports were at least 2.5G. At this point I'm not planning on buying any more 1G equipment, even though my current Cable ISP connection is 1G. I would like the flexibility for the day when I'll be able to get better-than-gigabit Internet.

@GlobalSourcing Жыл бұрын

Although I would prefer all 2.5 I think its still worth considering with the 4x 2.5gbe. As he said they're remappable. I dont have a use for more than 4x 2.5g outputs on my router/fw and that's just for dual redundancy.

@philliumo Жыл бұрын

I just spent the last week looking for a firewall for a business that has a 2Gb internet connection. There is NOTHING out there meant for business workloads that runs at 2Gb, everything jumps up to 10Gb and looking at new firewalls equipped with a 10Gb uplink is outrageously expensive. Ended up going with a used unit.

@cdoublejj Жыл бұрын

Yeah! What this guy said! Edit: then can one of the 2.5s be mapped as wan? Even then still would be nice if it was all 2.5g

@IJaggedl Жыл бұрын

@@cdoublejj Yes you can, but you just want to be aware that the physical labels on the hardware will no longer match the assignment in the PFSense UI.

@JasonsLabVideos Жыл бұрын

100% agree..

@LAWRENCESYSTEMS Жыл бұрын

I have been happy the new 4100 & 6100 models, we have installed a lot of these units in a lot of businesses.

@mountain7105 Жыл бұрын

POG

@OT-tn7ci Жыл бұрын

very pog. Is there like a vpn client i can install on my laptop and remotely connect to my office network if i install pfense in my business.

@mauirixxx Жыл бұрын

@@OT-tn7ci yes - OpenVPN, it's built into pfsense and there's a client export feature to make it suuuuper easy to get setup for multiple devices to connect to pfsense.

@mdd1963 7 ай бұрын

THanks, I had to look up wth 'POG' even allegedly means. It's even crappier than the word/expression 'based'... :)@@mountain7105

@christopherjackson2157 Жыл бұрын

11 watts is pretty much a killer feature in this space.

@junkerzn7312 Жыл бұрын

The unit looks quite nice. It has a comprehensive feature set, plenty of ports, its fanless (presumably), and low power... Burning just 11W 24x7 is perfect for numerous topologies, particularly homes. And I will note that the power supply input is 12VDC, which means that you can run it directly from the 12VDC output of any of the LiFePO4 power stations out there on the market to give yourself really decent backup during a power outage. Never mind having just an hour on a UPS, even a small 250Wh power station would be able to run this sucker for almost a whole day. Staying in the realm of DC on those power stations effectively doubles the efficiency... no AC-to-DC-to-AC conversions, just AC-to-DC. I'm starting to see a whole lot more of these low-power devices running on 12VDC these days instead of 5VDC. Not only do wall dongles run completely cool with higher output voltages, but it makes it possible to run many more devices directly from 12VDC sources for more serious backup operation with conversion losses that are no different from plugging the wall wart into the wall (and might possibly be lower, depending on how good the wall wart is). Since all modern devices need a switching DC-to-DC supply internally anyway to get 3.3V and 1.8V (etc), its just a whole lot better to start with a higher DC voltage on the input.

@coffeemaddan Жыл бұрын

Great content. The pluses, the minuses and a good overview. Thankyou :)

@ServeTheHomeVideo Жыл бұрын

Thank you coffeemaddan

@blendonator Жыл бұрын

I'm curious how hard something like snort affects the CPU on it. I'm also wondering if their drivers support snorts full blocking mode features that some chipsets lack support for, which limits the ability to warn on matches, instead only allowing one to pass or drop. I forget the exact name, but was disappointed to run into this limitation.

@bzmrgonz Жыл бұрын

The fact that the bottom plate serves as a heatsink, means that you should mount it on a wall and leave some space between it and the wall so heat can dissipate upwards. In this configuration, the screw-on power jack is a brilliant idea.

@spearheadconsulting5144 Жыл бұрын

I would say that maybe your channel name may be incorrect. You do a lot more than just home stuff. You are helping me as an I.T. professional. Great stuff. Thanks for these cool videos.

@SmartLifeEnthusiast Жыл бұрын

So if I understand switched vs unswitched correctly, the idea with the 4100 is that you could set each of the 4 ports to a specific VLAN (let's say management, LAN, IoT, and DMZ), hook those up to one or more managed switches and then hook up your devices to that/those switch(es)? Intra-VLAN traffic would then be managed by the switch, but inter-VLAN traffic would pass through the router?

@iankester-haney3315 Жыл бұрын

Really needs sfp+ for the combo ports. Silly to have 2.5 for lan but not lan. Minor misprint on the article. I didn't know Wireguard could do 10x the wire line speed.

@denvera1g1 Жыл бұрын

10:35 I wonder if you can replace it with the right tools, or if it is locked in the BIOS to that speciffic processor, like if you were to get a tray BGA CPU could you just get a heat gun and solder mask

@erikgiggey4783 Жыл бұрын

i have had mine a few months and it suits my needs perfectly, usually max of 2 users on vpn and no problems with usability. were not doing high bandwidth things but it does provide much better security thus far than my old junk asus

@code8986 Жыл бұрын

Do I understand correctly that pfSense (the non-Plus version) running on the same hardware would not make use of the Intel QAT acceleration feature?

@dogoku Жыл бұрын

I just bought a 5 port 2.5gb QNAP switch and a SeeedStudio Mini Router (Raspberry Pi CM4) for about half the price. The router comes with OpenWRT pre-installed, so I'll be going with that for now, but I wanna try OPNSense as well.

@brofights3138 Жыл бұрын

So an Ali box with OPNSense is better?

@ztech-consulting Жыл бұрын

It is. I got the topton box with the pentium and it’s a beast.

@johnknightiii1351 Жыл бұрын

At this price the i7 1165g7 with 6 x 2.5gbe is still cheaper and steamrolls this and the 6100, only downside is not having 10gbe.

@ztech-consulting Жыл бұрын

@@johnknightiii1351 For home use oh yeah big time, but if you're a MSP (Managed Service Provider) dealing with OEM's and getting their warranty for your customer is imperative.

@Phil-D83 Жыл бұрын

Switched from pfsense to opnsense because pfsense kept crashing after major updates.

@kc0eks Жыл бұрын

Installed a few of these lately and they run nic|band look decent with plenty of port.

@tracle8334 11 ай бұрын

if i have 5GB internet, can 4100 able to take advantage of the 5GB speed downloads on WAN port?

@Jorvs Жыл бұрын

c3558 5thgeneneration thats there 800$ vs N5105 10thgeneration is this corrrect? 5th gen? 2017? means they are just using old CPU to get more out it?

@rachet7307 Жыл бұрын

I really want to dump my R610 with 1 x Intel(R) Xeon(R) X5660 @ 2.80GHz and 24GB, I feel like it is a waste and it isn't being fully utilized, with this be a good replacement for a homelab running snort with a 1Gbps download 100ish Mbps upload, Internal 2.5 and 10 Gbps? I know this is hard to answer, but Is it way off to use a 4100? Thanks!

@deadlymarsupial1236 Жыл бұрын

If folks are going to invest in a premium product like the two mentioned then I would leave the switching to the switches and use the 4 ports for routing between vlans or segments. Many IT organisations choose to keep vlans simple in the sme client base to avoid tagging incompatibility issues between some brands of network gear and so lower level skillsets are needed to maintain and support the installation. The notion of switched lan ports even in a router would put it in the domestic router category and being a firewall having all the lan ports switched would be a big letdown.

@johntrussell7228 Жыл бұрын

Would love to see you do a deep dive into a Firewalla Gold or the new Firewalla Gold 2.5G version.

@dcuccia Жыл бұрын

Came here to say the same thing re: Gold 2.5G when it arrives. Presale just started...

@ServeTheHomeVideo Жыл бұрын

Looks like a *VERY* similar internal layout to the 4x 2.5GbE AliExpress units we have used, with a few differences on the motherboard. It is strange that their WireGuard and OpenVPN numbers are so low though. This 2C C3338R can push almost 2x what Firewalla is claiming and the AliExpress boxes can do much more than that.

@Christobevii3 Жыл бұрын

@@ServeTheHomeVideo what openvpn and wireguard speeds did you see on the aliexpress and netgate unit? The firewalla gold is more flow based than port based so the packet inspection is more intensive. With that said, the wireguard addition can see 200mbs alledgedly. I'll have to find a decent enough external connection to test it. The ease of use between home unit vs a netgate though is where it fits well. Also a very well supported unit without paying for support. So you pay that upfront but have a great support response on reddit and through email. I ordered a 2.5g unit but I'll see what their support says about sending you one or could let you borrow the 1g or 2.5g when i get it in Q1.

@mcury85 Жыл бұрын

Hey, what tool did you use to open it? I can't find this info anywhere.. I can see that there are two different types.

@ionmihai79 Жыл бұрын

any idea who makes the OEM boards? and can we buy them from Aliexpress?

@Duke.Chocula Жыл бұрын

Silicom Cordoba

@alpine7840 Жыл бұрын

So I want some opinions if this is overkill. I brought home a computer that we were going to destroy at work as it was just too old. It’s an i3-4150 With 16 gigs of RAM and a 120gb intel 330 series SSD. I have Comcast one gig down 40 mb up and the built in Realtek and the PCI-e Realtek cards were only getting 330mb to the FW. Found an article about slow performance with realtek cards. I won an Intel X550 10gb dual card at a vendor show that I have not used. I installed it and now I get full gig speed down. My question is…..is this massive overkill? I have snort, DHCP, DNS, and OPENVPN running on it. Just thinking that maybe I can use a lower performance system and get the same amazing performance that this one gets. Power is not an issue as this running off a solar system with battery power.

@g2netsul374 Жыл бұрын

I have this hardware in my company, not from Netgate but from Silicon (its the same exactly hardware anyway), and i have tried to change the OS inside a few times but without success... is there any way to install another headless distro in this thing? I really want to install Debian 11 on it. Even connected by serial console, none of the headless distros i have found can be installed on it. Am i stuck with the default Ubuntu?

@ServeTheHomeVideo Жыл бұрын

Hi G2 Net Sul - we have not gotten one of these from Silicom so I have no idea what their firmware is like.

@juandavidmarin230 Жыл бұрын

Do you know what is the acceptable temperature for this device? mine feels kind of hot without having so much work, I would appreciate any answer back thanks!

@ServeTheHomeVideo Жыл бұрын

I am not entirely sure. The C3338R is 88C Tcase. The underlying platform for the 4100 is designed to take much hotter chips and components (e.g. bigger CPUs) and use the same cooling. On the 4100 the heatsink gets warm as it should, but I am not worried about it.

@zachariah380 Жыл бұрын

@@ServeTheHomeVideo seems like poor design to put the heatsink on the bottom of the unit. Heat rises, so sinks on the top cause airflow via convection. That's extremely limited by the looks of this heatsink on the bottom.

@skyline8121 Жыл бұрын

Hi patrick, can you do a video comparison between the cheap box vs netgate box, from a performance point?

@alexatkin Жыл бұрын

The N5105 is about two to three times the speed on OpenVPN in my experience.

@ServeTheHomeVideo Жыл бұрын

Discussed it in the video and main site. This CPU is maybe 34-38% of a N5105 in terms of speed. Lower power and QAT to offset on the C3338R

@Phil-D83 Жыл бұрын

Been using a ryzen 3200g diy build from 2019 as my opnsense box. (Core2 quad i had in it died). Uses more power, but devours this box in terms of vpn performance.

@PowerUsr1 Жыл бұрын

Is the Atom chip on this thing really that good? I mean, i cant imagine running Suricata on this thing as the processor will choke.

@ServeTheHomeVideo Жыл бұрын

Right, but remember that this is the lower-end x86 box. As mentioned in the key lessons learned and in the main site review, Rohit and I think the 6100 will be a better fit for many users.

@gabrielherz2781 Жыл бұрын

But, with 1100 i have more than enough, why i have to buu 4100 of i only have 3 computers and 2 cellphones in my network lan????

@ab2tract Жыл бұрын

there seemed to be grommets that might be for wifi...i wonder what the power draw would be if it had wifi running

@ServeTheHomeVideo Жыл бұрын

It likely is for another version of the Silicom Cordoba platform this is based on.

@iScherma Жыл бұрын

Hey Patrick, I'm not sure if it's the right spot to make a video request but what are the current options for "DIY" NAS chassis? I can't seem to find the ones you suggested awhile ago like the Norco DS-12D. I'm trying to improve my homelab with a rack mounted NAS chassis that's not too long and it has at least 10Gbps network and read/write speeds, so using a short-depth 1U or 2U server with external SAS cables to a NAS/SAN/JBOD enclosure looked like a good idea, but I can't seem to find any available.

@ServeTheHomeVideo Жыл бұрын

Hi Icaro - my suggestion is to ask in the DIY server builds in our forums. Likely folks have a few options there. I have been using the 24- bay Supermicro units from eBay but those are probably not short enough for what you want

@alexatkin Жыл бұрын

Using a PoE splitter my switch claims the N5105 uses a similar power consumption when idle.

@concinnus Жыл бұрын

The power bricks the AliEx boxes come with are generally terrible.

@alexatkin Жыл бұрын

@@concinnus And I kinda figured that a DC to DC conversion would be even more efficient than a good power brick, as some of the AC to DC losses can somewhat be ignored as they're shared across every PoE device. Maybe my UPS and switch do not report entirely accurate loads, but between the two it doesn't seem to report a significant power draw increase as I add PoE devices to the switch. Annoyingly I can't really measure the router over time as my switch doesn't expose PoE power consumption over SNMP for some bizarre reason.

@concinnus Жыл бұрын

@@alexatkin A good power brick is 90+ % efficient (and DC-DC a little better), but the sketchy uncertified bricks are more like 70%. So a 10W device that should be 11W at the wall will be more like 15W, which is around StH's idle numbers for the 5105 box iirc. Note that you can also get Chinese OEM boxes with better (certified, at least) bricks from e.g. Protectli, while name brands like Netgear or D-Link have used garbage bricks at times.

@javaman2883 Жыл бұрын

Is there a benefit to the 2.5GbE LAN ports if there's no 2.5GbE WAN port?

@cgaquikkie Жыл бұрын

I don't know about your network but my internal network is an order of magnitude faster than the internet connection - that goes for my home network or the one I look after for a job. So for me, it makes sense. YMMV

@p4wk0r Жыл бұрын

yes

@thelanecampbell Жыл бұрын

Can it run opnsense?

@stevec00ps Жыл бұрын

Can this run Sophos XG?

@beauregardslim1914 Жыл бұрын

Odd that they put the label on the bottom but also expect it to be screwed to a wall. Or maybe this was by design?

@leek4994 Жыл бұрын

Not sure why my comment isn't showing up any more, but please read up on "pfSense Plus". If you're still thinking it's a vetted open source project. The commercial product this equipment runs is called pfSense Plus which is ___closed source___ and has it has tracking software and remote shutdown software installed based off their tracking ID called a "Netgate Device ID". I don't think I can post any links to the Evaluation Agreement for the remote shutdown code verbiage or the "Announcing pfSense Plus" pages but they even specify moving past the "limitations of open source software" even though they don't specifically state it's now closed source.

@efimovv Жыл бұрын

Awesome thing, thanks for the info. On the other side I got one of the "small aliexpress boxes" and see kind of "debug bios" or mode in it... One part of setup just made me love them: Intel ME settings unlocked and I can turn off part by part or all sections together when I want.

@Subasically Жыл бұрын

Thanks for the info!

@williamp6800 2 ай бұрын

pfSense community edition remains 100% open source. Yes pfSense Plus has a few added features. Yes it is standard on Netgste devices. And you can buy a yearly licence for it. Don’t forget Netgate is a significant upstream to FreeBSD, the open source project that it sits on top or. But pfSense Community Edition, the version everyone has used for years, is still 100% open source and still free.

@henderstech Жыл бұрын

Just got fiber internet and the router from the isp is really bad. Its a "Nokia beam". I need to find a mini pc that has dual nic for pf sense. hopefully I can find a low cost one.

@OVERKILL_PINBALL Жыл бұрын

It is hard to beat the *SuperMicro X11SDV-4C-TP8F* platform such as the *Supermicro E300-9D-4CN8TP* for pfSense, Untangle, etc. especially with all those 10Gb ports. Perhaps slightly more expensive but definitely comparable.

@deadlymarsupial1236 Жыл бұрын

As a reseller integrator I wish that in my market (australia) , that it's authorised distribution channels would make these boards available. Further even the big box movers that do supply supermicro mainboards do not cover a sufficient range. Sadly, this has resulted to me having to seek alternative brands many a time over the last two years.

@ServeTheHomeVideo Жыл бұрын

Also much higher power. But yes, they are faster.

@lilietto1 Жыл бұрын

From what I can see it costs double the price.

@mwahlert Жыл бұрын

If I may offer some constructive criticism, this video would benefit from post processing the audio with a compressor. It would really help normalize the volume level of your dialog.

@gowinfanless 9 ай бұрын

Nice one, but why it is so big?!

@mpitogo Жыл бұрын

Would be nice if the WAN ports were also 2.5G. Wonder if the 2.5G LAN ports can be used for WAN.

@jay-ru-me Жыл бұрын

Yes. He mentions exactly this in the video.

@smptactical259 Жыл бұрын

@@jay-ru-me Right, at 4:30 he says WAN ports can be reconfigured as LAN or something else and will be a mismatch in the UI. But he doesn’t specifically mention if I can configure any of the LAN ports as WAN. If that is the case they should have just labeled every port from P0 to P6 and let us decide. My Asus ET12 is currently using 2.5 on the wan and 2.5 to my LAN switch. Theoretically I can use that appliance LAN1 as WAN to my ISP and LAN2 to my Asus WAN to further isolate internal network.

@jay-ru-me Жыл бұрын

@@smptactical259 Thought he said it could go both ways but IDK, dont feel like watching the video again. :D I know for sure you can reassign any port as WAN, LAN, OPT or whatever. Going with defaults though would probably save you a step in the case where you need to restore a backup, since the default assignments would not have to be reconfigured. I suppose with the 4100 you would want a 2.5Gb setup as WAN tho... heck, I would just get the 6100 where the two WAN ports are already 10Gb anyway.

@OT-tn7ci Жыл бұрын

Can someone expand on this IPSec for me in detail?

@Nobe_Oddy Жыл бұрын

LMAO!!! @ 14:29 "now that was pretty long here on QAT" - it was ONE MINUTE!!! HAHA!!! How much RAMBLING did they cut out Patrick?? I really wanna know more about this QAT you speak of.... it sounds to me like it's a 'specialized processor' meant to do one specific task (cryptography in this case) that I keep hearing about... (I can't remember if it was Intel or AMD that is focusing on having more and more "accelerators/specialized processors" on their chips to offload these tasks away from the CPU so it can focus on the generalized tasks - which is GENIUS in theory, but you're gonna need a specialized processor just to assign these tasks to the separate processors... which WILL require more integration with the OS when it comes to a normal desktop computer.... I want to say it's Intel focusing on this, but I feel like AMD doing it makes more sense with their chiplet configurations making it easier to mix-n-match custom ships for this.... wow, this is WAY OFF TOPIC) I wonder how well this QAT stuff will work with DPUs in the future....

@lua-nya Жыл бұрын

My immediate response to it running pfsense plus was "how about regular pfsense?".

@ramosel Жыл бұрын

I run the NetGate SG-4860 which is the prior generation of what is now the 4100. Running QAT and AES-NI. I will never go back to plastic box router. Would never go back to a PC based running software router. These units are always able to do more than I ask of them. Running Empora on the power side, it usually runs between 7-10 watts with 3 functioning LAN networks. Nice when you are off grid and rural. Yep, expensive, but worth it. Thanks for the review of the new model.

@ValdeSanus Жыл бұрын

An Intel product that doesn't need a nuclear reactor to use!

@nommindymple6241 Жыл бұрын

What about WireGuard? It's built in, but you didn't test it.

@mveldt Жыл бұрын

Wireguard is not build in anymore in the core system, it's a package now in the package manager.

@nommindymple6241 Жыл бұрын

@@mveldt Oops. You're right. I forgot about the change.

@Prophes0r Жыл бұрын

I'm VERY confused by the desktop form factor. Who is the target market for this? I assume 100% of people who operate their own soft router/firewall either have some sort of rack, or are doing it on old/used hardware and therefor aren't buying an expensive 1st party unit. Can someone explain this to me without having to resort to *shrug I guess it's cool?

@guy_autordie Жыл бұрын

Many (too many) SOHO don't have a rack. Just shelves. That's sad.

@ramosel Жыл бұрын

Once you jump to the next model up, they are available in both desktop and 1U rack versions. Having a desktop is preferred in my case. I have a dedicated TE closet but don't want to take up floor space for a rack, not even a half rack. I have custom built consoles for all my network, TV distribution, alarm, Generator monitor, etc... my console for my SG-4860 also includes a wall mount Raspberry Pi I use for both web connection to the pfSense SG-4860 and for console connection as well. Why waste a rack mount footprint and volume on something this size and an R-Pi. I get it, I used to think I had to have a rack or three too. But I soon dropped the ego and gained space.

@shambles3833 Жыл бұрын

Netgate is a hard sell in the SMB space. $1200 for their lowest end rack mount unit. Even this 4100 is $600. Tough sell against the UDM Pro at $380 that gives you 10Gig on both a WAN and LAN port.

@Prophes0r Жыл бұрын

@@shambles3833 I'm not saying anything is a good or bad deal. I'm looking at the features and asking 'why?'. The difference in manufacturing cost between a desktop and rackmount form factor might as well be a rounding error. So I'm interested in why the decision itself was made. Clearly there will always be SOMEONE interested in just about anything. But when I see a product, and then look at how I think people are actually using it, sometimes I just don't get it.

@shambles3833 Жыл бұрын

@@Prophes0r I'm saying that along with the pricing the form factor is a large hindrance to me to be able to recommend Netgate's as my standard deployment to SMB clients. I like pfsense a lot, and would be ok with giving up central management if the hardware was more compelling. I'm not willing to toss a bunch of desktop form factor equipment in network cabinets.

@PitFighter2007 Жыл бұрын

$800 aud plus in Australia.

@BrianG61UK Жыл бұрын

So basically QAT is like the ipsec acceleration that little mips processors have had for ages.

@andreas7944 Жыл бұрын

Yes and no. You need to choose a cypher suit supported by QAT and a software that supports hardware acceleration. But encryption is not the only use case of QAT. It also speeds up compression and a few other things. So its a nice to have for network devices or web servers.

@BrianG61UK Жыл бұрын

Netgate didn't have to choose between four switched ports and four separate interfaces. They should have used a VLAN aware switch and got the best of both worlds (like on the Ubiquiti EdgeRouter X).

@alexatkin Жыл бұрын

This is generally how switches on routers work, the bottleneck is the internal port back into the SoC which if its 2.5Gbit then that's still the maximum you have between the switch and the SoC. So they would need the extra cost of it being a 10Gbit switch and 10Gbit port in the SoC, so that the four ports can never bottleneck to the SoC. I suppose they could have still had four 2.5Gbit to the switch, then four physical ports (an 8 port switch internally) so you could do a 1:1 bridge between the ports, but would that be any better than software bridging the ports? Also again, it increases cost, when the CPU is already very weak for 2.5Gbit.

@BrianG61UK Жыл бұрын

@@alexatkin I was hoping there was a chip that could do it without there being an actual Ethernet link, with it's associated speed limit, between the CPU and the switch, just a direct PCIE (or whatever) connection.

@alexatkin Жыл бұрын

@@BrianG61UK Not that I'm aware of, given it wouldn't have FreeBSD drivers if there were. It's all the same tech as external switches, ethernet ports, etc, just hard wired on the PCB.

@thegorn 8 ай бұрын

I can't stand switch ports on routers. Switch ports belong on switches. Give me discrete routed ports every time.

@excitedbox5705 Жыл бұрын

I think the big problem is more that Open Source projects build a user base and then neuter the free version, making it useless and screwing people who have invested time and effort into making their product what it is in the first place. Also outrageous high prices for all features that make the product usable at all. It would be much better to have a low cost middle ground that lets you pick a couple premium features instead of an all or nothing.

@YeOldeTraveller Жыл бұрын

Do you have an example of a feature that was removed from the CE version of pfSense?

@Prophes0r Жыл бұрын

You can't excuse [bad thing] by pointing out that it's just how [system] works. That doesn't justify the [bad thing]. It condemns the [system]. Gutting features from your Open Source project so you can lock them behind your paid version is inexcusable. Charging for SUPPORT is totally fine. That's a service. But replacing a [feature] with an ad box telling you to upgrade to a paid version just because "gotta make money" is NOT.

@mjmeans7983 Жыл бұрын

It's 10 times more expensive than I want to spend.

@HeineChristensen Жыл бұрын

😍pfsense😍

@fastjp72 Жыл бұрын

I used pfsense for over a decade then they started this plus model which I don't care for so I switched to opnsense and I am glad I did because I like it better.

@brandonedwards7166 Жыл бұрын

If you put a couple sfp fiber adapters in it and use all 4 ports at 2.5gb i bet you will come close to 60w

@ServeTheHomeVideo Жыл бұрын

The 60W power brick is shared with higher power models. I think it was just easier for Netgate to standardize on one and then use it across products.

@MarkRose1337 Жыл бұрын

I was excited until I saw the WAN port speed.

@Felamine Жыл бұрын

You can go into Pfsense and re-designate one of the LAN ports as the WAN and get that port's maximum speed. Though it's still weird that they would have one slower port.

@HSAC.WDTK.DTKT.LFO. Жыл бұрын

He is the Doug DeMuro of networking!

@ServeTheHomeVideo Жыл бұрын

Ha!

@HSAC.WDTK.DTKT.LFO. Жыл бұрын

@@ServeTheHomeVideo More Quirks and Features! :-D

@SrSilverstars Жыл бұрын

This is expensive for what it is... Good video though.

@guidon.5413 Жыл бұрын

A heat sink UNDER a unit is really weird ... it defeats the purpose if the unit is meant to sit flat. How is that supposed to work without outside active air movement? Only mounted to a wall to create an air chimney?

@ServeTheHomeVideo Жыл бұрын

Not really sure but it worked for months without issue even in a 86F / 30C ambient. This design is actually for much higher power CPUs so for 11W it is not much of an issue.

@guidon.5413 Жыл бұрын

@@ServeTheHomeVideo I can believe that it isn't a problem for the 11W system, but I've also found my SG2100 getting much warmer than I thought it should. Not sure whether the thermal design of the Netgate appliances is all that good. It seems adequate, which might be all that is needed, just thought it could be a lot better with some fairly simple changes.

@thegorn 8 ай бұрын

Needs to drop the price by about $150 and at the same time, up the RAM to 8GB. You'd have to be really pinching pennies to get this over the 6100.

@frankfix247 Жыл бұрын

Forums flows over in regards to massive failure with the embedded eMMC on these. Build your own cheaper and faster with lots of expandability options and donate if you want to support Netgate.

@thegorn 8 ай бұрын

damn that's no good. They should come with nvme M.2 ssds, not storage soldered on.

@jabezhane Жыл бұрын

if it just had a VDSL modem in it...

@pbrigham Жыл бұрын

For 600USD I will get a 10GB Router and 8 Port SPF+ switch( Also 10GB for those who don't know) and from two different brands if needed, I don't know what NETGATE is smoking regarding theirs prices.

@YeOldeTraveller Жыл бұрын

Do you have an example of this combination?

@pbrigham Жыл бұрын

@@YeOldeTraveller 1-Mikrotik, Routers RB5009UG+S+IN ( $219.00 ) RB5009UPr+S+IN with 8 Poe ports af/at as a bonus ( $299.00 ),Switch CRS309-1G-8S+IN ( $269.00 ). 2-Unifi, Router UDM-Pro($379.00), Switch USW-Aggregation($269.00).

@YeOldeTraveller Жыл бұрын

@@pbrigham Thanks. I agree that these meet that stated claim. I would argue that the firewall solution provided by pfSense is better, but value depends on personal evaluation of the differences.

@pbrigham Жыл бұрын

@@YeOldeTraveller Yup, and I like Pfsense, but I will never buy a NETGATE gear at this prices. And by the way, they only started now selling this 2.5GB models because Aliexpress apear with 2.5GB gear, otherwise they will still be charging this fortunes for the 1GB ones.

@FriedrichWinkler Жыл бұрын

Wish you would have shown under the heatsink

@darianstultz6778 Жыл бұрын

Great video. Recommend not purchasing support contract from Netsense. Lack of leadership makes the experience such that each submission comes from a different tech. No continuity and no way to learn. This is how you familiarize yourself to be a good admin - solid with no holes for the bad guys to exploit. I have wasted $400 or so with a support subscription. If they add phone support I can be solved in a jiff, and not back and forth with emails to different techs with different times. Responses are lagged too. Not a professional organization, my client purchased a different software package. The company could be great, FOSS is normally better. and I pay for support to help developers. Other peers also feel upper Netgate management has to change or what follows is decline in growth. I am open ears to other support vendors and monitoring tools. P.S. my ask was to the President after getting nowhere in lower levels. d

@spyderbender Жыл бұрын

Too bad it took too long to come out with a 2.5gbe box.... I already have a China box.

@theJonnymac Жыл бұрын

its just so disappointing to see 1G wan ports, 1Gb fiber is becoming more common and a 1G wan port isn’t fast enough. I wanted to buy a wired router with 2.5Gbe ethernet and no wireless and I couldn’t buy one without getting enterprise gear.

@kevin666b Жыл бұрын

wish it had sfp+ lol

@ServeTheHomeVideo Жыл бұрын

Not really fast enough for 10G.

@kevin666b Жыл бұрын

@@ServeTheHomeVideo is the m2 slot pcie? Get one of those adapters and hook an x520 to it and see 🤣 just nat no fancy firewall rules of course

@shephusted2714 Жыл бұрын

goto opnsense which is a fork with a lot of support - runs well and also offers pro support

@shephusted2714 Жыл бұрын

you should fork your mkt algo to more agnostic but understand you have to make money but selling it all and not being basically just a sales guy for a certain product does not help your rep among professionals - you should sell but stay above the fray ideally - smb needs to go to 100g - 100g switches are less than 1k now, wireguard decimates openvpn also - since people are geting faster fiber now they want to upgrade their networks

@rashie Жыл бұрын

👍👍

@stevenmishos Жыл бұрын

Just get the 6100.

@platin2148 Жыл бұрын

They seem to not sell to end consumers for even half of the original netgate prices.

@alc5440 Жыл бұрын

That's my thought too. The 4100 is cheaper but it's not a good value. The 6100 is definitely the sweet spot in Netgate's lineup.

@ServeTheHomeVideo Жыл бұрын

I think that is where Rohit landed in the STH main site review

@vidsscreen Жыл бұрын

RETURN TOO 13.05

@mrpops2ko Жыл бұрын

meh, kinda sucks that the CPU is trash. lots of end users want significant OpenVPN performance, as well as things like FQ_CODEL and SNORT / PfBlockerNG. This CPU will on its ass 10 minutes in lol

@ServeTheHomeVideo Жыл бұрын

That is the point of having a line though. Offering different price/ performance points for different needs. When we just need a GPU for the lab, something like an old GTX 1030 or GTX 1050 is awesome. When it comes to picking a GPU to pair with the Threadripper Pro 5995WX, usually it is much bigger and more expensive. This is Netgate's lowest-end x86 box.

@TheHoldenmcgroin Жыл бұрын

$700, really....

@skaltura Жыл бұрын

600$ .... yeah, nice hw but .... 600$

@mikejakubik Жыл бұрын

Only 1GbE for WAN? No thanks... when will HW manufacturers catch up... i get over 2Gb from my ISP...

@TechySpeaking Жыл бұрын

First

@kco1270 Жыл бұрын

♥️ OSS. F Juniper et al.

@zachariah380 Жыл бұрын

Seems like poor design to put the heatsink on the bottom of the unit. Heat rises, so sinks on the top cause airflow via convection. That's extremely limited by the looks of this heatsink on the bottom.