Netgate 6100 pfsense Firewall Review

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

It looks nice, i just wish it had the ability to have dual psu. I also agree with the silk screening naming, they should just label the ports eth0-x.

👍︎︎ 15 👤︎︎ u/demonfurbie 📅︎︎ Sep 01 2021 🗫︎ replies

Honestly this looks like a product I would actually want to buy instead of building one myself. The price point isn't outlandish and it has all the connectivity I desire.

👍︎︎ 10 👤︎︎ u/i_mormon_stuff 📅︎︎ Sep 01 2021 🗫︎ replies

Looks like a great device. Good port offering. I just wished that they had a rack mount option at that price point. I really don’t think it’s too much to ask.

👍︎︎ 3 👤︎︎ u/snesboy64 📅︎︎ Sep 01 2021 🗫︎ replies

YOU ARE BIASED!

Edit: I am joking.

👍︎︎ 6 👤︎︎ u/Gcon4000 📅︎︎ Sep 01 2021 🗫︎ replies

I wish Netgate would create or partner with a basic logging or even an SIEM solution.

Looks like a decent little box for a beefy home lab

👍︎︎ 1 👤︎︎ u/[deleted] 📅︎︎ Sep 01 2021 🗫︎ replies

What if this is sitting on a table. Will it make it very hot since that huge metal heat sink touches it?

👍︎︎ 1 👤︎︎ u/illathon 📅︎︎ Sep 02 2021 🗫︎ replies

This reminds me of my Netgate 4860. The 4860 had a rackmount option. The 6100 would be a decent upgrade. I could see some demand for a rackmount option. Maybe they will just update the 7100 with 2.5G ports for a rackmount option.

What is the design choice to use micro-USB for the console port? My other networking devices have moved to USB-C.

👍︎︎ 1 👤︎︎ u/ggoldfingerd 📅︎︎ Sep 02 2021 🗫︎ replies

Does anyone know if the sfp+ ports can negotiate down to 2.5gb?

👍︎︎ 1 👤︎︎ u/Jealous_Command_6165 📅︎︎ Sep 18 2021 🗫︎ replies

Captions

tom here from lawrence systems and this is a neckgate sg 6100 i actually was provided this device by neckgate so full disclosure up front on this in june of 2021 they sent this to me so i could do a more in-depth and more long-term review that being said they do not get any pre-release copy of this video to critique it or change it the opinions in this video are all my own and for those of you that think i'm biased yeah you'll still comment down below and put all caps lock on and complain that's fine all right now that we've got that part out of the way disclosures and what do i think of the device is the more important thing i do like this device not because they sent it to me but because i think it's a really solid product from netgate i've if you follow this channel i've got quite a few videos on both pfsense and a lot of the netgate hardware provides a nice stable predictable platform for building out firewalls but i do want to complain about at least one minor thing that causes a lot of questions and it's actually aesthetics it's the silk screening on here that labels all these ports as wan and lan they are discrete ports we'll get more detail on that later in the video but the discrete port means they can be easily reassigned there's no special back end they're individualized ports that can be assigned lan or when and that includes the 10 gig ones despite having the self training saying lan on them they're easily assigned to be land ports or lan and win ports however you want the same thing with the two and a half gig ports on the other end here they are assignable even though silk screened as lan any one individual port or all of them or any combination of them can be assigned to different network functions like lan or wham so i want to get that out of the way and talk about these rj45 sfp plus adapters yes they physically fit in because this is an sfp plus cage and it is 10 gig physically fitting in and working are two different things officially from netgate these are not supported this port here the 10 gig ports or even the one gig sfp ports are designed for fiber connections or your dac cable connections they are not designed for officially being used for rj45 10g connections that's just one of those little details i wanted to make sure it's up front so i know that question comes up it's come up in some of the other devices i reviewed like the higher end models they have this is common for a lot of firewalls they don't always have 10 gig support in terms of rj45 they usually have sfp there are some heat issues now someone may comment below and you would not be wrong that if you guessed that does it work with some situations maybe even ones i've tested yes but that's different than being officially supported from netgate take the time to read the fine manual that i will leave link down below where they tell you what exactly is supported on here essentially they support fiber and dac as i said they specifically asked they'd be tagged for intel thus the ones that guaranteed to work but i've actually had some luck working with a few non-intel dac cables they were labeled something else but overall if you get the intel labeled cables uh labeled firmware that comes on the dac i have a whole video on deck i'll leave below talks a little bit more about that but yes they work perfectly fine in this next thing is the relationship i have with netgate just so that's very clear i'm not a neck netgate reseller i have no offer codes or affiliate codes if you like to buy this product you buy it from netgate i get no commission on there um just an fyi on that so now that all that's out of the way let's dive into the details but first if you'd like to learn more about me and my company head over to laurentsystems.com if you'd like to hire a share project there's a hires button right at the top which includes consulting for network engineering if you'd like to support this channel other ways there's affiliate links down below to get your deals and discounts on products and services we talk about on this channel now the first thing i want to do is take it apart because i like to see what's inside things i know a lot of you do as well it comes apart relatively easy there's just these few screws that hold it in so there's not too much to remove i did remove the little side plate here where the usb are because it makes it a little bit easier to do this you just tilt and it comes right out the case itself really simple um not much there plastic but the industrial design of this is really nice the gaps on the sides you see here are to facilitate cooling if you look at an angle here you'll see where the gaps are in terms of when it's setting flush it actually isn't flush it has this kind of air gap right here to allow the heat to flow out and around the device matter of fact around is as i said when you look at it from an overhead view why it kind of has this shape right here the heat can go here here and the perforations all throughout the case itself allows for that to occur now it does have and this is covered under a plate when it's in the case it's removable so you do not have to take it apart to get to this dual sim slots connected to the m2 and this is one of those things that's highlighted in the netgate video and all the reasons i suggest you watch it is just because it has some of these extra slots and these sim slots doesn't automatically mean as of right now august of 2021 it fully supports things like lte they have some future plans for this but not everything is supported so you can't just willy-nilly plug whatever you want in here and hope it works you have to go wait for official netgate support to tell you what is exactly supported on here that is discussed in that netgate video a little bit more depth so i do encourage you watch the decade video that is on their site i'll leave a link to that as well now as far as other ports we do have usb 3 that is on the side here along with a power and reset button and then we'll come over to the one serviceable part inside which is going to be the battery in there outside of the battery if it's not officially supported by netgate just because these slots as i said they're not necessarily something you need to service or plug anything into now let's cover the ports themselves starting at the end here we have the cisco console port and it is also above a micro usb you can use either or so if you have the cisco cable that's great if you have a micro usb you can use that too pretty simple the combo ports these are interesting because they are automatic sensing combo ports so these act as one physical discrete port inside of pfsense when two does the same and it determines whichever medium you have plugged in so you can provide sfp one gig or rj45 one gig and it will automatically determine which one is plugged in it is not designed to use both of these simultaneously this is one port here labeled as wan but of course can be reassigned this one's labeled as lan 2 but of course could be reassigned it does the same thing in the middle is where we have the two 10 gig ports labeled wan 3 and wan 4. once again fully reassignable discrete ports and do support sfp plus 10 gig connections on here but as i stated earlier in the video these are not supported so the rj45s although you may find some that work you won't find official support for these these were designed to use either fiber or a twin-x dac style cable inside of here both passive or active dac will work in these then we have the lan lan one two three and four and no these are not a switch port these are discrete individual ports they are two and a half gig and can be reassigned to however you like so despite what the slow screen says feel free to assign these in any combination of lan wan or other option ports for different network segments that you want they are not configured at all out of the box as a switch and there's no special vlan configuration you have to do on the back end to get these to be discrete ports that are just out of the box default discrete ports and then we have this barrel connector on the end here and the nice thing about these type of connectors is they screw in so when you put the power on it like this and tighten it it's really solid and you're not going to be able to easily pull out the power on this particular device so you can see and i don't recommend you try this at home but yes you can hold the device from it um this is probably not officially endorsed at all by netgate to do this but i'm just pointing out the fact that yeah i like these barrel connectors they're really solid uh they keep you from accidentally unplugging the firewall and making people really unhappy now let's take a look here on the ncaa website we have the pre-order still on here depending on when you're watching this this is august the end of august 2021 but depending on where the supply chain issues are and hopefully you're watching this in the future where supply chain issues have all been resolved and there's no longer problems but they are shipping these devices out right now we have the 8 gig base model with 16 gigs of storage for 6.99 or the max which is 8 gigs and 120 giga storage do you need the extra storage yeah it kind of depends if you'd like to store a few pcap files or lots of logs on the system if not the 16 gig may be perfectly fine for your needs they also do have and i do not have one here to demo but it is in the video that we'll talk about in a second a wall mount kit for 24.99 then they have the pricing for different support options then they have this video right here is what i mentioned which is also linked down below uh it is the official video from neck 8 on their product they talk a lot of details like i said highly worth watching now scroll down here and they have all the marketing and all the different advertising stuff and they do their own testing so they do accurately tell you how fast it can route at we're going to dive into some of the finer details of that because there's the broader overview of yes it can route at 10 gig and enters the details of what that actually looks like and they have the hardware specifications all right here it is based on the intel atom c3358 with qat it's a four core 2.2 gigahertz processor and just like we showed all the physical ports and the onboard if you go with the 16 gig model is the onboard 16 emc soldered onto the board but then they have the upgrade option with the max for the 128gb mvme and then we have the eight gig ddr4 plenty of memory for a firewall they don't need a ton of memory to work they're not running a desktop environment or anything intensive they're not running a browser with a bunch of tabs open they just route traffic then they have the physical ports listed the leds the enclosure the passive cooling and the different power options that are on there now one good thing i like overall about netgate and pf sense is solid documentation not just on how to use pfsense but each of their physical appliances does have a nice page that breaks down features and of course has the ability to download it as a pdf that's important for the reason they see here before we get started we recommend downloading the pdf version in case you lose internet access yes this will help you quite a bit if you are diving into changing your wan settings and you lose internet access and you want to still reference a manual that's actually a nice feature they have on there and of course i'll leave a link to this they have all the initial configurations input outputs lots of little details and there's some of the things i covered right here that covers exactly how each of these work including the support for different modules they have for the sfp ports they also have a picture here of the netgate 6100 wall mount what it would look like if you wanted to wall mount this instead so that is a kit that they offer on here to wall mounted i don't have that kit but this is what it looks like pretty simple it's something you ordered from their site now on to the pfsense setup itself because i wanted to show some testing and scenarios and of course show the interface assignments the interface assignments out of the box as i said silk screen on there and matching inside of the default setup in pf sense are going to be wan wan 2 lan 3 wan 4 and then lan 1 through 4 as well but you can reassign these so i wanted to use the 10 gig in this particular demo so we called this one wan 3 10 gig normally it's just labeled wan with the numeric three but we decided to name it this and then for the lan side i called it was when four now lan 10g so it's the tangy glam like i said these are reassignable and give them whatever descriptions you want when you're setting these up and the same goes for the other interfaces these are all reassignable however you want they're individual discrete ports they do not have as the 7100 for example had the different vlan where they're split in the back end uh in a certain way to a shared chip on the back none of that no special just standard ports on this system all right now configuration wise i did load circuit on here because the question is can it route at 10 gig yes as the netgate tests show yes it can do really fast routing how does that work when you have a device behind it and a device in front of it as in something on the lan network that's at 10 gig and i did not get the test 10 gig at my house so that's still labeled my home here but i do all the 10 gig testing here at the office we don't have a 10 gig in a connection but we're going to simulate a 10 gig connection and so we have a device that is able to do 10 gig it's plugged into the 10 gig side of this so we have this at 10 13 37 109 and we're going to connect to a device behind the firewall connected through the wan port then through the lan port then over to this debian virtual machine all these are set up as virtual machines inside of my network here and you can see where i'm already getting the 10 gigs i've been doing some testing with here it has no problem doing 10 gig but let's talk about the parameters that get you 10 gig and that's this right here so we have iperf 3 just standard testing but we've added this p10 and then the client is 10 13 37 112. this particular machine is behind we'll show the network right here uh 172 1666 that puts it behind the way the land side of the psn's firewall so for this testing that's how we're doing this but let's talk about the performance you get so even though cerakota is running and i'm able to get the full 10 gig so that would immediately tell people that yes this is great this will solve all my 10 gig problems but this is where the butt comes in that is when i'm using the p10 to split the stream up to split the flows up into eight different series of flows the way this works and this is a rabbit hole that goes way out of scope of this particular video is the way kernels handle routing and when they handle it each tcp stream has to be assembled hits a core and then gets sent back down this causes some limitations based on the processor in there for single stream routing so if we change this back down to something like this where we take off these extra parameters the t is just for time but the p is for splitting streams up you'll find that we're getting 2.6 gigs and this is just a limitation of this individual stream generally speaking though you're not getting individual streams when you're dealing with a 10k connection you're getting a whole lot of streams actually you have a lot of computers usually only connected at one gig or slower because they're connected on different wi-fi and different link speeds behind the firewall so even though the firewall is being fed with a 10 gig not any one person is going to want that 10 gig pipe now if they do and if you do have a need in a data center where you want 10 gig in and 10 gig out on a single stream you have to go with a different device with a faster processor and it contact netgate sales to discuss the details of your specific configuration this is one of those buts as i said that being said if we have this device and actually let's go ahead and add the dash t 60 to run this run for 60 seconds in the background right here and we'll go to a windows machine which you can see is normally getting about 2.2 gigs as well because this is this library speed set up on a server i have here it's able to simultaneously get this 2 gig speed while this is getting this little over 2 gig speed this is the important thing about how this works so individually each of these devices is able to get plenty of bandwidth to them provided that they're connected quite fast enough but of course this comes down to the stream splitting and those details it's not as real world use case doing single stream but for those you that do these raw tests like this if you're wondering what's happening that's what's happening when you're running them as soon as we break this up and add that dash p capital p and we put in 10 for 10 stream it has no problem getting oop gotta fix the there we go hey look we're back at the 10 gig connection matter of fact it can handle a lot more than just 10 so let's put um 80 streams like this so it's dash t now we've broke it out into even more streams and we're still able to get this across 80 streams now the number of streams gets exponential as you have more devices connected but you can see here it's able to keep doing this matter of fact actually we'll put it doing this and go back over here we can see the processor getting loaded up because we have things like cerakota inspecting traffic so if we go over here to sarakata and by the way the system is still quite responsive even though we've loaded up the processor it's doing inspection right here it's probably creating a few alerts because i have windows behind it so it's saying hey there's all kinds of stuff going on so yes it's doing the inspection yes it's working yes the processor is getting pushed a little bit and if we jump over to something like the system status monitoring you can see the different tests i've been doing and you can choose it by traffic by system this system's still responsive while this is running in the background we'll kick it off again just to show so this is running matter of fact actually control c let's go ahead and say 600 seconds just keep this running while i'm doing this or why not also kick off a windows test let them all fight for bandwidth in the background here so this is actually going to go slower because it's now fighting for bandwidth with this which is fighting for bandwidth and uh let's see how that loads up the system update the graphs update it to processor yep we're starting to see a little rise in processor usage but the system is completely responsive and completely functional while it's doing all of this so yes it can wrap 10 gig but no in a single stream you're going to run into a few problems i just want to cover that as a detail other than that everything else is pf sense like it is usually it's the same pfsense software i've covered in many other videos which i'll leave a whole link to a playlist down below to all kinds of different scenarios i have for setting up pfsense final thoughts on the device i think it's great i haven't had any problems with it the testing i did at home the testing i did here we didn't run into any weird issues the only complaint i really have is as i said in the beginning the silk screening of labeling them all away in the land which creates to me i don't know if it solves more questions from people wondering if they can be assigned that or it creates more that's really probably neck gate i just know the comments i see from people of going well can i reassign it it's labeled when yes you can no big deal there it's a it's a silly debate but it's such a minor thing it's not something i would say oh don't buy a product that has silk training that's uh controversial hopefully if you're someone deploying these you're looking well beyond the silk training and diving into pf sense a little bit deeper i will leave link below my playlist of all the different pf sense videos i've done to talk about a lot of different scenarios configurations and setups and uh i don't have any affiliate links i said in the beginning video so if you'd like to buy one of these reach out to nikki if you're looking for a 10 gig solution and which one is the best one that's also kind of a reach out to netgate thing they have a sales department that'll handle that uh tell them tom says hi that's about my as much of affiliate but they won't give you any discount for that because i have no discount or offer codes once again i'll leave links to everything i talked about in the videos and thanks and for a more in-depth discussion head over to my forums where you can find me or hit me up on twitter i'm pretty easy to interact with if you have questions comments concerns or just leave them below i try to read and reply to all the comments in these videos thanks and thank you for making it to the end of this video if you enjoyed this content please give it a thumbs up if you'd like to see more content from this channel hit the subscribe button and the bell icon to hire a shared project head over to lawrences.com and click on the hire us button right at the top to help this channel out in other ways there is a join button here for youtube and a patreon page where your support is greatly appreciated for deals discounts and offers check out our affiliate links in the descriptions of all of our videos including a link to our shirt store where we have a wide variety of shirts and new designs come out well randomly so check back frequently and finally our forums forums.lawrences.com is where you can have a more in-depth discussion about this video and other tech topics covered on this channel thank you again and we look forward to hearing from you in the meantime check out some of our other videos you

Info

Channel: Lawrence Systems

Views: 49,084

Rating: undefined out of 5

Keywords: LawrenceSystems, netgate 6100 manual, netgate 6100 review, netgate 6100 base, netgate sg-6100, netgate 6100 reveiw, pfsense installation and configuration, pfsense setup, pfsense firewall, pfsense vlan, pfsense firewall rules, pfsense build, pfsense tutorial, pfsense router, pfsense (software), pfsense features

Id: 5AidO5Zj0Yo

Channel Id: undefined

Length: 20min 50sec (1250 seconds)

Published: Tue Aug 31 2021