pfsense / Netgate SG-5100 Review & Speed Test

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

I have the net gate sg50 100 now for all the bottles I have reviewed all the way down to this thing which I still love the anodized red metal on it this is the sg-1000 I reviewed several years ago - all the way to the XG 70 100 I reviewed i've never reviewed this specific model and we have installed a few of these so kind of the process for those of you that don't know or knew the channel is as products come through that we're deploying a client's they stop here on this table and get reviewed and part of a YouTube video frequently that then we deploy them I've never had one passed through here that either had time to put on a table or when clients bought things directly and we did a remote job setting up for clients I never really got this - got to take the time to review this particular model not here in the studio but we have used them now the nice thing about the 5100 compared to some of the other models is we have IG B 0 IG B 1 and then IX 0 through IX 3 it has six logical ports it does not use like the 71 hundred thirty one hundred eleven hundred a few other models have where you're splitting up with a back-end VLAN to split the system on a chip to create the logical ports I've covered that in another video where when you're dealing with the you know switch ports on their how they have their own back-end VLAN that you have to tag them none of that is needed for this these are all one gig ports on the 5100 so let's dive into the specs right here so it over their website this is the firewall appliance 5100 you buy it directly from net gate it is a Intel C 3 5 5 8 at 2.2 gigahertz 4 gigs of ddr2 RAM like I said six ports the first set of them the 4x GBE rj45 s the IX ones are going to be the Intel system-on-a-chip and then the other ones are like an add-on until I - 10 cards in there 2 USB 3 ports passively cooled no fans in this thing and uses 7 watts at idle now I want to point out one of the important things that this has with that atom chip is the Intel AES instructions a lot of people ask about the speed what processor do I need and you may have noticed if you look up this and I'll save you the trouble if you're looking at like the raw compute we're the unpassed mark 25:38 for that chip and just not super fast but this can do line speed gigabit routing because routing doesn't take a massive amount of compute power but AES and I is important because if you want to do open VPN on this you're gonna need that level of you know crypto support so that's what's important when you're setting this up and I'm not going to get in depth on this because I just don't have the knowledge of it but this device is the base model that supports the TNS our TNS art is vector packet routing it is not PS sense but is another product from net gate maybe at some point when I dig further into it I'll understand it they have a lot of information on their site for it but it is a separate product different than pfSense altogether to my knowledge it doesn't even have a web interface it's all command line driven but the concept behind in the use case for vector packet routing is when you're doing you know really really high speed traffic shaping traffic routing their vector packet routing picture it you know tying cloud systems together that are working at scale might be something you need so that's a different topic but this device does support is why I'm bringing it up so the price under device will get this all the way before we dive into theater details is $7.99 regular price $6.99 on sale that's right now as of October 20 19 that is the pricing on there you buy it direct from neck heat I'm not an affiliate or a reseller therefore that's where you purchase it I don't have a link or offer code or any special discount other than I can tell you it says on sale on our website right now as of the recording of this video and once again all the technical specifications are there a couple little details for gig ddr4 memory is in there and we're going to open up and talk about some of the other components inside so the overall though it does not come in a rack by now bringing it up right away because I think that was something I was hoping for was a rack mount but unfortunately it only has a wall mount so this does have to just kind of set on the shelf all right let's look at the details on it so looking from the top here here's the ports like I had labeled then we have the two USB 3 ports and like these match the inside when you're loading it and then this is common there's no video out but there is the USB counsel which you just pop right in and plug that in when I'm booting it will actually show that so I can show you the boot time on it then over here on the backside I like these power connectors there's a barrel type ones and the advantage of the barrel type power connector is when you have this set up somewhere it screws in so you're not worried about if you slide this out power cord pop that those are nice we do have a little power button right here to turn it on and off and I actually like that it's at the back and no power button at the front but we do have the indicator lights you know from the front if it's on but from the back it you know you have to actually hit the button in order to turn it on or off so no one's gonna just walk by it facing front and give it on here screws a few screws on the side couple screws on the bottom and this is the last of them and we'll slide it apart real quick look inside all right pretty straight easy layout inside we have this metal plate which I'm not going to remove but it is removable if we took I guess we could real quick right now right here will remove it so you can see what's under it but this is a hard drive for SATA so if you wanted to add a hard drive to this now why would you want to add a hard drive the reason you may add a hard drive to this is so you can store logs would be a use case if you were doing some packet capture and needed to capture a lot of it and you go I need a lot of logging and things like that or if you're using like sericata things like that you needed more logging from that I needed somewhere to put it all that would be ideal to put a SATA hard drive in there so plastic clips get them up in a way we go alright so there is the single four gig DDR memory there then we have a couple exercise expansion slots here as stated in there so we have a m2 and PCIe in here so that's kind of cool there's our SATA port right here there is the power for the SATA adapter now back to being passively cooled I'm not going to remove or try to deal it it but you can see it's pretty solid the way they have it mounted here so even though I took southeast stay in there nice and tighten down and they have it mashed in so this large I believe yeah aluminum here dissipates the heat really well so it's you know stays nice and cool without Haffner but I'll read you can see it's kinda hard to see inside it but there's thermal pads in between they didn't just cover up cpu goo looks like nice thermal padding on there maybe there's some cpu goo in there as well but I see a thermal pad on the controller which I'm assuming is the controller on the backside of this for the network interface cards I see that they're all pads in there likes that it really you can kind of see it and in a process right up against there now this thing does not get very hot so that's definitely one advantage of having such a large heatsink on there's there's not a lot of heat all right let's put this together and fire it up oh that's kind of neat I just noticed that now that I flipped it over the memory is cooled as well so that's definitely a bonus and then they have this pushing out to the front they've really thought about cooling a lot of this actually I'm pretty impressed so we have the box booted up and just so you know the way on is going to be right here the first one which is IG b0 and the land is an IG b1 now this is directly connected to my laptop here so it's a direct wire into my laptop's right so we're gonna do the speed testing and this is on the 172 69 Network so that's where the way inside of this lies so we have another server on the 1/6 172 1669 network so it's going to talk directly to the way inside of this and then we're going to pass traffic through to my laptop that's behind this I bring this up because a lot of people confuse they think I'm testing from land to land when I do the firewall speed test I'm not I'm testing routing through the wind through the land into my laptop to show the different speed rates you can get so the first one I'll show is the fact that we can get you know line speed on this over here is the IP address of the laptop or the pfSense land 1 I 256 192 168 50 1.1 so if we go over here and just so we know we look at my DHCP server and we can look at the leases here's Tom's laptop at 192 168 51 dot 100 then we're going to go over here to firewall NAT and we can see that I've forwarded part 5201 which is iperf and we're going to just do standard routing through this I'll also make note that I have sericata running on this because I didn't want to just load it and say you loading out and see if it's let's see with sericata running which by the way I'll show you real quick I have set up two maximum detection that way it's doing all the rules passing through here not some of the rules because you can change different levels but we said Maxima detection using the IPS policy just a quick and easy way to set it up I have other videos that go more in depth on sericata but of course the goal is to know will it route at that speed with sericata running so let's go over here which I split the screen apart with T MUX so here's my computer at that IP address which just for show IP a there is 192 168 51 dot 100 clear yeah set that back a server we're going to SSH to route at 172 1669 207 just a basic server I have setup and we're going to tell it to talk to the public IP address right here 192 I'm sorry 172 is 1660 965 with iperf time 30 seconds back there and you can see we're getting you know pretty much line speed gigabit through the ports but let's actually see what's going on inside of here so we're gonna go 8 - shell let's run top and you could see sericata doing its thing here so the processors are working but not being overworked we haven't pinned the machine to the point of being unresponsive or useless matter of fact we can go over here and go to open VPN that's where I talked about next and this systems still working fine we haven't destroyed it with full gigabit routing so definitely powerful enough to do gigabit routing next test the next test we really want to do on this is going to be open VPN so let's go ahead and exit so we need to copy some files from the download folder so there's our line speed there's the system going back over to idle and let's talk about Open VPN now there's a lot to tuning Open VPN you get different speeds based on different ciphers that you use 128 might be a little weaker 256 a little stronger but that's going to come at a cost so you will be a little bit faster if you choose different encryption methods and I'm just doing the basics here without getting too in-depth on this with the settings being the AES 256 cbc which by the way there's other crypto you can use it'll be a little bit faster I said it's not a full test as far as all the Open VPN options but this is a well secured one there like I said other options you can dig into we're gonna go get a client export and we're just gonna hit most clients and download this and it downloaded the pfSense UDP file then from here we're going to go to the downloads find it there it is so SCP alright there we go all's I did was do secure copies I wanted to copy over that config file over to the server that's not living on the way inside of this so now we'll go back into the server there's that file now what we're going to do here is split this one more time and we want to ssh route at so we're actually logged in to this one twice and at the top one here we're just going to go open VPN and then we'll put in the pfsense file here so PF sen se I don't know why it doesn't autocomplete for that dp4 - well 194 oops typos today user name LTS and make sure it connects all right we are in and it's completed now we can run that iperf test not against the way on but going through the openvpn so if you actually run I / 3 - see now because this is on the inside of the network 6 8.51 dot 100 we're connecting to it from inside which still gets an impressive 230 maybe a second and you can see OpenVPN pinned over here running at a pretty high percentage so we're getting at that particular cipher about 229 megabits per second so not bad I'm like I said there's there's a whole art to trade-offs of what or not you want to use different ciphers or different type of tuning and different real-world use cases but you can see that's not bad at all for Open VPN speed so if you have remote users or if you're connecting this with the site to site you can expect to be using the ciphers I chose that levels beat which by the way I cranked up the security I know just by switching it to a believe it's a GCM cipher I almost got a hundred more Meg's on that particular cipher so that's a whole trade off and it goes into a lot of debates about cryptography and how secure you need things but like I said I wanted to try it the most secure and it can only get better from there it's kind of the point but overall I really like the box it works it works great using it and we don't have to not we've actually had this for a few days now I think we got it late last week and we just been letting it run and I ran some long-term tests on it pushing a lot of data through it just to see if I could even get it above warm it's that's all real it really does actually real quick I think it has the thermal sensors in there so you can't even see what it's running at let's look real quick do to do jump back over here oh good I have a thermal sensors in here so you can see the temperature turning out yeah so it's not running that hot so you can see the zones of the quarter so 35c not bad at all it was switch to Fahrenheit it doesn't does it have an option oh yeah there we go safe so people in America like who always have to stare and think it Celsius we can figure it out there we go so it's running it like 95 degrees sitting here and it's been on burr of takes there's a few gaps I had to edit out in this testing so it's been on for at least a few minutes but even after running her a while pushing it it doesn't really get that hot so I like the box it fits the bill for if you didn't want to go all the way to 70 100 you need something that powerful but you wanted six ports on there so it saves you a little bit of money if you're going for that use case it's a little bit more than the SG 3100 one of our favourites for small business but one of the things that comes with that is if you start having problems running sericata because you need that higher performance this is going to have a little more power to handle that it's going to have a little better VPN performance so my overall it's a great box of salad I do wish it had a rack mount it only just come with a wall mount other than that I got no complaints it's a another solid product right from neck 8 and we've been happy to them I know some people think they sponsor me in some way we just happen to deploy and use a lot of neck 8 solutions we've done for a lot of companies or I should say a pfsense solutions and we like running their hardware because when I do an update at a remote place especially you some of these are very far away from us and we just did one in Sweden the one in Sweden I don't have time to well I'd love to go Sweden if they'd pay it but obviously if I push an update I want the update to go through and not have no worries at all and when you're running their hardware that does save some of that trouble for those wondering why we kind of promote them it's because we use them it's just a product we like and you know where to find them over at neck a calm and thank you for making it to the end of the video if you like this video please give it a thumbs up if you like to see more content from the channel hit the subscribe button and hit the bell icon if you like youtube to notify you when new videos come out if you like to hire us head over to Lauren systems comm fill out our contact page and let us know what we can help you with and what projects you like us to work together on if you want to carry on the discussion hetero to forum style or insistence calm where we can carry on the discussion about this video other videos or other tech topics in general even suggestions for new videos they're accepted right there on our forums which are free also if you like to help the channel on other ways head over to our affiliate page we have a lot of great tech offers for you and once again thanks for watching and see you next time

Info

Channel: Lawrence Systems

Views: 25,694

Rating: undefined out of 5

Keywords: pfsense router, pfsense tutorial, pfsense firewall, sg-5100 pfsense review, pfsense, firewall, router, pfsense (software), sg-5100 vpn review, sg-5100 openvpn review, vpn, security, openvpn

Id: lYRVgq81pUw

Channel Id: undefined

Length: 17min 23sec (1043 seconds)

Published: Fri Oct 11 2019