Disclosure: Some links contained within this post are affiliate links, meaning, I will earn a commission if you click through and make a purchase. Identified with “#AL:”
I recently purchased Netgate’s entry level pfSense solution, the Netgate SG-1100. The Netgate SG-1100 is a small, but powerful network/security hardware device with the open source pfSense software. Netgate is a company with a great mission statement to make high quality security products available to consumers. I wanted to support Netgate, and the hardware best fit my needs for moving forward with my home lab.
#AL: Check out the NetGate SG-1100 here
What is pfSense?
“pfSense® software is a free, open source customized distribution of FreeBSD specifically tailored for use as a firewall and router that is entirely managed via web interface. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution. “
Netgate SG-1100 Hardware Specifications
|SOC||Marvell Armada 3720LP (88F3720) dual core ARM Cortex A53 processor @ 1.2GHz|
|System Memory||1 GB DDR4 RAM on board|
|Storage||8 GB EMMC|
|Network Interfaces||1x Marvell 88E6141 networking switch|
3x GbE Ethernet (WAN/LAN/OPT)
1x Mini PCIe slot(1)
|USB||1x USB 3.0|
1x USB 2.0
1x Micro USB port (console)
|Misc||Reset button, heatsink, 3 Status LED|
|Power||12V 2A DC 5.5mm x 2.1mm x 10mm jack, center pin positive (power over USB not supported)|
|Power Consumption||3.48W (Idle)|
|Operating Temperature||0°C (32°F) to 45°C (113°F)|
|Enclosure||Plastic 110 x 84.6 x 31.75 mm (4.33″ x 3.33″ x 1.25″)|
|Hardware Warranty||1 year standard. Second year available only at time of purchase.|
|Certifications||CE, FCC, RoHS|
Below is a diagram showing my home network after installing the Netgate SG-1100.
The Netgate SG-1100 shipped with the latest version currently available.
IDS Snort Package
Next, I installed the snort package from the pfSense package manager. The snort package was enabled on the LAN interface and set to Max-Detect.
Now lets compare the before and after enabling the IDS/IPS features in pfSense. For testing speeds, I will be using the open source tool speedtest-cli
Before pfSense installation / Control:
- Ping 40ms-60ms
- Download 9.5Mbps-10Mbps
- Upload 2.40Mbps-2.80Mbps
After pfSense installation (Max Detection):
- Ping 40ms-60ms
- Download 8Mbps-10Mbps
- Upload 2.30Mbps-2.80Mbps
As you can see, the speed was only slightly, if at all, affected by snort.
pfSense Resource Usage
Default Configuration Resource Usage
pfSense Enabled (Max Detection)
Resources on the SG-1100 have not been affected! I am still concerned about the 1GB of RAM, but of course I do not have a huge amount of traffic on my home network.
Overall, the Netgate SG-1100 has met my expectations as a flexible firewall, IDS/IPS and VPN for home use. I did not see any performance issues with pfSense, and my home network speed was not affected by enabling the IDS/IPS features. I have also yet to experience some of the cons mentioned in other reviews such as slow web application speeds. I highly recommend this device for any technical home user or small business.#AL:SG-1100 Netgate pfSense Security Gateway Appliance
Look for more blogs in the future about getting all the pfSense logs into Splunk for some useful dashboards. Until next time, stay safe in the Trenches of IT!