Netgate SG-1100 Review

Disclosure: Some links contained within this post are affiliate links, meaning, I will earn a commission if you click through and make a purchase. Identified with “#AL:”

I recently purchased Netgate’s entry level pfSense solution, the Netgate SG-1100. The Netgate SG-1100 is a small, but powerful network/security hardware device with the open source pfSense software. Netgate is a company with a great mission statement to make high quality security products available to consumers. I wanted to support Netgate, and the hardware best fit my needs for moving forward with my home lab.

#AL: Check out the NetGate SG-1100 here

What is pfSense?

“pfSense® software is a free, open source customized distribution of FreeBSD specifically tailored for use as a firewall and router that is entirely managed via web interface. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution. “

Source: https://www.pfsense.org/about-pfsense/

Netgate SG-1100 Hardware Specifications

SOCMarvell Armada 3720LP (88F3720) dual core ARM Cortex A53 processor @ 1.2GHz
System Memory1 GB DDR4 RAM on board
Storage8 GB EMMC
Network Interfaces1x Marvell 88E6141 networking switch
3x GbE Ethernet (WAN/LAN/OPT)
1x Mini PCIe slot(1)
USB1x USB 3.0
1x USB 2.0
1x Micro USB port (console)
MiscReset button, heatsink, 3 Status LED
Power12V 2A DC 5.5mm x 2.1mm x 10mm jack, center pin positive (power over USB not supported)
Power Consumption3.48W (Idle)
Operating Temperature0°C (32°F) to 45°C (113°F)
EnclosurePlastic 110 x 84.6 x 31.75 mm (4.33″ x 3.33″ x 1.25″)
Hardware Warranty1 year standard. Second year available only at time of purchase.
CertificationsCE, FCC, RoHS

Source: https://www.netgate.com/solutions/pfsense/sg-1100.html

Unboxing

Three new stickers to add to the collection
Includes a micro usb cable for console connection
Pretty much a Raspberry Pi with 3 NICs
Construction quality is solid

Home Network

Below is a diagram showing my home network after installing the Netgate SG-1100.

The Netgate SG-1100 shipped with the latest version currently available.

IDS Snort Package

Next, I installed the snort package from the pfSense package manager. The snort package was enabled on the LAN interface and set to Max-Detect.

Speed Test

Now lets compare the before and after enabling the IDS/IPS features in pfSense. For testing speeds, I will be using the open source tool speedtest-cli

Before pfSense installation / Control:

Averages:

  • Ping 40ms-60ms
  • Download 9.5Mbps-10Mbps
  • Upload 2.40Mbps-2.80Mbps

After pfSense installation (Max Detection):

Averages:

  • Ping 40ms-60ms
  • Download 8Mbps-10Mbps
  • Upload 2.30Mbps-2.80Mbps

As you can see, the speed was only slightly, if at all, affected by snort.

pfSense Resource Usage

Default Configuration Resource Usage

pfSense Enabled (Max Detection)

Resources on the SG-1100 have not been affected! I am still concerned about the 1GB of RAM, but of course I do not have a huge amount of traffic on my home network.

Conclusion:

Overall, the Netgate SG-1100 has met my expectations as a flexible firewall, IDS/IPS and VPN for home use. I did not see any performance issues with pfSense, and my home network speed was not affected by enabling the IDS/IPS features. I have also yet to experience some of the cons mentioned in other reviews such as slow web application speeds. I highly recommend this device for any technical home user or small business.

#AL:SG-1100 Netgate pfSense Security Gateway Appliance

Look for more blogs in the future about getting all the pfSense logs into Splunk for some useful dashboards. Until next time, stay safe in the Trenches of IT!

Leave a Reply