Netgate SG-1100 Launched Higher-Speed Arm pfSense Firewall

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

StammesOpfer

Active Member
Mar 15, 2016
383
136
43
Seems like it would be acceptable for most soho/small branch stuff. Should be very usable on normal traffic types on a <250Mbps connection. Good upgrade at a reasonable price for a new supported device. Sure more can be done cheaper with a T620 or T730 or whatever. However you can recommend this for a client, it is hard to spec a used thin client in a proposal.
 

kapone

Well-Known Member
May 23, 2015
1,095
642
113
I can't recommend pfSense to a client to save my life.

Me: I recommend the SG-1100 by Netgate as your firewall.
Client: Who's Netgate??
Me: They own the copyright to pfSense and sell pre-built appliances with support.
Client: Wait...I thought we were buying something called "SG...", what's pfSense??
Me: It's an Open Source firewall distribution. The SG-1100 is the appliance that Netgate sells that is preloaded with pfSense, and it comes with support.
Client: Wait...Does Netgate own pfSense? You said it's open source, why does it cost money??
Me: It IS open source...you could download and install on any hardware, but this is a pre-built appliance from NetGate that is pre-loaded with pfSense and it comes with support.
Client: Wait Wait Wait...if it's open source why aren't there more companies selling pre-built appliances creating competition??
Me: Well...see....it's kinda complicated...
Client: "Click"...disconnect.
 
  • Like
Reactions: gigatexal

Evan

Well-Known Member
Jan 6, 2016
3,346
598
113
@kapone thats hilarious !
I want to love netgate and some of their products but they do need some work and more importantly and attitude adjustment.
 

mstone

Active Member
Mar 11, 2015
505
118
43
46
They hitched their wagon to hardware...but they're not a hardware company.
 

MiniKnight

Well-Known Member
Mar 30, 2012
3,072
973
113
NYC
I don't really mind that they sell their appliances. These are great. You can have clients get these with support, then build your own community supported units. If a client wanted a Xeon D pfSense, we'd build it and have them buy a $100 SG-1000 to get support and to help the project. They've got to monetize something and I've gotten plenty of use out of pfSense where little appliances like this are easy to buy.

If you have issues getting a client to spend $160 on a hardware appliance with 1 year of support, then either you are doing a bad job or your client is too cheap to be worthwhile. I know its fun to make fun of an open source company with some attitude issues, but let's get real here.

What STH missed is the crypto assurance. With these, unlike self-built or ebay and amazon china units you can show that pfSense was unaltered. That's a $160 feature for most of our clients alone.
 

kapone

Well-Known Member
May 23, 2015
1,095
642
113
I don't really mind that they sell their appliances. These are great. You can have clients get these with support, then build your own community supported units. If a client wanted a Xeon D pfSense, we'd build it and have them buy a $100 SG-1000 to get support and to help the project. They've got to monetize something and I've gotten plenty of use out of pfSense where little appliances like this are easy to buy.

If you have issues getting a client to spend $160 on a hardware appliance with 1 year of support, then either you are doing a bad job or your client is too cheap to be worthwhile. I know its fun to make fun of an open source company with some attitude issues, but let's get real here.

What STH missed is the crypto assurance. With these, unlike self-built or ebay and amazon china units you can show that pfSense was unaltered. That's a $160 feature for most of our clients alone.
While I don't disagree with the mindset of supporting the open source community, the problem is... marketing. When you say:

If a client wanted a Xeon D pfSense, we'd build it and have them buy a $100 SG-1000 to get support and to help the project
It doesn't sound right. Netgate will provide support if the deployed device was the SG-xx, not something a consultant built for the client. The consultant will have to provide support. Will it help support the pfSense project? Yes. Will it give the client the peace of mind that they have a supported product? No.

There are much easier ways of validating the authenticity of a software distribution, than tying it to a piece of hardware. Checksums (in many forms) come to mind...

The biggest issue when it comes to clients and open source stuff, is actually the clients. There's a mental block about spending money on "open source", when they know they can get it for free, even though they know that it doesn't come with support. That's a tough nut to crack.
 

manxam

Active Member
Jul 25, 2015
234
50
28
The hardware that they're using (Espressobin) doesn't have the best of reviews for stability. Wonder how it'll work in production...
 

mstone

Active Member
Mar 11, 2015
505
118
43
46
I don't really mind that they sell their appliances.
I don't "mind" either, it doesn't really matter to me. :)

If you have issues getting a client to spend $160 on a hardware appliance with 1 year of support, then either you are doing a bad job or your client is too cheap to be worthwhile. I know its fun to make fun of an open source company with some attitude issues, but let's get real here.
That's one way to look at it. Another way to look at it is that you're paying too much for meh hardware with a lousy warranty. It's not like we're in a binary world where the only options are "cheap freeloader" and "sucker", it's just that those seem to be the only two options if you want to play in the pfsense ecosystem instead of going with something else. My issue with recommending them as a hardware provider is that I can either pay less and install redundant hardware to mitigate failures, or pay more and get support from a company that actually has a global support footprint, and I don't see what value is being added by netgate. AFAICT the SG-1100 gives you 1 year of hardware warranty, and you can only extend that to two years if you prepay (so not a lot of flexibility), and it doesn't include software support at all. For software support, you can maybe pay $350/yr, but it isn't clear whether that's even possible for your $160 SG-1100 or if you have to jump up to the $350 SG-3100 before they'll take your money. (The spec pages list "Professional, Enterprise, and Enterprise Plus" as support options for the SG-3100, but don't list any support options for the SG-1100.) At the $350/yr level the SLA for a response is basically next day. If you jump to $1500/yr you can call them and get down to 4 hours for a response, or you can get the same SLA for $1900/yr with hardware from a hardware company. So maybe the value-add is avoiding the $400/yr tax on using 3rd party hardware?
 

EffrafaxOfWug

Radioactive Member
Feb 12, 2015
1,394
511
113
There's a mental block about spending money on "open source", when they know they can get it for free, even though they know that it doesn't come with support. That's a tough nut to crack.
I think this is highly dependent on your clientèle and their personal/professional philosophy on open source. With the people I deal with, many won't consider open source unless it comes with the option of a paid support contract of some description, because a lot of them think that if there isn't some form of company there, it must be written by some pimply-faced youth in their bedroom and thus can't be any cop. Much of the finance world has strict liability clauses wherein buying software X without a support contract might well open you up to a negligence lawsuit; in the shadow of legal proceedings even Oracle can seem cheap.

Outside of the world of my own particular world, I think a lot of people don't see the forest for the trees on this one personally, as the capital outlay for this sort software is frequently dwarfed by the manpower implementing it. But as ever with these things it depends on the specifics, for instance from reading mstone's post the pfsense support contract doesn't seem like a great deal at all (esp. with the craptastic hardware warranty) but it might serve as reassurance for a small business in danger of losing their sole networking geek to underthebusitis and thus be seen as worth the capital outlay.