Netgate SG-1100 Launched Higher-Speed Arm pfSense Firewall

Discussion in 'STH Main Site Posts' started by Rohit Kumar, Jan 13, 2019.

  1. Rohit Kumar

    Rohit Kumar Guest

    #1
  2. gigatexal

    gigatexal I'm here to learn

    Joined:
    Nov 25, 2012
    Messages:
    2,683
    Likes Received:
    498
    FWIW I priced this shipped to Germany and with tax and shipping it comes in just shy of 200 USD.
     
    #2
  3. StammesOpfer

    StammesOpfer Active Member

    Joined:
    Mar 15, 2016
    Messages:
    378
    Likes Received:
    122
    Seems like it would be acceptable for most soho/small branch stuff. Should be very usable on normal traffic types on a <250Mbps connection. Good upgrade at a reasonable price for a new supported device. Sure more can be done cheaper with a T620 or T730 or whatever. However you can recommend this for a client, it is hard to spec a used thin client in a proposal.
     
    #3
  4. kapone

    kapone Active Member

    Joined:
    May 23, 2015
    Messages:
    616
    Likes Received:
    246
    I can't recommend pfSense to a client to save my life.

    Me: I recommend the SG-1100 by Netgate as your firewall.
    Client: Who's Netgate??
    Me: They own the copyright to pfSense and sell pre-built appliances with support.
    Client: Wait...I thought we were buying something called "SG...", what's pfSense??
    Me: It's an Open Source firewall distribution. The SG-1100 is the appliance that Netgate sells that is preloaded with pfSense, and it comes with support.
    Client: Wait...Does Netgate own pfSense? You said it's open source, why does it cost money??
    Me: It IS open source...you could download and install on any hardware, but this is a pre-built appliance from NetGate that is pre-loaded with pfSense and it comes with support.
    Client: Wait Wait Wait...if it's open source why aren't there more companies selling pre-built appliances creating competition??
    Me: Well...see....it's kinda complicated...
    Client: "Click"...disconnect.
     
    #4
    gigatexal likes this.
  5. cesmith9999

    cesmith9999 Well-Known Member

    Joined:
    Mar 26, 2013
    Messages:
    1,097
    Likes Received:
    333
    How does this compare with an edgerouter x?

    Chris
     
    #5
  6. Evan

    Evan Well-Known Member

    Joined:
    Jan 6, 2016
    Messages:
    2,845
    Likes Received:
    424
    @kapone thats hilarious !
    I want to love netgate and some of their products but they do need some work and more importantly and attitude adjustment.
     
    #6
  7. mstone

    mstone Active Member

    Joined:
    Mar 11, 2015
    Messages:
    505
    Likes Received:
    117
    They hitched their wagon to hardware...but they're not a hardware company.
     
    #7
  8. MiniKnight

    MiniKnight Well-Known Member

    Joined:
    Mar 30, 2012
    Messages:
    2,941
    Likes Received:
    857
    I don't really mind that they sell their appliances. These are great. You can have clients get these with support, then build your own community supported units. If a client wanted a Xeon D pfSense, we'd build it and have them buy a $100 SG-1000 to get support and to help the project. They've got to monetize something and I've gotten plenty of use out of pfSense where little appliances like this are easy to buy.

    If you have issues getting a client to spend $160 on a hardware appliance with 1 year of support, then either you are doing a bad job or your client is too cheap to be worthwhile. I know its fun to make fun of an open source company with some attitude issues, but let's get real here.

    What STH missed is the crypto assurance. With these, unlike self-built or ebay and amazon china units you can show that pfSense was unaltered. That's a $160 feature for most of our clients alone.
     
    #8
    StammesOpfer and tjk like this.
  9. kapone

    kapone Active Member

    Joined:
    May 23, 2015
    Messages:
    616
    Likes Received:
    246
    While I don't disagree with the mindset of supporting the open source community, the problem is... marketing. When you say:

    It doesn't sound right. Netgate will provide support if the deployed device was the SG-xx, not something a consultant built for the client. The consultant will have to provide support. Will it help support the pfSense project? Yes. Will it give the client the peace of mind that they have a supported product? No.

    There are much easier ways of validating the authenticity of a software distribution, than tying it to a piece of hardware. Checksums (in many forms) come to mind...

    The biggest issue when it comes to clients and open source stuff, is actually the clients. There's a mental block about spending money on "open source", when they know they can get it for free, even though they know that it doesn't come with support. That's a tough nut to crack.
     
    #9
  10. manxam

    manxam Active Member

    Joined:
    Jul 25, 2015
    Messages:
    226
    Likes Received:
    47
    The hardware that they're using (Espressobin) doesn't have the best of reviews for stability. Wonder how it'll work in production...
     
    #10
  11. mstone

    mstone Active Member

    Joined:
    Mar 11, 2015
    Messages:
    505
    Likes Received:
    117
    I don't "mind" either, it doesn't really matter to me. :)

    That's one way to look at it. Another way to look at it is that you're paying too much for meh hardware with a lousy warranty. It's not like we're in a binary world where the only options are "cheap freeloader" and "sucker", it's just that those seem to be the only two options if you want to play in the pfsense ecosystem instead of going with something else. My issue with recommending them as a hardware provider is that I can either pay less and install redundant hardware to mitigate failures, or pay more and get support from a company that actually has a global support footprint, and I don't see what value is being added by netgate. AFAICT the SG-1100 gives you 1 year of hardware warranty, and you can only extend that to two years if you prepay (so not a lot of flexibility), and it doesn't include software support at all. For software support, you can maybe pay $350/yr, but it isn't clear whether that's even possible for your $160 SG-1100 or if you have to jump up to the $350 SG-3100 before they'll take your money. (The spec pages list "Professional, Enterprise, and Enterprise Plus" as support options for the SG-3100, but don't list any support options for the SG-1100.) At the $350/yr level the SLA for a response is basically next day. If you jump to $1500/yr you can call them and get down to 4 hours for a response, or you can get the same SLA for $1900/yr with hardware from a hardware company. So maybe the value-add is avoiding the $400/yr tax on using 3rd party hardware?
     
    #11
  12. EffrafaxOfWug

    EffrafaxOfWug Radioactive Member

    Joined:
    Feb 12, 2015
    Messages:
    1,070
    Likes Received:
    354
    I think this is highly dependent on your clientèle and their personal/professional philosophy on open source. With the people I deal with, many won't consider open source unless it comes with the option of a paid support contract of some description, because a lot of them think that if there isn't some form of company there, it must be written by some pimply-faced youth in their bedroom and thus can't be any cop. Much of the finance world has strict liability clauses wherein buying software X without a support contract might well open you up to a negligence lawsuit; in the shadow of legal proceedings even Oracle can seem cheap.

    Outside of the world of my own particular world, I think a lot of people don't see the forest for the trees on this one personally, as the capital outlay for this sort software is frequently dwarfed by the manpower implementing it. But as ever with these things it depends on the specifics, for instance from reading mstone's post the pfsense support contract doesn't seem like a great deal at all (esp. with the craptastic hardware warranty) but it might serve as reassurance for a small business in danger of losing their sole networking geek to underthebusitis and thus be seen as worth the capital outlay.
     
    #12
Similar Threads: Netgate SG-1100
Forum Title Date
STH Main Site Posts QNAP adds Netgate pfSense Security to their NAS Portfolio Jan 10, 2018
STH Main Site Posts Netgate SG-1000 (FreeBSD based pfSense on ARM) First Look Mar 23, 2017

Share This Page