Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - johnkeates

Pages: [1] 2 3 4 5 ... 63
Hardware / Re: Network Card suggestions
« on: Today at 06:48:58 pm »
Yes,  I350-T2V2 or  I350-T2 or  I350-T4 are all fine.

Hardware / Re: PFsense on ARM (Raspberry Pi3 B+)
« on: Today at 06:47:00 pm »
Price-wise the espresso makes more sense plus it has more ports (but they are switched and have a slow (R)(G)MII link?).

Hardware / Re: Network Card suggestions
« on: Yesterday at 06:50:50 pm »
Yes. But keep in mind that some NIC changes will drop pfSense into NIC selection during startup and requires a local console to set and continue pfSense before it is online on the network again. Mostly, if an interface goes missing this happens. This is usually not a problem because for hardware installation you are physically present anyway.

Hardware / Re: Ethernet Ports... how many?
« on: Yesterday at 03:40:19 pm »
4 interfaces seems to be the sweet spot. Using 2 pretty much a nice default, a third often comes in as either a 2nd WAN or an extra management port for fallback. A fourth then is a backup in case of breakage.

Hardware / Re: Hardware selection question e3-1220v3, i5-4570
« on: Yesterday at 03:38:29 pm »
what is HA and LAGG?

I basically just want to connect to local devices using those ports.

Then no, don't do it. Use a switch.

Hardware / Re: Hardware selection question e3-1220v3, i5-4570
« on: March 21, 2018, 06:26:17 pm »
I added a 4 port intel pro 1000 server card in the i5-4570 machine, running great.  Noticing a bit of latency issue that needs to be resolved. 

The intel ethernet card has 4 ports.  Any way to use all 4 for DHCP server with

Depends on why you need those ports. If it's HA, you could make a LAGG. If it's bandwidth, and 10GbE isn't an option, also a LAGG. If you need more devices to connect, use a switch in stead, software switching is slow.

Hardware / Re: Ethernet Ports... how many?
« on: March 21, 2018, 06:24:32 pm »
Why is there another server doing DHCP and DNS? pfSense does both just fine and you get the DHCP host-in-DNS registration, DNS overrides and DNS-level filtering.

Hardware / Re: Hardware Requirements small network
« on: March 21, 2018, 06:22:57 pm »
apu2 or apu3 would nail this requirement, depending on pricing in the purchaser's locale. biggest problem with sg-1000 for this is the RAM, apu2 has 2 or 4 gigs.

Yeah, they probably would, especially considering the load it'd get.

Hardware / Re: Hardware Requirements small network
« on: March 21, 2018, 02:21:10 pm »
Well, I guess you guys are right. The china boxes will do fine, try an i3 or Celeron model (if it's a Celeron with AES-NI). Qotom and Minisys both have devices with those CPUs.

Hardware / Re: Hardware Requirements small network
« on: March 21, 2018, 10:15:15 am »
I couldn't find a USB slot on my toaster to test, I'll have to take your word for it.  ;D

However I can say that without tuning Suricata, for example, will eat all the RAM and fail to start on an SG-1000 with no traffic on it at all besides the SSH login. I tested that a few days ago with ET rules only.

I haven't tested Snort for a while but I have no reason to think it would be any different.


Ah yes, I've had that happen too with the rules loading. This is probably due to the spike in usage while it's initialising. I've fixed this by pre-selecting instead of using all the rules. But regarding runtime processing, it's pretty quiet and low on usage with so little bandwidth (I'm running one on a 12Mbit DSL somewhere out in the country).

Hardware / Re: Hardware Requirements small network
« on: March 20, 2018, 08:09:16 pm »
Whilst it's possible to run Snort or Squid on the SG-1000 it requires some careful tuning and I have never even tried to run both at the same time!

I could not recommend it if you need both those packages.

Better to run this: Though you would have to install pfSense yourself there due to the HDMI limitation.


Keep in mind that the 8Mbit load will basically run on a toaster. Squid wonít eat much CPU or RAM, Snort canít eat much CPU or RAM because there is no bandwidth to create any lind of real load. This would work on a WRT54G.

Hardware / Re: Off the shelf recommendations
« on: March 20, 2018, 07:44:42 pm »
4 is enough

Hardware / Re: ESPRESSOBin
« on: March 20, 2018, 02:45:22 pm »

Where can I get the instructions to get PFSense running on Espressobin?

Thank you

Nowhere because it doesn't exist  yet.

Hardware / Re: Hardware Requirements small network
« on: March 20, 2018, 08:54:08 am »
SG-1000 will do. Maybe add a switch and a USB stick for storage.

Hardware / Re: pfsense on 1 network/ethernet port PC using VLANS
« on: March 20, 2018, 08:53:41 am »
I see you like the minisys-4, what do you use the last 2 ports in the minisys to?

I have read ppl having trouble using a USB-NIC dongle but if that works for you, great.

Extra ports on my minisys port is currently unused, I didn't buy the 4 for the extra ports but the 2 ports version CPU didn't cut it for me, or doesn't have hardware AES. One use for those ports is if you want to create discrete separate subnets, but I see ppl here are big into VLANs which can mimic the same thing.

Sorry, but I don't understand. You bought a 2 port and it doesn't support AES or?

No, be bought the 4-port version, even while he only needed 2 ports. This is because the 2-port version has no AES-NI, but the 4-port version does. Having 2 unused ports is fine, having no AES-NI is stupid. So that's why :D

Pages: [1] 2 3 4 5 ... 63