pfSense Support Subscription

Author Topic: SG-1000 microFirewall  (Read 2946 times)

0 Members and 1 Guest are viewing this topic.

Offline ivor

  • Administrator
  • Sr. Member
  • *****
  • Posts: 586
  • Karma: +134/-125
    • View Profile
    • Netgate
SG-1000 microFirewall
« on: March 04, 2017, 03:09:26 pm »
First pfSense ARM appliance ever, SG-1000 microFirewall. You can purchase official pfSense appliances from the pfSense store and Netgate store.

- TI AM3352 ARM 600Mhz CPU
- 512MB DDR3
- 4GB eMMC
- 2x 1GbE ports.
- ideal for SOHO / remote worker application





Feel free to ask questions about the unit!
« Last Edit: March 04, 2017, 03:36:07 pm by ivor »
Need help fast? Commercial support: https://www.netgate.com/support/

Offline tinjaw

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: SG-1000 microFirewall
« Reply #1 on: March 27, 2017, 09:26:30 am »
I received mine months ago, but it is sitting collecting dust. I require some advice. I have a white box mini-PC running pfsense currently. It has four Ethernet ports. I am using only LAN and WAN, but the other two are configured/available for use. I want to repurpose that box, so I purchased the SG-1000, and now I need to migrate to it.

So, my question is, is it possible to export my config from the current box and import it into the SG-1000? I assume that if I can, I will still need to tweak things for my SG-1000. If not, what is the best way to migrate? It is just a home/office so that I can afford a reasonable amount of downtime.

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21312
  • Karma: +1423/-26
    • View Profile
Re: SG-1000 microFirewall
« Reply #2 on: March 27, 2017, 10:00:25 am »
Delete the two extra interfaces from Interfaces > (assign) and then you should be able to make a backup and import it to the SG-1000. It will prompt you to reassign the interfaces after importing, then pick the new interfaces and save, then apply and it will reboot with the new mappings.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline brando56894

  • Newbie
  • *
  • Posts: 7
  • Karma: +1/-0
    • View Profile
Re: SG-1000 microFirewall
« Reply #3 on: June 13, 2017, 07:29:31 pm »
I bought one of these about 3 weeks ago and I'm pretty disappointed with it, I must say. I had been running pfSense on a book-size micro-atx Intel dual core Celeron, but it was a pain to keep cool (CPU was built in and came with no fan on heatsink) and it took up a fair amount of space that I didn't have. Since I got a big increase in my pay, I decided to support the pfSense project by buying one of your hardware solutions, since I've been using it for a few years. I was going to buy the $300 model but then say the new SG-1000, which looked even more appealing since it was smaller and half the price.

As soon as I received it the problems started: I could see inside the case and wanted to add a MicroSD card but I couldn't get inside the damn thing![/b] The one lonely screw seemed to be screwed in by Hercules himself! I tried about 3 different size Phillips head screw drivers and they all just tore the screw up since a) I don't have a vice to hold the unit in place and b) I can't press on it too hard because I fear bending/breaking it. This also prevents me from using the $10 mounting kit that I purchased.

After about 30 minutes I decided to give up on opening it and move on to replacing the old one with this one. It literally took me about 5 tries and about 45 minutes to get the damn thing working completely. I plugged the MicroUSB cable into the UART port and it would keep getting stuck at various points during the boot process, the internet would be working, but unbound would be dead and the web configurator would be dead also since it had hung before Nginx started. Once I got it loaded up fully I restored my backup configuration, which lead to more hangs. Over about the next week, either the webUI would die and the serial console would give me nothing, but the internet would still work as expected or everything would just flat out lockup and I have would no internet connection and would be forced to reboot by pulling the power cord. This would happen about every 2-4 days. Also during this the webUI would regularly state that the CPU was pegged at 100% but when I would pull up top over serial it would show only about 40% usage.

I finally just decided to do a full factory reset and start from scratch, hoping maybe that would fix the lockups. It did fix the hangs during boot, but my serial console it still dead if I connect to it after the device has fully booted (I just get a black screen, pressing enter or ctrl-c or anything else does nothing) and it still locks up. About 3 hours after I did the reset it completely killed my connection. I was downloading a few things at about 13 MB/sec (I have Verizon Fios 150 Mbps, soon to be ~1 Gbps) and watching a YouTube at 1080P so it didn't put that much load on to it. It's not like I put a huge load on it, I have about 12 devices in my home network, only about 4 or 5 are active at a time and are mostly streaming devices/phones, the only thing that does a lot is my home server and that's sporadic. Since there isn't a temperature sensor in the device I have no idea how hot it's getting. It's warm to the touch and the infrared thermometer I have shows that the inside PCB/Heatsink is around 125F.

Hopefully these hiccups will resolve themselves or maybe I received a bad unit because I feel like I'm not receiving what I paid for considering my cobbled together solution gave me no issues over the 3 years I was using it. Also since I couldn't comment in the thread regarding the crypto-unit, I do feel that it is deceptive to mention that it has it, but failing to mention that it's not currently supported, because the assumption is that if you mention it, it's supported, especially when you're the ones selling the devices. That's kind of like Intel saying in their specs sheet that their newest CPU has 15 cores but when you install Windows/Linux/OS X you only see 6, then you reach out to them and they say "we never said that they were able to be used right now, we're just showing that they're there and will be able to be used at some point in the future". You'd be a little upset wouldn't you? Myself I don't care that much about the crypto-unit, I just want the stupid thing to work as well as the one I used to have.

Offline le_top

  • Newbie
  • *
  • Posts: 18
  • Karma: +1/-0
    • View Profile
Re: SG-1000 microFirewall
« Reply #4 on: August 01, 2017, 06:24:28 pm »
Very similar experience to  brando56894  on my end.
I've reported the issues here and there on the forum.

I could believe that one the replies said "That bug report is for a beta version. Expect bugs." while the official page says "Though the firmware is labeled “BETA” it has proven to be very stable with only a few minor items remaining to be addressed before its release."

It's been released for 7 months - how long is it going to be in "BETA" state.

I am disapointed with the buy (and I bought two supposing that the hardware was validated by the company building PFSense).

Offline ivor

  • Administrator
  • Sr. Member
  • *****
  • Posts: 586
  • Karma: +134/-125
    • View Profile
    • Netgate
Re: SG-1000 microFirewall
« Reply #5 on: August 02, 2017, 12:37:43 pm »
Very similar experience to  brando56894  on my end.
I've reported the issues here and there on the forum.

I could believe that one the replies said "That bug report is for a beta version. Expect bugs." while the official page says "Though the firmware is labeled “BETA” it has proven to be very stable with only a few minor items remaining to be addressed before its release."

It's been released for 7 months - how long is it going to be in "BETA" state.

I am disapointed with the buy (and I bought two supposing that the hardware was validated by the company building PFSense).

I'm sorry you're not satisfied with your purchase, while software is in BETA state, final version should arrive within the next few weeks. I replied to you on the thread you have opened, please follow up when you get access to the console https://forum.pfsense.org/index.php?topic=134552.0
Need help fast? Commercial support: https://www.netgate.com/support/

Offline ivor

  • Administrator
  • Sr. Member
  • *****
  • Posts: 586
  • Karma: +134/-125
    • View Profile
    • Netgate
Re: SG-1000 microFirewall
« Reply #6 on: August 02, 2017, 12:38:13 pm »
I bought one of these about 3 weeks ago and I'm pretty disappointed with it, I must say. I had been running pfSense on a book-size micro-atx Intel dual core Celeron, but it was a pain to keep cool (CPU was built in and came with no fan on heatsink) and it took up a fair amount of space that I didn't have. Since I got a big increase in my pay, I decided to support the pfSense project by buying one of your hardware solutions, since I've been using it for a few years. I was going to buy the $300 model but then say the new SG-1000, which looked even more appealing since it was smaller and half the price.

As soon as I received it the problems started: I could see inside the case and wanted to add a MicroSD card but I couldn't get inside the damn thing![/b] The one lonely screw seemed to be screwed in by Hercules himself! I tried about 3 different size Phillips head screw drivers and they all just tore the screw up since a) I don't have a vice to hold the unit in place and b) I can't press on it too hard because I fear bending/breaking it. This also prevents me from using the $10 mounting kit that I purchased.

After about 30 minutes I decided to give up on opening it and move on to replacing the old one with this one. It literally took me about 5 tries and about 45 minutes to get the damn thing working completely. I plugged the MicroUSB cable into the UART port and it would keep getting stuck at various points during the boot process, the internet would be working, but unbound would be dead and the web configurator would be dead also since it had hung before Nginx started. Once I got it loaded up fully I restored my backup configuration, which lead to more hangs. Over about the next week, either the webUI would die and the serial console would give me nothing, but the internet would still work as expected or everything would just flat out lockup and I have would no internet connection and would be forced to reboot by pulling the power cord. This would happen about every 2-4 days. Also during this the webUI would regularly state that the CPU was pegged at 100% but when I would pull up top over serial it would show only about 40% usage.

I finally just decided to do a full factory reset and start from scratch, hoping maybe that would fix the lockups. It did fix the hangs during boot, but my serial console it still dead if I connect to it after the device has fully booted (I just get a black screen, pressing enter or ctrl-c or anything else does nothing) and it still locks up. About 3 hours after I did the reset it completely killed my connection. I was downloading a few things at about 13 MB/sec (I have Verizon Fios 150 Mbps, soon to be ~1 Gbps) and watching a YouTube at 1080P so it didn't put that much load on to it. It's not like I put a huge load on it, I have about 12 devices in my home network, only about 4 or 5 are active at a time and are mostly streaming devices/phones, the only thing that does a lot is my home server and that's sporadic. Since there isn't a temperature sensor in the device I have no idea how hot it's getting. It's warm to the touch and the infrared thermometer I have shows that the inside PCB/Heatsink is around 125F.

Hopefully these hiccups will resolve themselves or maybe I received a bad unit because I feel like I'm not receiving what I paid for considering my cobbled together solution gave me no issues over the 3 years I was using it. Also since I couldn't comment in the thread regarding the crypto-unit, I do feel that it is deceptive to mention that it has it, but failing to mention that it's not currently supported, because the assumption is that if you mention it, it's supported, especially when you're the ones selling the devices. That's kind of like Intel saying in their specs sheet that their newest CPU has 15 cores but when you install Windows/Linux/OS X you only see 6, then you reach out to them and they say "we never said that they were able to be used right now, we're just showing that they're there and will be able to be used at some point in the future". You'd be a little upset wouldn't you? Myself I don't care that much about the crypto-unit, I just want the stupid thing to work as well as the one I used to have.

Have you ever contacted our support for the issues you experienced?
Need help fast? Commercial support: https://www.netgate.com/support/

Offline ivor

  • Administrator
  • Sr. Member
  • *****
  • Posts: 586
  • Karma: +134/-125
    • View Profile
    • Netgate
Re: SG-1000 microFirewall
« Reply #7 on: August 02, 2017, 12:49:45 pm »
Very similar experience to  brando56894  on my end.
I've reported the issues here and there on the forum.

I could believe that one the replies said "That bug report is for a beta version. Expect bugs." while the official page says "Though the firmware is labeled “BETA” it has proven to be very stable with only a few minor items remaining to be addressed before its release."

It's been released for 7 months - how long is it going to be in "BETA" state.

I am disapointed with the buy (and I bought two supposing that the hardware was validated by the company building PFSense).

I'm sorry you're not satisfied with your purchase, while software is in BETA state final version should arrive within the next few weeks. I replied to you on the thread you have opened, please follow up when you get access to the console https://forum.pfsense.org/index.php?topic=134552.0
Need help fast? Commercial support: https://www.netgate.com/support/

Offline le_top

  • Newbie
  • *
  • Posts: 18
  • Karma: +1/-0
    • View Profile
Re: SG-1000 microFirewall
« Reply #8 on: August 02, 2017, 03:41:54 pm »
I'm sorry you're not satisfied with your purchase, while software is in BETA state final version should arrive within the next few weeks. I replied to you on the thread you have opened, please follow up when you get access to the console https://forum.pfsense.org/index.php?topic=134552.0
I hope the team gets it together by september then. 

Offline ivor

  • Administrator
  • Sr. Member
  • *****
  • Posts: 586
  • Karma: +134/-125
    • View Profile
    • Netgate
Re: SG-1000 microFirewall
« Reply #9 on: August 02, 2017, 04:15:34 pm »
I'm sorry you're not satisfied with your purchase, while software is in BETA state final version should arrive within the next few weeks. I replied to you on the thread you have opened, please follow up when you get access to the console https://forum.pfsense.org/index.php?topic=134552.0
I hope the team gets it together by september then.

Rest assured, the issues you have experience are not supposed to happen. I just replied to your thread ;)
Need help fast? Commercial support: https://www.netgate.com/support/

Offline androidian

  • Newbie
  • *
  • Posts: 4
  • Karma: +1/-0
    • View Profile
Re: SG-1000 microFirewall
« Reply #10 on: August 19, 2017, 02:52:00 pm »
Since I've had mine, I have added a VPN client interface (NordVPN) for all outbound traffic and once I got that going well I noticed a couple of things.

1. The units run warm on their backs and this was seemingly causing periodic lockups, but if you mount the SG1000 so that the vents are vertical on the long side and allow air to convect vertically without blocking the bottom, top  or vented side, it runs quite cool.  I achieved this by simply hanging the unit off the side of my bench by it's Ethernet cables.  Problem solved.   Much more stable that way.

2. Also I learned the hard way to NEVER do an update without first doing a full reboot.  That lesson involved two separate install from scratch events. (I don't learn that fast)

The only problem I find now is that the VPN interface or traffic thru it stops off and on and I'm forced to do a reboot to re-connect.  At this point I'm not yet sure if it's the device, OpenVPN or the host dropping my full time connection.  Next year when my Nord account expires I'll switch to another source and see if that makes a difference.

Since my segment of the network is the only thing using the SG1000, I just run my desktop as a static IP outside of the SG1000 DHCP server range so It's an easy connection to jump into it no matter what happens.

Offline cafc66

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: SG-1000 microFirewall
« Reply #11 on: October 16, 2017, 02:35:26 pm »
I'm glad that I'm not the only one that has been experiencing regular hiccups on this device. I bought a few months ago, registered it in august.

After the latest upgrade, a week or two ago, the device won't produce a DHCP inwards, and no matter inner IP what I tried, I couldn't reach it, so I had to remove it. No Internet connection either.. For all purposes it's dead.

I need help fixing this, where should I look for info?

On a side note, it also surprises me how hot this thing runs. I'll try to mount it vertically and see.
IT also surprises me to see the CPU regularly peaking at over 50% for doing absolutely nothing (not even streaming), just by me logged into the device for admin purposes. Is that normal?

Thanks in advance!

Offline ivor

  • Administrator
  • Sr. Member
  • *****
  • Posts: 586
  • Karma: +134/-125
    • View Profile
    • Netgate
Re: SG-1000 microFirewall
« Reply #12 on: October 16, 2017, 02:58:48 pm »
The DHCP issues were a bug in snapshots, it was fixed shortly after. Simply install the 2.4.0-RELEASE and you should be good to go!

Heat wise, device does produce a bit more heat, but it's normal. I mount mine vertically as well !

Regarding the CPU spikes, it's normal to see more intensive CPU usage while logged in as it's a single core CPU.
Need help fast? Commercial support: https://www.netgate.com/support/

Offline Georget27

  • Jr. Member
  • **
  • Posts: 33
  • Karma: +3/-0
    • View Profile
Re: SG-1000 microFirewall
« Reply #13 on: October 17, 2017, 02:51:17 am »
Hello,

Any plans for making an SG-1000 with a WiFi accespoint in it ? I would love to have something small to take with me to hotel rooms etc.

Thanks.

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21312
  • Karma: +1423/-26
    • View Profile
Re: SG-1000 microFirewall
« Reply #14 on: October 17, 2017, 06:28:01 am »
Any plans for making an SG-1000 with a WiFi accespoint in it ? I would love to have something small to take with me to hotel rooms etc.

No, but you can attach a USB wireless adapter to the USB OTG port, so long as it's supported by the drivers on pfSense/FreeBSD.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline gordc

  • Jr. Member
  • **
  • Posts: 63
  • Karma: +1/-1
    • View Profile
Re: SG-1000 microFirewall
« Reply #15 on: October 25, 2017, 09:33:36 am »
I have been working on this case with support since Aug 25 (#27001).   As indicated in the notes I ran extensive testing on the firewall in question only to be told that support could not replicate the problem that it must be an issue with the particular unit I had.   We paid to send the firewall back and we received it back with a new board inside.   When I plugged it in I had the exact same issue.  By this time the issue is two months old.   The client that purchased the firewall has been using a borrowed firewall during this time.  Now I am told it is a bug #7532 and that I have to wait for the bug fix.

So here are my concerns.  If this is a bug and support was supposed to have tried to replicate the problem why did they indicate they could not.
When I look at the bug I notice that it is stated that it was to be fixed in 2.4.1 but then pushed to 2.4.2 and now 2.4.3
So how long do we have to wait so that the product purchased over two months ago is usable since in the meantime the client has a firewall that is useless to them.   This may not seem like an issue to you but it is to the client who is a small non-profit company with little money to spend on IT which is why we went with this unit to begin with.
I am not happy at all with pfSense at this point.