Netgate SG-1000 microFirewall

Author Topic: SG-1000 microFirewall  (Read 3864 times)

0 Members and 1 Guest are viewing this topic.

Offline gordc

  • Jr. Member
  • **
  • Posts: 63
  • Karma: +1/-1
    • View Profile
Re: SG-1000 microFirewall
« Reply #15 on: October 25, 2017, 09:33:36 am »
I have been working on this case with support since Aug 25 (#27001).   As indicated in the notes I ran extensive testing on the firewall in question only to be told that support could not replicate the problem that it must be an issue with the particular unit I had.   We paid to send the firewall back and we received it back with a new board inside.   When I plugged it in I had the exact same issue.  By this time the issue is two months old.   The client that purchased the firewall has been using a borrowed firewall during this time.  Now I am told it is a bug #7532 and that I have to wait for the bug fix.

So here are my concerns.  If this is a bug and support was supposed to have tried to replicate the problem why did they indicate they could not.
When I look at the bug I notice that it is stated that it was to be fixed in 2.4.1 but then pushed to 2.4.2 and now 2.4.3
So how long do we have to wait so that the product purchased over two months ago is usable since in the meantime the client has a firewall that is useless to them.   This may not seem like an issue to you but it is to the client who is a small non-profit company with little money to spend on IT which is why we went with this unit to begin with.
I am not happy at all with pfSense at this point.

Offline mezzoman

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: SG-1000 microFirewall
« Reply #16 on: December 30, 2017, 06:56:27 pm »
I've owned many Netgates and installed them for clients over the years. I just wanted a good home Net-facing edge box, so I purchased the SG-1000 3 weeks ago.  It's been really inconsistent. Here are a few observations:

The CPU is at 100% continuously in the webGUI.  I did connect with a USB console cable and checked the processes with top -aSH.  netstat was at times 1200%+ of CPU.  It was immediately niced, but over the course of ~60 seconds it popped to the top (punn intended) 10 or so times ranging from 500% of CPU to 1200%.  This makes web page load times incredibly inconsistent.  Especially anything that hits google analytics or akamai strangely.  Even this page on the pfSense docs takes 8-10 seconds to load --> https://doc.pfsense.org/index.php/High_Load_Troubleshooting

Other pages load ridiculously fast as they should.  I have 60Mb/s download speeds on raw pipe at the modem when using naked ethernet. 

It's fascinating.  Any insight is appreciated. This behavior occurs with no extra packages and even the internal DNS resolver/forwarder turned off.  (It was unbearable with it on ;-)  (I had PFBLocker and OpenVPN installed but I removed them just to see if it would have a positive effect, so there are no packages currently installed)  And only 3 port forwarding rules for non standard ports that use for sftp access for remote file access.

I love pfSense, always have.  Happy to give whatever data is necessary to troubleshoot the issue.

Thanks!

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21565
  • Karma: +1471/-26
    • View Profile
Re: SG-1000 microFirewall
« Reply #17 on: January 02, 2018, 01:31:16 pm »
As was noted in one of the other threads where you made similar comments, it looks like you're seeing a side effect of a bug with netstat that was recently fixed in FreeBSD: https://forum.pfsense.org/index.php?topic=139255.0
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline mezzoman

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: SG-1000 microFirewall
« Reply #18 on: January 02, 2018, 10:15:40 pm »
Interestingly, I saw a few things in the logs that looked like a issue with IPv6 DHCP on the WAN interface (my ISP does not provide that - they'll have to eventually ;-)  So I turned that off.  Magically, the CPU is now visible on the main page.  It live updates correctly.  It's still high, as you would expect without the netstat change which is forthcoming, but it goes down to 50%, 64%, 84%, but never goes to 100%.  The routers performance is significantly improved. Thought I'd share my experience.  Thanks for all you guys do.

Offline gpfsenser

  • Newbie
  • *
  • Posts: 10
  • Karma: +0/-0
    • View Profile
Re: SG-1000 microFirewall
« Reply #19 on: January 19, 2018, 09:08:14 am »
I've had mine for almost a year.  Overall, I'd say fairly stable.  The install procedure, and console access is a bit of a challenge - but the documentation is solid and very helpful there. Make sure you enjoy serial ports and console connections.  Not that this is a 'normal' operation - typically the unit runs fine.

For completeness, I must say I did just have a brick event, but I'm not sure if that was an improper shutdown problem.

Overall pfsense has come a long way - the unit has been reliable, configurable, robust, and this unit absolutely sips power and is so small you can install it pretty much anywhere. 

I'd highly recommend this model for any home or small business location.







Offline ivor

  • Administrator
  • Hero Member
  • *****
  • Posts: 730
  • Karma: +154/-135
    • View Profile
    • Netgate
Re: SG-1000 microFirewall
« Reply #20 on: January 19, 2018, 11:15:45 am »
Glad you like it. Thanks for taking time to share your experience with it :)
Need help fast? Commercial support: https://www.netgate.com/support/