I am debating my next Netgate model. I’ve learned so much from the tiny little SG-1100 and it has been quite capable really. But it only has 1GB RAM and does seem to struggle with ZFS a bit (erratic behaviour sometimes) and it has its limits. It runs more stable after reverting to UFS.
Anyway, I was thinking SG-2100 or SG-4100 to replace it.
My use case
- Cable modem 200 down / 40 up (easy for SG-1100)
- Considering FTTH 500/500 line
- Home use, 5 family members : 2 adults 3 teenagers
- All Apple ecosystem (8 Macbooks, 4 iPads, 6 iPhones, AppleTV4K)
- All UniFi behind the router: USW24-II, couple of US8-60W, 3 AP Lites, 2 nanoHD’s, Cloud key 2+
- 3 UniFi cameras on separate VLAN
- Secure Devices VLAN, Printers VLAN, Guest VLAN, IoT VLAN, External Devices VLAN
I like to keep things separate but traffic is quite low
- VPN into Netgate only for settings and monitoring, and only once every week or so
- Running a Synology NAS with reverse proxy to service cloud storage (Drive), Photos, File station. Total NAS disk space is 250GB (yes very little, only family use) and web server (static web site)
- Considering MailPlus server hosting my own email
- pfBlocker default settings
Don’t need switch ports on router, don’t need SFP now, maybe later with FTTH, but currently the FTTH company uses RJ45.
This is really about it. I don’t believe the SG-1100 is maxed out for CPU (monitoring says always below 25% but mostly < 5%) but RAM can go to 60-70%.
- Loading dashboard always takes a full 8-9 seconds or more
- We get the occasional WAN gateway loss, but this could be down to bad cabling, cable modem, who knows
SG-2100 has 4GB RAM but the same CPU as the SG-1100, so not sure if this is a big step up.
SG-4100 has considerably more energy consumption but willing to accept that if other benefits outweigh it
Would be very interested to hear your thoughts.
Well I can put it in real world use. I’ve deployed 15ish 2100’s for a business and one of the businesses has VoIP phones, 15 employees, 3 printers, 4 TV’s always streaming videos/music and an VPN back to the main office for AD and a hosted inhouse software and it doesn’t even blink.
I don’t have any packages installed and the utilization is currently at 18% CPU and 43% Memory.
The things that really push pfsense is NTOPNG and or Suricata/Snort. The 2100 is a good platform, but once you bump up to the 4100 it’s a lot faster in terms of VPN and interface performance.
Thank you Maximus and Tom. Reading your replies and the use cases you discuss, the 2100 should be more than adequate for me as I don’t use snort/suricata or ntopng and I don’t need fast VPN performance.
Going 4100 should be more future proof though.
Your replies have been very helpful. Good day to you both
Keep in mind the 2100 has only 1Gbit ethernet ports while the 4100 has some 2.5Gbit ports. While your FTTH may be 1Gbit or less today which a gigabit ethernet port could handle, things may increase in the future making you wish you had some 2.5Gbit ports available
Sorry, this isn’t an answer to your question but rather to ask if you tried tuning ZFS (Hardware — ZFS Tuning | pfSense Documentation) before you reverted to UFS?
When our 5100 crashed, we replaced it with a 2100, but found performance sluggish. Very difficult to measure actual user performance impact. Found out we could repair 5100 (mainboard memory had failed but could be replaced by a M.2 SATA drive). Much happier with 5100; 4100 would be an equivalent choice. Kept 2100 as a backup for the next time the 5100 fails. (Have had two Netgate devices crash at just about the 2 year mark.)
Actually I did not. Thank you for pointing me towards this source, I will read and learn.
I settled on an SG-2100, an updated model with 128GB SSD. I am very happy with it.
The only time it’s sluggish is when I invoke the dashboard. It may take up to 10 seconds to perform this simple task. But the CPU - user util hovers around 3% average and none of my clients ever complain since I installed it.