SG-3100 bargain - will it do?

MikeMcGraw · November 25, 2020, 11:40pm

Hello all,
A friend is moving away from pfSense and he’s offering me his SG-3100 for $150. Im interested because Im considering upgrading my quite basic home router. I want a small dedicated box, not interested in running pfSense on a VM or a laptop or the like.

So far I know I want:
-pf blocker to block ads
-VLANs and L3 gbit routing (I have managed switches/AP’s)
-no s2s vpn
-Mullvad vpn for all clients
-if possible: suricata (negotiable if too cpu hungry)

This is for home use, connection is 300/50, 6 people, pretty quiet network, not that much traffic

This question is two-fold:

Which packages would I need for the following tasks:
-inspect traffic on some VLANs (what sites is my work laptop calling, is my smart TV phoning home etc
-monitor system performance (cpu, mem etc) over time
-see cpu/mem load per taks/app/package

I’ve read about ntopng, zabix on this forum.Ntopng is said to be cpu power hungry. Other options?

I know how to set up the basics, VLANs, firewall and NAT rules in pfSense. I’m willing to spend a day or two to learn setting up the additional monitoring apps, I see Tom has lots of videos up here.

Is the SG-3100 powerful enough to do what I want, with the packages you suggest, given the low profile network we have?

Thanks, Mike

LTS_Tom · November 25, 2020, 11:54pm

The VPN speed is goint ot be less than the 300 you have. Suricata with too many rules enabled will also be a taxing on the system. As for monitoring, Zabbix runs as a separate server to monitoring and does work well.

MikeMcGraw · November 26, 2020, 1:21am

Hi Tom, thanks! So if would drop suricata altogether, things would be different, is that correct? Also, I’m okay with Mullvad vpn speed being 100-150mbps. We are not that speed hungry.

More importantly: what package would you then suggest for the VLAN traffic inspection? Is ntopng the only choice and if so would the SG-3100 be able to keep up?

LTS_Tom · November 26, 2020, 10:43am

I have not used NTOP in a while but it is processor intensive

MikeMcGraw · November 26, 2020, 9:31pm

Okay, so can you recommend another package or method that is capable of gathering the log data I’m interested in? Just want some insight in for example IoT devices calling home or not and what sites my windows work laptop is calling.
Thanks
Best, Mike

LTS_Tom · November 27, 2020, 11:30am

Nothing really simple that I am aware of. On the far more complicated side is https://securityonionsolutions.com/ or http://pfelk.3ilson.com/

MikeMcGraw · December 8, 2020, 1:50am

Hi Tom, I played around with DNS resolver logs and really that level of information is all I need, but realised i would need a syslog server, which I thought I didn’t have. But I suddenly realised I have a synology NAS. So I set it up to receive logs and now I can have good retention. On the NAS I can filter on client IP address to see domain names called per client. This will do for now