SG-3100 or SG-5100 - Which one to buy

ccc · February 27, 2020, 3:21pm

Hello,

Been trying to decide on which pfSense to purchase between SG-3100 or the SG-5100.

It’s for a home network, currently one WAN, but will get a failover since I work from home.
Currently have about 40 clients on the network, some hard wired into the Unifi 24port, some wireless and some VMs.

I currently use ExpressVPN on some clients and I am going to set this up on the pfSense instead, so that filtered MAC addresses connects over it and would like to make sure that it gets close to line speed (WAN download is currently 200Mbps, but will be 1Gbps within the near future).

Thank you for reading it and I am open to suggestions…

paolo · February 27, 2020, 3:53pm

Does it have to be one of those devices?

There are some way more affordable solutions out there if you’re willing to step away from official Netgate hardware, e.g. the APU boards from PC Engines.

ccc · February 27, 2020, 3:58pm

doesn’t have to be them, what do you suggest?

rtucker · February 27, 2020, 4:01pm

You could run PfSense on something like this and be great.

https://www.amazon.com/Firewall-Micro-Appliance-Gigabit-Intel/dp/B01H2QJTM4/ref=pd_di_sccai_18?_encoding=UTF8&pd_rd_i=B01H2QJTM4&pd_rd_r=3c895056-08fb-4054-a1a0-9cb9c82e7529&pd_rd_w=4IYhS&pd_rd_wg=vppzi&pf_rd_p=e532f109-986a-4c2d-85fc-16555146f6b4&pf_rd_r=ST25TZ64MH3B39DZNVS7&psc=1&refRID=ST25TZ64MH3B39DZNVS7

paolo · February 27, 2020, 4:07pm

Well, for example the apu2e4 is a great little board.

ccc · February 27, 2020, 5:10pm

rtucker:
I do not think that supports AES-NI

SpeedD408 · February 27, 2020, 5:22pm

Between those two I would choose the SG-5100.

For the one rtucker posted - This one supports AES-NI.

https://www.amazon.com/dp/B07G9NHRGQ/ref=psdc_13896591011_t1_B01H2QJTM4

I bought the 6 port i5-7200U version over a year ago and it has performed flawlessly.

https://www.aliexpress.com/item/32854681562.html?spm=2114.search0104.3.56.551320c9AShoH4&ws_ab_test=searchweb0_0,searchweb201602_1_10065_10130_10068_10890_10547_319_10546_317_10548_10545_10696_453_10084_454_10083_10618_10307_537_536_10902_10059_10884_10887_321_322_10103,searchweb201603_6,ppcSwitch_0&algo_expid=34891558-c201-43db-bd74-1ac0ca08cb90-8&algo_pvid=34891558-c201-43db-bd74-1ac0ca08cb90&transAbTest=ae803_3

I went with 32GB RAM and 512 MSATA - why because I could. Way over kill I know, but I didn’t want to run into a situation where I would need to open it up again. I like to max it out and let it run for years. Saves a bit of time and money as I’m not tossing RAM modules away.

FredFerrell · February 27, 2020, 6:47pm

If you already have a virtual host running you could just virtualize it. I have one interface assigned on the VM and then created sub-interfaces for the VLANs I needed to run on it.

ccc · February 27, 2020, 7:02pm

@FredFerrell, I do have XCP-NG but prefer to run it on a physical machine.

ccc · February 27, 2020, 8:14pm

@SpeedD408, ended up going with your suggestion from AliExpress… 8G RAM 256G SSD i7-7500U… should handle what I need it to do.

Thanks for the advises.

SpeedD408 · February 27, 2020, 8:29pm

Glad to help!! Here is to quick shipping.

willhiji · March 2, 2020, 9:21pm

A couple months ago I was trying to make the same decision for home/office hardware. I opted for the Protectli FW4B - 4 Port Intel 3160 and it has worked out great. I ordered it directly from their web site at www.protectli.com at slightly less cost than Amazon and still delivered promptly. Highly recommended.