Protectli Fw4a Firewall and Vpn Appliance Recently Reviewed

Netgate SG-4860 pfsense top and side

In August 2015 we published our hardware review of the pfSense SG-4860. As with many network appliances, first impressions are corking, simply what well-nigh longer term stability. Today we have our impressions of the unit of measurement with over 6 months clocked on it.

The Big Question: Stability

Absolutely, when I saw that the pfSense SG-4860 did non include an agile cooling solution I was at least a bit concerned about the stability of the unit of measurement, especially since I had the unit at abode and our business firm can get warm in California summers when we are away. I am pleased to report we have had a full of ii reboots of the unit of measurement in over seven months. Those two reboots were solely due to upgrading to latest security releases. Hither is a electric current snapshot showing 83+ days of uptime.

pfSense SG-4860 uptime

We upgraded to pfSense 2.2.6 after it was released on December 21, 2015 and the unit has not flinched since and so. When it comes to stability, the pfSense SG-4860 is excellent. Full reboot time is measured in seconds so scheduling downtime for upgrades has not been an effect.

VPN Performance

We use OpenVPN tunnels to both our Fremont, CA and Las Vegas, NV datacenters. These tunnels are able to push line rate speeds of 100mbps to both datacenters simultaneously without consequence, and volition even support a third to our Sunnyvale, CA pfSense firewall. Furthermore, the tunnels generally stay upward for at least 30 days straight. Nosotros have seen the OpenVPN tunnels reset, merely the connection gets re-established within seconds and accept yet to see the replication jobs we have running neglect due to the OpenVPN resets. There is probable a way to squeeze more than uptime from the tunnels only since the only way we even can tell they were reset is from the condition page, this is not something we have seen value in working on.

Understanding Rangeley Impact

Intel is working with STH on doing a formal QuickAssist Technology (QAT) piece only the Intel Atom C2558 onboard our pfSense SG-4860 review unit has the QuickAssist engine born. QuickAssist, from Intel'due south printing briefings is something that is going to greatly increment VPN and compression throughput in the future and nosotros have heard the pfSense team is putting work into supporting QAT. Even with lower power consumption and instructions-per-clock performance than newer chips like the Xeon D line Juniper is using in their NFX250 appliance, the SG-4860's onboard Atom C2558 is still going to evangelize better performance per watt.

Netgate SG-4860 pfsense CPU and RAM

While the Intel Rangeley CPU has performance upside in the form of QAT, The average prosumer or SOHO router/ firewall solution does non. This was a corking choice of CPU for the pfSense team and ADI Technology team who collaborated on the hardware.

pfSense Software Packages

One of the other great items we see with pfSense is the ability to use their package manager. The package manager provides a GUI for installing additional functionality as well every bit updating packages. Unlike several years agone, there are at present packages for just almost every network service on might want to run. Here is a screenshot of just a few lines in the package manager:

pfSense suricata parcel listed

One tin see suricata IDS/ IPS engine every bit an option. One can likewise come across services such every bit the TFTP service (useful for updating embedded firmware for example) and even web services such every bit Varnish3. We recently did a curt how-to article on setting up pfSense and HAProxy load balancer. The pfSense package director certainly made that task very unproblematic. There is a short clarification (cherry cavalcade) side by side to each package so fifty-fifty a novice admin tin can search on the page for what they might need. Suricata is certainly an awesome package that runs well on the pfSense SG-4860 hardware.

pfSense suricata package GUI

If yous desire to read more than nigh suricata, delight check this page. pfSense has a WebGUI to help in configuring the solution which certainly brings downwards the overall experience level required to get this up and running. From a home standpoint, suricata was installed months ago and my wife has withal not noticed any ill effects.

pfSense SG-4860 – half-dozen months in – how proficient is it?

After 6 months of utilizing the pfSense SG-4860 on a daily ground, and pfSense elsewhere in the STH architecture, information technology is groovy. Primary requirements for a SOHO appliance are the ability to:

1. Secure the facility from unwanted traffic
2. Apply the entire LAN/ WAN bandwidth
3. Install network services/ rules to meet expanding use cases
4. Provide VPN access to remote locations
5. Be stable!

On all counts the pfSense SG-4860 has performed very well over the by six months. For those struggling with cheap SOHO routers where stability is, at best, questionable at times, in that location is a major benefit in upgrading to a more powerful unit similar the pfSense SG-4860. Even though at STH we take a pick of using just most whatsoever piece of SOHO, SMB or enterprise equipment, nosotros are still using the pfSense SG-4860 because information technology has been admittedly bully. Suffice to say, we are eagerly awaiting the pfSense 2.3 release and getting to effort the SG-4860 on the updated software.

hansonfroffelf.blogspot.com

Source: https://www.servethehome.com/pfsense-sg-4860-6-month-review-great-firewall-router-combo/

Share this post