Over the past few months, we have been working with the Netgate 4100. As we have been running a series on low-cost DIY pfSense/ Proxmox VE machines, we received many questions about what would be a commercially supported solution with higher built quality. The entry answer there is the Netgate 4100. This firewall, router, VPN, and more box is the company’s entry x86 solution (at the time of this writing.) What is more, it utilizes a feature called Intel QuickAssist Technology, or QAT, that we will be showing more on over the coming weeks at STH. Let us get to the review.
Video Version
As with many of our pieces recently, we have a video version to accompany this review:
We always suggest opening the video in its own tab, browser, or app for a better viewing experience.
Netgate 4100 Hardware Overview
The chassis itself measures 10 x 7.88 x 1.88 inches or 254 x 200 x 47.63 mm. Netgate includes rubber feet one can use that would slightly increase the height (not shown.) The front of the unit has a logo and LED status lights.
The outer shell is made of plastic, but the main structure is a giant aluminum heatsink and PCB that we will see later. The top is flat and featureless. One side has perforations and what looks like an unmarked Kennsington lock port. The other has two USB 3 Type-A ports.
The rear of the Netgate 4100 has two combo RJ45 and SFP WAN ports as well as four RJ45 2.5GbE LAN ports. The two combo ports allow either RJ45 or SFP optical modules to be used in each port, but each port is either copper or optical.
The four RJ45 LAN ports are 2.5GbE. One can configure these ports differently in software, but the default will match what is on the chassis so if you do change them, you will need to mark this.
There is also a standard USB console port and a RJ45 serial console port. When using the USB serial console, you may see a “CP2104 USB to UART bridge controller” device instead of a functioning COM port. You can search for CP210x Universal Windows Driver or CP210x VCP Mac OSX Driver if you are having issues connecting. For Linux, the driver is in modern kernels.
On the bottom of the unit, we can see a large heatsink surface and regulatory markings. Many of the lower-cost units on the market lack things like FCC markings that can be important in may environments.
This heatsink is for a relatively low-power 10.5W CPU, the Intel Atom C3338R, 4GB of memory, and the other components on this side. The unit also comes with 16GB of eMMC storage built-in. These are not user-serviceable components so one cannot upgrade this system to 16GB of RAM or with a different CPU (easily at least.)
We peeled away the chassis, and here is the other side. As you can see there is a M.2 slot for a NVMe SSD that can be added via the Netgate 4100 Max uni that comes with a 128GB drive. This is not covered by the heatsink, so installing a high-power NVMe SSD here would likely be unwise, but we did not test it.
A small, but nice feature is the locking DC power input. We see this on higher-end embedded appliances that use DC barrel power inputs. This locking mechanism prevents the power input from being removed accidentally.
Netgate does not make these units themselves. Instead, a reader previously noted that this is based on the Silicom Cordoba platform. Silicom makes quality designs and is an OEM/ODM for companies like Intel and Dell among many others. It is immediately clear the quality difference between this device and some lower-cost options for DIY we have seen previously.
Next, let us get to the software, then to the performance. We will follow those with the power consumption, noise, and our key lessons learned.
this is 4g of non-upgradable ram, C3338R with 2c/2t and 2.2ghz turbo and only 16gb of emmc for $600. zero 10gb sfp+.
when netgate sells you a firewall, firewall you get. installing IDS, packet capture, netflow, monitoring server is out of the question.
//
> On the VPN side, we had OpenVPN running in the 210-225Gbps…
what a typo.
You can easily upgrade to pfSense Plus for free. I also got this unit from Amazon
Barebones with a Intel Core I7 1165G7 for $550.00. Excellent build quality and customer service.
I’ve talked to people who own the SG-4100 and they all say that it’s a very high-quality device. It’s probably better to compare the price to one of the big commercial firewall vendors, rather than to a somewhat sketchy device from Aliexpress with no support or real warranty.
As for the extra features you list, I’d argue that they don’t belong on your firewall anyway. :-)
The SG-4100 (and Netgate’s other appliances) aren’t for everyone, but if you need a solid, supported commercial firewall appliance, they seem to be good values. YMMV
Stuart, if you are to argue those features don’t belong on the unit, whar do you propose for said features?
I had the older version based on Intel Atom. It stopped functionnig after 4 years of normal usage in a home. Seemed to be an issue with the atom processor used inside (Intel acknowledged the problem). It totally bricked itself.
Also, don’t know if the issue with the speed for a PPPoE WAN connecrion is fixed. The issue was that PPPoE was running over a single core, thus never being able to go over 500Mbps in a Gigabit WAN connection. It could have been pushed to 600Mbps by overclocking the unit (via the GUI).
I liked it but I felt let down when it bricked itself (just stopped functioning). Also, I went for an Edgerouter-12 and not for the 4100 or 6100 from pfSense as this one has more ports, I was able to reach Gigabit WAN connection, was able use linux packages on it (apt-get FTW) and it’s waaaaay chwaper.
Sorin N – We did a lot on the C2000 series AVR54 bug, and even got hit by it in one of our firewalls. See Intel Atom C2000 AVR54 bug
There was a C0 stepping to fix that on the Atom C2000 series that came out later, but that is also what delayed the Atom C3000 series launch.
It was a bug that hit every vendor in the industry.
Patrick – don’t get me wrong. I really loved the product. I know it’s not Netgate’s fault.
I still would like to use one but these newer models have less ports than the old RCC-VE 4860 and are very hard to find on a decent price anywhere in Europe. (I asked a friend from USA to bring it to me and I paid him back as he was coming to Europe.)