Netgate 4100 pfSense Plus Router-Firewall-VPN Appliance Review

7
Netgate 4100 Front
Netgate 4100 Front

Over the past few months, we have been working with the Netgate 4100. As we have been running a series on low-cost DIY pfSense/ Proxmox VE machines, we received many questions about what would be a commercially supported solution with higher built quality. The entry answer there is the Netgate 4100. This firewall, router, VPN, and more box is the company’s entry x86 solution (at the time of this writing.) What is more, it utilizes a feature called Intel QuickAssist Technology, or QAT, that we will be showing more on over the coming weeks at STH. Let us get to the review.

Video Version

As with many of our pieces recently, we have a video version to accompany this review:

We always suggest opening the video in its own tab, browser, or app for a better viewing experience.

Netgate 4100 Hardware Overview

The chassis itself measures 10 x 7.88 x 1.88 inches or 254 x 200 x 47.63 mm. Netgate includes rubber feet one can use that would slightly increase the height (not shown.) The front of the unit has a logo and LED status lights.

Netgate 4100 Front
Netgate 4100 Front

The outer shell is made of plastic, but the main structure is a giant aluminum heatsink and PCB that we will see later. The top is flat and featureless. One side has perforations and what looks like an unmarked Kennsington lock port. The other has two USB 3 Type-A ports.

Netgate 4100 USB Ports Side
Netgate 4100 USB Ports Side

The rear of the Netgate 4100 has two combo RJ45 and SFP WAN ports as well as four RJ45 2.5GbE LAN ports. The two combo ports allow either RJ45 or SFP optical modules to be used in each port, but each port is either copper or optical.

Netgate 4100 Ports Angle
Netgate 4100 Ports Angle

The four RJ45 LAN ports are 2.5GbE. One can configure these ports differently in software, but the default will match what is on the chassis so if you do change them, you will need to mark this.

Netgate 4100 Rear Ports
Netgate 4100 Rear Ports

There is also a standard USB console port and a RJ45 serial console port. When using the USB serial console, you may see a “CP2104 USB to UART bridge controller” device instead of a functioning COM port. You can search for CP210x Universal Windows Driver or CP210x VCP Mac OSX Driver if you are having issues connecting. For Linux, the driver is in modern kernels.

On the bottom of the unit, we can see a large heatsink surface and regulatory markings. Many of the lower-cost units on the market lack things like FCC markings that can be important in may environments.

Netgate 4100 Bottom With Trim
Netgate 4100 Bottom With Trim

This heatsink is for a relatively low-power 10.5W CPU, the Intel Atom C3338R, 4GB of memory, and the other components on this side. The unit also comes with 16GB of eMMC storage built-in. These are not user-serviceable components so one cannot upgrade this system to 16GB of RAM or with a different CPU (easily at least.)

Netgate 4100 Bottom Without Trim
Netgate 4100 Bottom Without Trim

We peeled away the chassis, and here is the other side. As you can see there is a M.2 slot for a NVMe SSD that can be added via the Netgate 4100 Max uni that comes with a 128GB drive. This is not covered by the heatsink, so installing a high-power NVMe SSD here would likely be unwise, but we did not test it.

Netgate 4100 Motherboard Top Without Trim
Netgate 4100 Motherboard Top Without Trim

A small, but nice feature is the locking DC power input. We see this on higher-end embedded appliances that use DC barrel power inputs. This locking mechanism prevents the power input from being removed accidentally.

Netgate 4100 Power Supply Locking
Netgate 4100 Power Supply Locking

Netgate does not make these units themselves. Instead, a reader previously noted that this is based on the Silicom Cordoba platform. Silicom makes quality designs and is an OEM/ODM for companies like Intel and Dell among many others. It is immediately clear the quality difference between this device and some lower-cost options for DIY we have seen previously.

Next, let us get to the software, then to the performance. We will follow those with the power consumption, noise, and our key lessons learned.

7 COMMENTS

  1. this is 4g of non-upgradable ram, C3338R with 2c/2t and 2.2ghz turbo and only 16gb of emmc for $600. zero 10gb sfp+.

    when netgate sells you a firewall, firewall you get. installing IDS, packet capture, netflow, monitoring server is out of the question.

    //

    > On the VPN side, we had OpenVPN running in the 210-225Gbps…
    what a typo.

  2. I’ve talked to people who own the SG-4100 and they all say that it’s a very high-quality device. It’s probably better to compare the price to one of the big commercial firewall vendors, rather than to a somewhat sketchy device from Aliexpress with no support or real warranty.

    As for the extra features you list, I’d argue that they don’t belong on your firewall anyway. :-)

    The SG-4100 (and Netgate’s other appliances) aren’t for everyone, but if you need a solid, supported commercial firewall appliance, they seem to be good values. YMMV

  3. Stuart, if you are to argue those features don’t belong on the unit, whar do you propose for said features?

  4. I had the older version based on Intel Atom. It stopped functionnig after 4 years of normal usage in a home. Seemed to be an issue with the atom processor used inside (Intel acknowledged the problem). It totally bricked itself.

    Also, don’t know if the issue with the speed for a PPPoE WAN connecrion is fixed. The issue was that PPPoE was running over a single core, thus never being able to go over 500Mbps in a Gigabit WAN connection. It could have been pushed to 600Mbps by overclocking the unit (via the GUI).

    I liked it but I felt let down when it bricked itself (just stopped functioning). Also, I went for an Edgerouter-12 and not for the 4100 or 6100 from pfSense as this one has more ports, I was able to reach Gigabit WAN connection, was able use linux packages on it (apt-get FTW) and it’s waaaaay chwaper.

  5. Patrick – don’t get me wrong. I really loved the product. I know it’s not Netgate’s fault.

    I still would like to use one but these newer models have less ports than the old RCC-VE 4860 and are very hard to find on a decent price anywhere in Europe. (I asked a friend from USA to bring it to me and I paid him back as he was coming to Europe.)

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.