Key Lessons Learned
Let us get to key lessons learned, and specifically, let us address pricing here. First off, the Netgate 4100 is $599. Adding a 128GB NVMe SSD for the 4100 MAX configuration is an additional $100. Moving down the stack, one gets into Arm systems while higher in the stack is all x86. This is the entry x86 offering.
For many of our readers, the Netgate 6100 is going to be a better fit for performance. Doubling the CPU performance and memory is a big deal, especially when going from two cores to four cores in a device like this. If you want a device to match for a 1GbE connection, or a 1.2Gbps+ connection as those become more common, then the Netgate 6100 is probably a good bet. From Netgate’s own testing that we got fairly close to on our 4100, the 6100 should be roughly twice as fast. That is a big deal.
The other big one is going to be some of the inexpensive AliExpress boxes we have seen with Jasper Lake consumer CPUs and 2.5GbE. These offer expandable memory, faster CPUs, and large storage capacities at a low cost have made these little boxes popular in China and some parts of Southeast Asia.
For lab environments, the cheap systems are fairly reasonable. They run pfSense, not pfSense Plus so there are a few features like the AWS VPC connect that they do not have. At the same time, there are massive build quality differences between the Cordoba platform and the AliExpress boxes. Looking at them side-by-side, there is an enormous gap in terms of quality between the offerings. If you are buying a box for a business the better supply chain, quality, and pfSense plus will push many of our readers to the Netgate 4100 as an obvious choice.
At first, $599 felt expensive for a system built around a sub $40 CPU with 4GB of memory and 16GB of eMMC. Perhaps the way to think of it is more that you are also paying for the software and the peace of mind that you are getting with the solution. Still, the Netgate 6100 feels like the one I would get to add around twice the performance for a third more cost.
Final Words
Having used this unit for some time, and also having it get cross-shipped between Patrick and myself (three round trips since he wanted to do the video), this unit worked very well. It was easy to use and took minutes to get up and running. If you are a pfSense user, pfSense plus feels the same, just with a few extra features. Realistically, the Netgate 4100 is for folks that want to use pfSense but are in that space where they want a commercial solution for pfSense instead of getting a Fortinet, SonicWall, Juniper, Cisco, or other solution in that class. There are other reasons to go with those boxes, but this is for those that want pfSense and likely lower costs.
The connectivity with the four 2.5GbE ports is great, along with the combo 1GbE ports is great, as are the little features like the locking power connector and giant fin array below the unit. That fin array gets hot, but it has ample cooling for the device.
Overall, we like this unit, especially in environments where the maximum WAN speeds are in the 100-400M range if you want to add services like VPN or more firewall rules. For higher-end use cases, it feels like the answer is to simply get a bigger box with more capacity. Different users running different services may have other sizing ideas.
this is 4g of non-upgradable ram, C3338R with 2c/2t and 2.2ghz turbo and only 16gb of emmc for $600. zero 10gb sfp+.
when netgate sells you a firewall, firewall you get. installing IDS, packet capture, netflow, monitoring server is out of the question.
//
> On the VPN side, we had OpenVPN running in the 210-225Gbps…
what a typo.
You can easily upgrade to pfSense Plus for free. I also got this unit from Amazon
Barebones with a Intel Core I7 1165G7 for $550.00. Excellent build quality and customer service.
I’ve talked to people who own the SG-4100 and they all say that it’s a very high-quality device. It’s probably better to compare the price to one of the big commercial firewall vendors, rather than to a somewhat sketchy device from Aliexpress with no support or real warranty.
As for the extra features you list, I’d argue that they don’t belong on your firewall anyway. :-)
The SG-4100 (and Netgate’s other appliances) aren’t for everyone, but if you need a solid, supported commercial firewall appliance, they seem to be good values. YMMV
Stuart, if you are to argue those features don’t belong on the unit, whar do you propose for said features?
I had the older version based on Intel Atom. It stopped functionnig after 4 years of normal usage in a home. Seemed to be an issue with the atom processor used inside (Intel acknowledged the problem). It totally bricked itself.
Also, don’t know if the issue with the speed for a PPPoE WAN connecrion is fixed. The issue was that PPPoE was running over a single core, thus never being able to go over 500Mbps in a Gigabit WAN connection. It could have been pushed to 600Mbps by overclocking the unit (via the GUI).
I liked it but I felt let down when it bricked itself (just stopped functioning). Also, I went for an Edgerouter-12 and not for the 4100 or 6100 from pfSense as this one has more ports, I was able to reach Gigabit WAN connection, was able use linux packages on it (apt-get FTW) and it’s waaaaay chwaper.
Sorin N – We did a lot on the C2000 series AVR54 bug, and even got hit by it in one of our firewalls. See Intel Atom C2000 AVR54 bug
There was a C0 stepping to fix that on the Atom C2000 series that came out later, but that is also what delayed the Atom C3000 series launch.
It was a bug that hit every vendor in the industry.
Patrick – don’t get me wrong. I really loved the product. I know it’s not Netgate’s fault.
I still would like to use one but these newer models have less ports than the old RCC-VE 4860 and are very hard to find on a decent price anywhere in Europe. (I asked a friend from USA to bring it to me and I paid him back as he was coming to Europe.)