Last Updated on May 1, 2024 by Daniel Osakwe
Review of the NetGate SG-1100 pfSense Firewall
NetGate, a company known for its community-oriented NetGate TZ-1, has come up with a new line of firewalls and routers, the SG-1100. I decided to look at this device to see how well it would work with pfSense.
The NetGate SG-1100 is a pfSense Firewall, and as such, is a robust firewall that should be able to process large amounts of traffic.
I decided to start out with a configuration of a basic setup using the firewall like a router. I wanted to see how well the firewall would handle the high amount of traffic that would come from a large number of VMs on the network, and I wanted to see how well the firewall would perform with the multiple VPN connections that I would want to use.
This article, however, will focus on some of the key features of the NetGate pfSense SG-1100, its pros and cons, and the system requirements to determine if you can use it for your setup.
Table of Contents
Why the NetGate SG-1100 pfSense Firewall?
The NetGate SG-1100 is a fanless, sleek, compact, and lighter box, significantly smaller than the other boxes in the SG line. While the exterior of the device appears to be a nice, clean, elegant package, underneath is a highly flexible modular design.
The system is powered by an energy-efficient 64-bit Marvell ARMADA 3720 network processor-on-chip. The SG-1100 is also equipped with dual Cortex-A53 ARM processor cores and a wide variety of high-speed interfaces.
For those who don’t understand these numbers, consider this: just imagine having to purchase other routers that include excessive features that add to the cost while actually being unnecessary. In contrast, the SG-1100 model is powered by this new technology. So what does that mean? As a result, the attached modules match the exact user expectations, which are centered solely on power and speed.
Additionally, NetGate pfSense SG-1100 is based on the Marvell Espressobin design. The Marvell ESPRESSObin can be used for a wide range of applications like firewalls, servers, gateways, and Wi-Fi extenders, all on a single board computing platform. This processor runs at 1.2 GHz and costs a fraction of what conventional retail products do.
The NetGate SG-1100 can be mounted or placed on a desk or shelf. It is also amazing to note that the SG-1100 runs in an energy-efficient manner but with 5x faster speed and 2x more RAM storage! As a firewall, it can achieve a throughput of 500Mbps, and as a router, it can achieve a throughput of 1 Gbps.
| Pros | Cons |
| 500 Mbps Firewall | Freezing, Prone to Hanging |
| 1Gbps Networking | It might not work on a 1000 Mbps fiber connection. |
| There are no moving parts to wear out. | |
| Power-saving | |
| Easy-to-use GUI |
NetGate SG-1100: Key Features
Packet filtering performance
Packet filtering is used for controlling network access. According to the packet’s source, IP address, ports, and protocols, it either passes or halts. This feature makes traffic flow faster since it doesn’t require any signature reading.
It will, however, be necessary to open certain ports so that traffic can pass through the firewall. The problem with this type of technology is that it is both secure and insecure. As long as no suspicious ports are open, it is fast and secure. If a port remains open, any malicious traffic sent won’t be blocked.
Load balancing
A packet distribution pathway is required when continuous traffic flows and is transmitted unevenly throughout the network by the packet filtering performance. This can be accomplished through load balancing. A load balancer balances traffic coming in by distributing it to output ports. This ensures that all servers receive equal amounts of traffic.
pfSense Software
The pfSense software is an open-source network security solution that can be configured using a web-based interface. It provides dependable and full-featured firewall protection in the cloud that is as effective as expensive commercial firewalls. The technology can be used as a packet filtering firewall, DNS server, VPN router appliance, or even configured for other purposes.
Microchip Crypto Verification Device
If you are considering purchasing devices that use pfSense software, look for a Microchip CryptoAuthentication device that assures you that your device will run an authentic, unaltered version of the software. It is a key feature worth mentioning as not every form factor offers such a guarantee.
Suricata IDS Engine
The Suricata Engine combines IDS, IPS, NSM, and offline PCAP file processing into a single network threat detection engine. The engine detects threats based on signatures and rules.
Intrusion Detection Systems (IDS)
A real-time intrusion detection system, or IDS, preprocesses packets before passing them on to a detection engine, which matches connections against known attacks.
The Intrusion Prevention System (IPS)
As the traffic goes through the network, this technology continuously monitors the network, scans the packets for malicious threats, and records any such threats for future use. Unlike the IDS, which sends information when threats occur, the IPS prevents them from occurring.
Flexible configuration
The SG-1100 performs at the highest level because it follows the Marvell Espressobin design, which is a single-board computer yet is able to perform multi-WAN, high availability, VPN, load balancing, reporting, and monitoring.
NetGate SG-1100: Other Features
- Enhanced Security
- Modern Packaging
- Flexible Installation
- There are no add-ons required.
- There is no feature-based pricing.
- Long Operational Lifetime
- VPN
Specifications for the NetGate SG-1100
| Firewall Throughput: | 500Mbps |
| Maximum Concurrent Sessions: | 1 Million |
| Integrated I/O: | 3x Gigabit Ethernet |
| System Memory: | 1GB DDR4 RAM |
| Storage Capacity: | 8GB eMMC |
| Serial Ports: | LAN and USB |
| Form Factor: | Desktop |
| Power Supply: | 3.48W |
| Dimensions: | 110 x 84.6 x 31.75mm |
| Weight: | 498.95g |
Final Thoughts
The SG-1100 from NetGate has some promising features that focus primarily on speed and computer memory. However, it is quite ambitious to have all these features in one box, including the ARMADA processor, gigabit routing, and a full Suricata IDS engine. While it offers advanced security, we’re still not at the point in technology where we can get all of these features in one firewall at a low price. This device is recommended for users with 500 Mbps of firewall traffic. Anything more than that, and the SG-1100 isn’t the best choice.
