 Tommy here from Lawrence systems and this is a neck eight SG 6100 I actually was provided this device by neck eight. So full disclosure up front on this in June of 2021 they sent this to me So I could do a more in depth and more long-term review that being said They do not get any pre-release copy of this video to critique it or change it The opinions in this video are all my own and for those of you that think I'm biased You'll still comment down below and put all caps lock on and complain. That's fine All right now that we've got that part out of the way Disclosures and what do I think of the device is the more important thing? I do like this device not because they sent it to me But because I think it's a really solid product from neck eight. I've if you follow this channel I've got quite a few videos on both pf sense and a lot of the neck eight hardware provides a nice stable predictable platform for Building out firewalls, but I do want to complain about at least one minor thing that causes a lot of questions And it's actually aesthetics It's the silk screening on here that labels all these ports as when and land They are discreet ports will get more detail on that later in the video, but they discreet port means they can be easily reassigned There's no special back-end. They're individualized ports that can be assigned land or when and that includes the ten gig ones Despite having the silk screening saying when on them They're easily assigned to be land ports or land and when ports however you want the same thing with the two and a half gig ports on The other end here They are assignable even though silk screened as land any one individual port or all of them or any combination of them Can be assigned to different network functions like land or when so I want to get that out of the way and talk about these RJ45 sfp plus adapters. Yes, they physically fit in because this is an sfp plus cage And it is 10 gig physically fitting in and working are two different things officially from neck eight These are not supported this port here the 10 gig ports or even the one gig sfp ports are designed for fiber connections Or your DAC cable connections. They are not designed for officially being used for rj45 10 gig connections That's just one of those little details. I wanted to make sure it's up front So I know that question comes up It's come up in some of the other devices I reviewed like the higher end models. They have This is common for a lot of firewalls. They don't always have 10 gig support in terms of rj45. They usually have sfp There are some heat issues now someone may comment below and you would not be wrong that if you guessed That does it work with some situations? Maybe even ones I've tested Yes, but that's different than being officially supported from neck eight Take the time to read the fine manual that I will leave link down below where they tell you what exactly is supported on here Essentially, they support fiber and DAC as I said, they specifically ask that they be Tagged for intel those ones they guarantee to work But I've actually had some luck working with a few non intel DAC cables. They were labeled something else But overall if you get the intel labeled cables Labeled firmware that comes on the DAC. I have a whole video on DAC I'll leave below talks a little bit more about that But yes, they work perfectly fine in this next thing is The relationship I have with neck eight just so that's Very clear. I'm not a neck eight reseller. I have no offer codes or affiliate codes And if you like to buy this product you buy it from neck eight. I get no commission on there Um, just an FYI on that. So now that all that's all the way Let's dive into the details But first if you like to learn more about me and my company head over to laurence systems.com If you like to hire a short project, there's a hires button right at the top Which includes consulting for network engineering If you'd like to support this channel other ways There's a few links down below to get your deals and discounts on products and services We talk about on this channel Now the first thing I want to do is take it apart because I like to see what's inside things I know a lot of you do as well. It comes apart relatively easy There's just these few screws that hold it in so there's not too much to remove I did remove the little side plate here where the usb are because it makes it a little bit easier to do this You just tilt and it comes right out the case itself really simple Not much there plastic, but the industrial design of this is really nice The gaps on the sides you see here are to facilitate cooling If you look at an angle here, you'll see where the gaps are in terms of when it's setting flush It actually isn't flush. It has this kind of air gap right here to allow the heat to flow out and around the device Matter of fact around is as I said when you look at it from an overhead view Why it kind of has this shape right here the heat can go here here and the perforations all throughout the Case itself allows for that to occur now It does have and this is covered under a plate when it's in the case It's removable so you do not have to take it apart to get to this dual sim slots connected to the m2 And this is one of those things that's highlighted in the netgate video And all the reasons I suggest you watch it is just because it has some of these extra slots and these sim slots doesn't Automatically mean as of right now august of 2021 it fully supports things like lte They have some future plans for this, but not everything is supported So you can't just willy-nilly plug whatever you want in here and hope it works You have to go wait for official netgate support to tell you what is exactly supported on here That is discussed in that netgate video a little bit more depth So I do encourage you watch the netgate video that is on their site I'll leave a link to that as well now as far as other ports We do have usb 3 that is on the side here along with a power and reset button And then we'll come over to the one serviceable part inside Which is going to be the battery in there outside of the battery if it's not officially supportive on netgate Just because these slots as I said, they're not necessarily something you need to service or plug anything into Now let's cover the ports themselves Starting at the end here. We have the sysco console port and it is also above a micro usb You can use either or so if you have the sysco cable That's great. If you have a micro usb you can use that too pretty simple the combo ports These are interesting because they are automatic sensing combo ports So these act as one physical discreet port inside a pf sense when two does the same and it determines whichever medium You have plugged in so you can provide sfp one gig or rg 45 one gig and it will automatically Determine which one's plugged in it is not designed to use both of these simultaneously This is one port here labeled as wan, but of course can be reassigned This one's labeled as wan 2 but of course can be reassigned and does the same thing In the middle is where we have the two 10 gig ports labeled wan 3 and wan 4 once again fully reassignable discreet ports And do support sfp plus 10 gig connections on here But as I stated earlier in a video these are not supported So the rj 45s although you may find some that work You won't find official support for these these were designed to use either fiber or a Twin x DAC style cable inside of here both passive or active DAC will work in these Then we have the lan lan 1 2 3 and 4 and no these are not a switch port These are discreet individual ports. They are two and a half gig and can be reassigned to however you like So despite what the social screen says feel free to assign these in any combination of lan wan or other option ports for different network segments that you want They are not configured at all out of the box as a switch and there's no special Vlan configuration you have to do on the back end to get these to be discreet ports They're just out of the box default discreet ports And then we have this barrel connector on the end here And the nice thing about these type of connectors is they screw in so when you put the power on it right this And tighten it. It's really solid and you're not going to be able to easily pull out the power on this particular device So you can see and I don't recommend you try this at home. But yes, you can hold the device from it Um, this is probably not officially endorsed at all by neck eight to do this But i'm just pointing out the fact that yeah, I like these barrel connectors are really solid They keep you from accidentally unplugging the firewall and making people really unhappy Now let's take a look here on the neck eight website We have the pre-order still on here depending on when you're watching this This is august the end of august 2021 But depending on where the supply chain issues are and hopefully you're watching this in the future We're supplying the chain issues have all been resolved And there's no longer problems, but they are shipping these devices out right now We have the eight gig base model with 16 gigs of storage for 699 or the max which is eight gigs and 120 gig of storage Do you need the extra storage? Yeah, it kind of depends if you'd like to store a few pcat files or lots of logs on the system If not, the 16 gig may be perfectly fine for your needs They also do have and I do not have one here to demo But it is in the video that we'll talk about the second a wall mount kit for 2499 Then they have the pricing for different support options Then they have this video right here is what I mentioned, which is also linked down below It is the official video from neck eight on their product. They talk a lot of details Like said highly worth watching now scroll down here And they have all the marketing and all the different advertising stuff and they do their own testing So they do accurately tell you how fast it can route at we're going to dive into Some of the finer details of that because there's the broader overview of yes It can route at 10 gig and enters the details of what that actually looks like And they have the hardware specifications all right here It is based on the intel adam c 3358 with qat. It's a four core 2.2 gigahertz processor And just like we showed all the physical ports and the onboard if you go with the 16 gig model is the onboard 16 emc soldered onto the board But then they have the upgrade option with the max for the 128 gig mvme and then we have the 8 gig ddr 4 plenty of memory for a firewall They don't need a ton of memory to work. They're not running a desktop environment or anything Intensive they're not running a browser with a bunch of tabs open. They just route traffic Then they have the physical ports listed The leds the enclosure the passive cooling and the different power options that are on there Now one good thing I like overall about neck eight and pf sense is solid documentation Not just on how to use pf sense, but each of their physical appliances does have a nice page that breaks down features And of course has the ability to download it as a pdf That's important for the reason they see here before we get started We recommend downloading the pdf version in case you lose internet access. Yes, this will help you quite a bit if you are diving into Changing your wan settings and you lose internet access and you want to still reference some annual That's actually a nice feature they have on there. Uh, and of course I'll leave a link to this They have all the initial configurations input outputs lots of little details and there's some of the things I covered right here It covers exactly how each of these work including the support for different modules They have for the sfp ports. They also have a picture here of the neck eight 6100 wall mount what it would look like if you wanted to wall mount this instead So that is a kit that they offer on here, uh to Wall mount it. I don't have that kit, but this is what it looks like pretty simple It's something you order from their site now on to the pf sense setup itself because I wanted to show some testing and scenarios And of course show the interface assignments The interface assignments out of the box as I said silk screened on there and Matching inside of the default setup in pf sense are going to be wan wan two Wan three wan four and then land one through four as well But you can reassign me So I wanted to use the 10 gig in this particular demo So we called this one wan three 10 gig normally just labeled wan with the numeric three But we decided to name it this and then for the land side. I called it was wan four now land 10 g so it's the 10 gig land like I said These are reassignable and give them whatever descriptions you want when you're setting these up and the same goes for the other interfaces These are all reassignable to however you want their individual discreet ports They do not have is the 7100 for example had the different vlan where they're split in the back end In a certain way to a shared chip on the back. None of that. No special just standard ports on this system All right now configuration wise. I did load suricada in here because the question is can it route at 10 gig Yes, as the net gate tests show. Yes, it can do really fast routing How does that work when you have a device behind it and a device in front of it as in Something on the wan network that's at 10 gig and I did not get to test 10 gig at my house So that's still labeled my home here, but I do all the 10 gig testing here at the office So we don't have a 10 gig internet connection But we're going to simulate a 10 gig connection And so we have a device that is able to do 10 gig it's plugged into the 10 gig side of this So we have this at 10 13 37 109 and we're going to connect To a device behind the firewall connected through the WAN port then through the LAN port then over to this Debian virtual machine All these are set up as virtual machines inside of my network here and you can see where I'm already getting The 10 gigs. I've been doing some testing with here. It has no problem doing 10 gig But let's talk about the parameters that get you 10 gig And that's this right here. So we have iperf 3 just standard testing But we've added this p 10 and then the client is 10 13 37 112 this particular machine is behind We'll show the network right here 172 1666 that puts it behind the LAN side of the pf sense firewall. So for this testing, that's how we're doing this But let's talk about the performance you get So even though suricada is running and I'm able to get the full 10 gig So that would immediately tell people that yes, this is great This will solve all my 10 gig problems. But this is where the buck comes in That is when I'm using the p 10 to split the stream up to split the flows up into a different Series of flows the way this works and this is a rabbit hole that goes way out of scope of this particular video Is the way kernels handle routing and when they handle it Each tcp stream has to be assembled hits a core and then gets sent back down This causes some limitations based on the processor in there for single stream routings If we change this back down to something like this where we take off these extra parameters The t is just for time, but the p is for splitting the streams up. You'll find that we're getting 2.6 gigs and this is just a limitation of this individual stream Generally speaking though, you're not getting individual streams when you're dealing with a 10 gig connection You're getting a whole lot of streams Actually, you have a lot of computers usually only connected at one gig or slower because they're connected on different Wi-Fi and different link speeds behind the firewall So even though the firewall is being fed with a 10 gig not any one person is going to want that 10 gig Pipe now if they do and if you do have a need in a data center where you Want 10 gig in and 10 gig out on a single stream You don't have to go with a different device with a faster processor And it contact neck gates. They also discuss the details of your specific configuration This is one of those buts as I said that being said if we have this device and actually let's go ahead and add the dash t 60 to run this run for 60 seconds in the background right here And we'll go to a windows machine Which you can see is normally getting about 2.2 gigs as well because this is just livery speed set up on a server I have here It's able to simultaneously get this 2 gig speed while this is getting this a little over 2 gig speed This is the important thing about how this works So individually each of these devices is able to get plenty of bandwidth to them provided that they're connected Pipe fast enough, but of course this comes down to the stream splitting and those details It's not as real-world use case doing single stream But for those of you that do these raw tests like this if you're wondering what's happening That's what's happening when you're running them as soon as we break this up and add that dash P capital P And we put in 10 for 10 stream It has no problem getting Gotta fix the There we go Hey, look we're back at the 10 gig connection Matter of fact, it can handle a lot more than just 10. So let's put 80 streams like this. So it's dash t Now we've broke it out into even more streams and we're still able to get this across 80 streams Now the number streams gets exponential as you have more devices connected But you can see here it's able to keep doing this Matter of fact, actually we'll Put it doing this and go back over here We can see the processor getting loaded up because we have things like sericata inspecting traffic So if we go over here to sericata And by the way, the system is still quite responsive even though we've loaded up the processor It's doing inspection right here. It's probably creating a few alerts because I have windows behind it So it's saying hey, there's all kinds of stuff going on. So yes, it's doing the inspection. Yes, it's working Yes, the processor is getting pushed a little bit And if we jump over to something like the system status monitoring, you can see the different tests I've been doing and uh, you can Choose it by traffic by system This system still responsive all this is running in the background. We'll kick it off again just to show So this is running matter of fact actually control c Let's go ahead and say 600 seconds just keep this running while i'm doing this or why not also kick off a Windows test let them all fight for bandwidth in the background here. So this is actually going to go slower because It's now fighting for bandwidth with this which is fighting for bandwidth And uh, let's see how that loads up the system update the graphs Update it to processor. Yep, we're certainly see a little rise in processor usage But the system is completely responsive and completely functional while it's doing all of this. So yes, it can wrap 10 gig But no in a single stream you're going to run into a few problems I just want to cover that as a detail other than that everything else is pf sense Like it is usually it's the same pf sense software I've covered in many other videos, which I'll leave a whole link to a playlist down below to All kinds of different scenarios I have for setting up pf sense final thoughts on the device I think it's great. I haven't had any problems with it the testing I did at home The testing I did here. We didn't run into any weird issues The only complaint I really have is as I said in beginning the silk screening of labeling them all land and land which creates To me, I don't know if it solves more questions from people wondering if they can be assigned that or creates more That's really probably neck gate. I just know the comments I see from people of going Well, can I reassign it? It's labeled when yes, you can no big deal there It's a it's a silly debate, but it's such a minor thing. It's not something that I would say Oh, don't buy a product that has silk training. That's Controversial hopefully if you're someone deploying these you're looking well beyond the silk training and diving into pf sense a little bit deeper I will leave link below my playlist of all the different pf sense videos I've done to talk about a lot of different scenarios configurations and setups And uh, I don't have any affiliate links. I said at the beginning of the video So if you'd like to bring one of these reach out to neck gate if you're looking for a 10 gig solution And which one is the best one that's also kind of a reach out to neck gate thing They have a sales department that'll handle that Tom Tom says hi That's about my as much of affiliate, but they won't give you any discount for that because I have no discount or offer codes Once again, I'll leave links to everything I talked about in the videos and thanks And for a more in-depth discussion head over to my forums where you can find me or hit me up on twitter I'm pretty easy to interact with if you have questions comments concerns or just leave them below I try to read and reply to all the comments in these videos. Thanks And thank you for making it to the end of this video if you enjoyed this content Please give it a thumbs up if you like to see more content from this channel Hit the subscribe button and the bell icon to hire a sure project head over to laurance systems.com And click on the hires button right at the top to help this channel out in other ways There's a join button here for youtube and a patreon page where your support is greatly appreciated For deals discounts and offers check out our affiliate links in the descriptions of all of our videos Including a link to our shirt store where we have a wide variety of shirts and new designs come out Well randomly so check back frequently And finally our forums forums.laurancesystems.com is where you can have a more in-depth discussion about this video and other tech topics covered on this channel Thank you again, and we look forward to hearing from you in the meantime check out some of our other videos