 So let's talk about the NETGATE SG-1100 and I've been playing with it for a little while. It's an interesting little device. I really do like it, but I'm going to save you from watching the rest of this video. If you're that person, it goes, does this little $159 US box perform gigabit routing with full serocata, full IDF, PF blocker and everything turned on and I want to route gigabit VPN. Sorry. Doesn't do that. Turn a video off. Buy something else. We have an answer for you. I've had a few people send me some weird messages. I would love if we are at a point in technology where I can get gigabit at $159 with all said features enabled and all turned on. This box won't do it for you. I'm just going to throw it out there from the rip. We are going to talk about VPN speed. We'll talk about some of the other features and what it does route at. And they have this published on the site already. There's not any secrets here. I'll leave a link to the NETGATE blog where they talk about the different speed. It is a fast box. Don't get me wrong. But if you want gigabit and you want serocata and you want VPN, I'm sorry this box isn't going to do it. Even this box, which is a little bit more money and I've reviewed this one here. This is your SG-3100 has no problem at the gigabit speed but does only have about roughly 100 megs or so. I haven't tested it in a little while. I'll see if any of the driver updates have made it faster on open VPN routing. So this is the thing. Anytime you do any type of high end cryptographic encoding, decoding, which is how VPNs work to protect your secrets, they have to encode and decode them. That has a cost of processing power. That cost of processing power means you will have to buy something fast enough to process at the speed that you want. So those are the things you have to research but I figure I'll clear that up real quick. Cool wise though, comparing it to the SG-3100 to the SG-1100 here, not bad. It's a much smaller package. It's lighter. This has this big heat sink on the bottom. This does have a heat sink but it's covered up with plastic. We're going to take it apart in a second and show you what's inside. Power adapter. So I have them on the counter here. This is obviously a much bigger power brick when you have the NETGATE SGLE-3101. It's more wattage. Hence has more power. You can do some of those things faster that you might be looking for versus your standard little tiny baby wall adapter here. This is a really light weight. I think it's about 3.8 watts at idle in terms of wattage used. This is great for home users. I'm going to highly recommend it for that. So without further ado, let's get to the more exciting part where first we're going to take it apart and after we take it apart, then we'll dive into some of the speed test, VPN test and show you around on it. Now as far as software goes, it's PF-Sense so I'm not going to spend a ton on the operating system that runs it. It's not as relevant. It's the same PF-Sense on any of the other devices. Few noted differences in what that noted difference is. This is essentially a system on a chip and what that means is, and I'll show you when we get into the software, the VLANs are set up a little bit different because it has a series of VLANs to divide up the chips. The best way to describe it is you have a two and a half gig backplane. You have one gig physical ports on here. So your one gig physical ports are subdividing that two and a half gig backplane, giving you the potential to route gigabit between each of the individual ports but still divided out because of the way the backplane works. And that's actually the way other necking devices work as well. That does include this one. So they do have that as a design. That is documented but it does create some, if you're not familiar with it, but it's well documented, so RTFM, of how you set these up internally when you're, if you want to mess with the VLANs on these, real easy documentation, followed instructions on there as much as I'm going to talk about that. So let's pop these little rubber feet off and take it apart. Once you remove the four screws, as I said, we'll set three that are hidden by the little feet that are on the bottom. You get to see the heat sink. Now the heat sink in this, pretty, kind of beefy here. It's actually a pretty good size heat sink to dissipate the heat generated by this and you can see they use a little bit of heat sink paste and we have our chips right there. Now let's go ahead and pop this board out carefully without sticking my fingers in the goo and we'll flip it over. We do have a PCIe slot right here and we have some mystery jumpers that if I'm feeling ambitious, maybe in another video, I might mess with those. I don't know what they do. I did a little bit. I didn't see anything immediately jumping out at me to tell me whether or not they are some type of, what they do I should say. I just don't know. I don't know what options they can figure. But the board looks well put together, the solder and everything's really clean on it. I didn't get it out at all that made it look anything less than excellent manufacturing on this. So that made me happy. Looks like the, it says global scale on there so I guess it's probably the board manufacturer. I also noticed it looks like it maybe they have another version of this board that you could have a slot on here and maybe they have another version in the pipe. I don't know at all that would have self support and that would actually be kind of cool to have a small box like this and also have like a 4G or even in a future 5G backup on there. So just kind of novel. But right now to my knowledge, I don't know that you can do a USB style with the arm boards when it comes to some of the backup and failover. But the board in everything is like well compact into this box. It's all nice, well made plastic. It's really shiny. So yeah, other than that, not much else to talk about it with it. The other mystery chip that I don't know what it is. I'm going to surmise that this is the TPM module they talked about because this claims to have that first module that verifies that it's authentic PF sense software on here that is from the NetGate folks. And this is important because you don't want to have a firmware you got that was hijacked swapping things around or not having an official firmware on here because obviously that's kind of a security risk. I don't know how much of an attack it is. Obviously, I always update mine directly from PF sense. So I always, if I buy these from PF sense, I'm always using their updates. So it's neat. This is the first device that's had it on here. I don't know what all that means because they've been kind of vague about it other than it's to trust and verify that their system. If they would love to enlighten me, I would be more than happy. But hopefully they will enlighten all of us with a blog post or something like that. But this fits in there well. It doesn't wobble around. So it sits nice and tight. We're just going to put it back together and get to the important part where we talk about how fast does this thing go and what features does it have. So let me put these screws back in. All right. So we have the device all set up, configured. I loaded PF blocker on here, which is something most people will probably want to do. Great for syncing ads and things like that. I've got a video and tutorial on how to do that. I've loaded open VPN on here because people want to know the VPN performance. How fast is the VPN? Completely fair question. We're going to test that. And of course, how fast does it route? So we're going to cover that, too. First, let's just look real quick at the configuration here. We have a WAN address of 192.168.50.169. So that is the WAN side. This black cable is what's going to the WAN side. Then on the LAN side, we left it at the default 192.168.11 network completely stocked there. And then we added the open VPN client export. And then I added a PF blocker. And like I said, that's the only configuration changes I made. Other than opening up the ports needed to make those things work. So it's pretty much stock. But let's first show you real quick that little bit of confusion that maybe some people have about how the Marvel chip works and how the VLANs work. And like I said, refer to the documentation to understand it a little better. But this is how the VLAN is divided up. Because when you have the default VLAN group zero, VLAN tag one, that is the two and a half gig backplane. And then it's subdivided to VLANs 4090, 4091, 4092. Now those are statically set and you cannot change them. Those VLANs are so you can divide up the chip on this device into its separate segmented networks. So that's just a little side note to its functional design. There's documentation on here. And yes, it does support more VLANs. Yes, it supports more settings. But you can't reuse. So if you have some reason that you have to have 4090, 4091, 4092, and your VLAN tagging, those are reserved for the system on a chip as far as I understand. So just a little side note, I want to make sure you're aware of that. Other than that, there's nothing else special from here on out. It's all just normal PF sense. Now the first thing you're going to notice as I'm flipping through here is even loading the front page of this, this thing's fast. This DDR4 memory and this Marvel chip are no joke. I'm really impressed with how fast it loads the packages. It even was reasonably fast downloading the packages for PF Blocker, which by the way has to expand all those block lists for the ads. Anyways, back to the topic of this. Let's show the speed test. So I wanted to get right into that. So as I stated, don't do it one more time because people have a lot of confusion. The server is just plugged into a switch that this is going to be attaching to. I use IPER for all my testing. It's a really common, open source, easy to use testing suite. So all of the testing is going to be going from this particular laptop via this one little green cable I have right here to the NetGate box. Then out of the NetGate box into another switch and attaching that switch is another Linux server. I have tested plugging this directly into my computer and I have no problem getting full gigabit speed. So the only thing doing the routing right now is going to be this. So there's nothing else in between other than these switches, but there's no more routing besides that. And I bring that up because it's really important to understand that it is passing through the NetGate device. There's always some people asking, well, does it really pass through the NetGate device? I'm like, yes, I'm not testing it on the same land. It goes through the NetGate over to the server. I just want to make sure that's super clear. Now, here is the IPER test. We're going to connect to that server. That's 192.168.50.166. And the WAN on this is 169. So we're going to go out from the laptop and over to this. And we're seeing about 746.693. It's bouncing back and forth. But we're getting in that 700 mega second range for these. Now, that's important because we're getting it there with TCP. It seems to go a little bit faster for UDP. And I bring that up because a lot of the protocols are going to be trans, going across this, transporting across this, are going to be UDP. And I say that because referred to my quick video, QIC. A lot of the internet is moving to QIC because it compresses better. It handles better. So this actually seems to go just a little bit faster with UDP traffic, so we're going to run this here. Now, you're seeing 900 megs a second. But by the way, it's dropping some of the packets. So I forced it to try to get to a higher speed. I know it's losing a little bit of the packets. So it lost about 24%. So it's still maybe a little bit faster than the 700s, like 750 to 800, it looks like. Might be more of the line speed on there. Just so you know, it will do UDP slightly faster. Now, I also have an OpenVPN client attached to this. And this is the IP 192.168.70.2. That is another computer I have on the other side of the network, VPN back into this. So what we're going to do, it's running IPrf server on its given IP address, the 70.2. So now we're going to IPrf to that and see how it performs with OpenVPN. And I'm using OPVN.IPsec. The IPsec performance should be better than the OpenVPN performance. I don't, I mean, maybe you're using this for some IPsec because it's public to public. But a lot of the questions I have are usually around OpenVPN and OpenVPN because it's popular for different tools that you use such as PIA. Offer a link below on them if you want to sign up for a PIA VPN. And PIA VPN will, you could set that to route so you could tunnel all of your traffic through there but the limitation is going to be how fast can this route. So let's go ahead and test that real quick. So we're just going to do a standard TCP routing IPrf-c19216870.2 And I'm pretty impressed here. This is able to route. We're going to get a total here at the end. About a 123 mega second average. So that's actually quite fast. Now as I understand, and I'm not an engineer but I've seen this in the decade forums and they do not have at present a crypto chip on here fully supported. So that is going to be a support they're adding to this later with drivers. Also by the way, these drivers are really new in the BSD world so there's going to be undoubtedly improvements on them. So what I tested at today, it may get faster. So if this meets your needs today, awesome. And if we're lucky we'll get some drivers that will meet your needs for tomorrow. So it will possibly reach line speed which it's really close to it now. So if you have like I do at home I have a 300 meg connection at home and this is actually a destined for my house. It's what I'm going to be using because it's nice and cute and small and has PF blocker and I don't really need many more performance than that. I do like to add blocking features in there. So this is going to end up being my home device. That's why I set it up as many home users will. So this should be fine for most home users like I said but if you have your blessed enough to have gigabit routing at home, awesome. You may want to go with something a little bit faster if that's really something that matters to you. And like I said, to step up a little bit more to the SG-3100 and you're back up to line speed. Now the last thing I want to show you is what happens to this when you're downloading a torrent. So I'm downloading Tails which is a Linux distro for the Tor project but the reason I'm doing a torrent as opposed to another test is because torrenting is very, very taxing on firewalls and this is no exception of this. One of the things about torrenting is there's a lot of state tables that pop up because there's so many connections going on with the torrent but this handled that fine. So this is an important thing that even if a firewall can route really fast there is the older firewalls that use to run into problems where they had trouble if you ran a torrent or even playing games. Cause once you started playing a game and there's too many streams going on it can't handle this. This seems to have no problems at all handling torrent traffic, handling that and that's all the different state tables involved in tracking it. Now this is one of those features about PF Sense that I really like and what's made it always to be a really solid firewall is its ability to handle a lot of different sessions even if it's all compacted down to a small arm package. When even we tested a long time ago the SG-1000, the very first model I remember seeing that they had of this arm basis it was able to handle quite a bit. I know it wasn't near as fast as this that's been a number of years. And they've come a real long way so that's important though that it did that that Torrent took no time at all to download and does it have a statistic on here? Yeah it's only took less than two minutes to download 1.2 gigs. And like I said that's important because of the number of streams involved in downloading that. That makes a big difference so it didn't have any problems. It does make the CPU usage go up a little but it never pinned it even downloading torrent. So that's kind of one little test that I like to run when I'm testing the firewalls. All right now as the final piece of this video is testing it at home and this is installed at my house. You see the local IP address here because I'm logged in via open VPN from my office to home. No problems doing that. Everything works just like it does in any version of PF Sense. So that's one nice thing. Just because it's running on ARM I didn't see anything different about it that with any x86 PF senses that we use in case anyone's wondering. But the two CPUs are idling for the most part. So state tables pretty low. I don't have that much going on at my house but when I've played video games or had more torrents running than what you guys seen in the demo here it handled it very smooth. I didn't have any issues with that. Also for the memory usage with PF Blocker set up running with all the ad blocking, blah, blah, blah. No problems. It's sitting at 13% memory usage. So I'm actually happy with how efficient all of that is. And it's very responsive in terms of DNS speed and things like that. Also traffic shaping is turned on. So if you go over here firewall and we go over here to graphic shaper, limiters. I'm using the CattleQ to do it. I didn't bother with any specific traffic shaping but it's supported in this. So if you need traffic shaping this box does do that. But I think it's a great buy. At only 159 bucks that's really easy less expensive way to get into PF Sense. So if you're trying to think about building one it's hard to build something that's this fast at that price point. I know you could find something used. I know you could slap something together but this is to me a really good price for that. And I know someone's gonna point out that you can find some device out there by some other company that will do less than $100 and can do gigabit routing but you're not gonna get all the features you get with PF Sense. So in terms of the extensibility of the PF Sense software and all the advanced networking features that come with it it's really impressive. They packed a lot of that into a box that's only 159 and it's officially from them. So if you want to buy it head or to their website it's not something I have any affiliate links or offer for I review these on my own. They did not send it to me. I purchased this device myself. So it's the same purchase price that you'll pay to. I paid $159 plus shipping for it. So that may vary with wherever you are if you're over in Europe, UK, EU. You have to check for local dealers for pricing and things that but I'm not an official PF Sense dealer so I did buy this on my own review it because I like and trust the product not because they paid me but if they wanna pay me that would be biased so that's why I'm not looking for them to pay me. Can you see anyone's wondering about that or my affiliation with them? So I think I like their product, we trust their product that's why we like that's why I review their product. So all right, take care and if you wanna carry on the discussion feel free to head over to the forums, thanks. Thanks for watching. If you liked this video, give it a thumbs up if you wanna subscribe to this channel to see more content hit that subscribe button and the bell icon and maybe YouTube will send you a notice when we post. If you wanna hire us for a project that you've seen or discussed in this video head over to launchsystems.com where we offer both business IT services and consulting services and are excited to help you with whatever project you wanna throw at us. Also, if you wanna carry on the discussion further head over to forums.laurancesystems.com where we can keep the conversation going and if you wanna help the channel out in other ways we offer affiliate links below which offer discounts for you and a small cut for us that does help fund this channel. And once again, thanks again for watching this video and see you next time.