 Time here for more systems and I have in my hand a Neckgate 4100. Okay, there's two things in my hand. The other one's a 6100 and that's one of the first things I wanted to mention and the 4100 is using essentially the same chassis as the 6100. Still has the big heat sink on the bottom. It just has different processor, different ports on the back, but the top plastic piece is identical. Hence you can't tell which one I'm holding until I flip them over. In case you're wondering what the blue tape is, when things are in our lab, occasionally we'll put a piece of blue tape and write the IP addresses on there just to be clear because there's a lot of ports. On these ports, the first thing I want to mention is yes, these are all discrete ports, more on that later, but these are not switched. These are not with a VLAN or anything like that, anything special like some of the other Neckgate devices have had. Makes it really easy. It does have a couple combo ports that it's either or, but like I said, we'll cover that later. Now, the heat sink being on the bottom has not bothered me, but I know some people, well, they're like, they don't like that design. I actually think it's pretty cool. My only complaint, so too long didn't watch, this is a great device, with the minor complaint that they call these all LAN and these all WAN, but they are completely reassignable. You could make any of these four ports the WAN and these ports over here can be LAN if you want. So that completely is reconfigurable. Now, Folder's Closure up front. This video is not sponsored by or endorsed by or was reviewed by Neckgate prior to publish, but they did send me this device for review. I've had it for about two weeks. We've been testing it in our lab and I get to keep it. So there's all my Folder's Closure up front of this particular video. Before we dive into the details of this, let's first, are you an individual or company looking for support on a network engineering storage or virtualization project? Is your company or internal IT team looking for someone to proactively monitor your system security or offer strategic guidance to keep your IT systems operating smoothly? Not only would we love to help consulting your project, we also offer fully managed or co-managed IT service plans for businesses in need of IT administration or IT teams in need of additional support. With our expert install team, we can also assist you with all of your structured cabling and Wi-Fi planning projects. If any of this piques your interest, fill out our hire us form at laurancesystems.com so we can start crafting a solution that works for you. If you're not interested in hiring us, but you're looking for other ways you want to support this channel, there's affiliate links down below to get your deals and discounts on products and services we talk about on this channel. And now back to our content. Now the first place I wanted to start and address immediately is going to be where this fits in a lineup and of course the price. You can't ignore prices here in April of 2022. And the challenge comes down to supply chain. I know everyone is undoubtedly as I am sick of hearing it, but it is still a imbalance in the supply chain with the components that you use to manufacture things going up in cost because demands are higher than the ability to supply them. Therefore the limited supply costs more. And here we are with things that cost more money. This is not just a net gate or just a networking gear problem, of course, anyone who's into PC gaming is well, not real thrilled about the current status of video cards. Although they're finally starting to come down anywhere you look in the different tech supply chain, especially towards the enterprise or chip markets that have to drive the manufacturer of these devices, you're going to see higher prices. This is not some excuse. This is just the facts of where we are. Unless you're watching this in a future where the supply chain has come back in balance and the prices have gone lower and everybody's happy. All right, I just wanted to adjust that in everyone's aware of it. Now the current lineup, we have the net gate 1100 and 2100, which are your arm based devices. I like these devices. We've recommended them a lot. The 3100 has since reached end of life. It's no longer available. They well, I imagine it couldn't get parts for anymore. I were to speculate on that particular topic. Now back to the 4100 and 6100. Some of the higher end models that they have right here and the 599 price tag and the 799. Where's the difference in which one should you go with is where people are going to be asking. I like these for the home users, these 189 and 349, but this is going to be more that small business office replacement for the 3100. And for that couple of hundred dollars, you still got a really good system here. Now we'll scroll right down here. I already mentioned that they're the same size. You're only going to get four gigs of RAM with the 4100 versus the eight gigs of RAM, but they both have Intel processors or both x86. They both have QAT and AES and I acceleration. There is only two cores available in the 4100 versus the four cores you're going to get with the 6100 storage wise, 16 gig EMMC upgradable to 128 NVMe. Now I don't really feel the need to upgrade most of the time. I mean, the reason you want to is often because you want more logging and you want more storage for there. Well, I frequently offload to a third party log server. Now, obviously third party log server setup is more money than buying just an extended drive to store a little more on. So the choice is really up to you and how you manage things, but just let you know the options there. Scroll down a little further and the port differences. Obviously if you need 10 gig, you're going to have to go with the 6100, but with the 4100, you have four, two and a half gig individual ports. These are not on some type of special switch VLAN or anything like some of the other neck eight devices such as a 7100 that I reviewed before. And these are individual discreet direct ports as in you can assign each one of them as needed. So you have the four, two and a half gig ports and you have the two one gig RJ45 ports. Now RJ45, but they're comboed with SFP, but not SFP plus cages, which means if you have a handoff from your ISP that will come as a fiber, for example, you could use the module in there or a DAC cable in there. And this would allow you to plug into that port and take a fiber handoff. Now these are labeled when on the box itself and they are labeled LAN for the two and a half gig, but they're completely reassignable. You can use the two and a half gig for when, if you'd like, you can use the one gig RJ45 or SFP for a LAN because every one of these are completely assignable. Now they come out of the box programmed and set up to be when and land, but as I said, those are completely up to you. Now this did require some clarification. I did reach out and talk to the neck gate engineers to do the testing to confirm the layer three forwarding and how they came up with the numbers just out of curiosity. That answer was really simple. They bonded all the ports together to come up with the maximum routing. Now it's nice to know that the system can route that fast, but to be honest, it's maybe not the most real world usage that you, the consumer buying this product is likely to use. I usually don't bond all the ports together, but it's nice to know that you can and it does have some potential really fast speed. This is also that weird myth that people think you need a really faster than an atom processor to be able to move high amounts of data. And when it comes to basic layer three forwarding, that's not the case. Even with iMix traffic, which I perf is single stream, more basic testing traffic versus iMix is more realistic tile traffic is in varieties of traffic that would traverse a network. You're going to get a little bit slower at 3.24 gigabits per second. Still not bad. Now that's forwarding. This is firewall. When you have a lot of firewall rules, there is a cost to those firewall rules, processing and parsing them because now you're assigning how the packets will travel based on certain rules. So with the I perf three traffic that goes down to 4.09 gigs and the iMix traffic of 1.4 gigs with the firewall rules. Let me go down here to IP sec VPN specifically using AES GCM 128 with QAT and we get an I perf speed of 960 not bad. I mixed traffic of 312 and I'll mention here, they did not do a open VPN test. They have listed here or a wire guard test, but I have them later in the video and everything's time index. You want to jump to that part there, but I will show the differences for doing it with some different ciphers for those tests. Now, before we can do the testing, we have to talk about how this is configured. So people are very clear on this and how my methodologies are for testing. I have my computer at 172 1616.9 connected to a switch connected to the WAN port of the 4100. The WAN IP addresses 172 161641. So this is, you know, pretty much direct connection. These are all one gig connections. Then on the other side on LAN, we have the windows computer that I have set up for this particular demo at 192 168 66.103 and the LAN gateway on the 4100 being 192 168 66.1. Pretty straightforward, really basic connection here. And we're going to be going with a wire guard tunnel through the switch to the PF sense and right here. Now I've already tested. I know it works at full line speed without the VPNs and I'm don't need a fast to the one gig connection to do this demo because the VPNs, well, they can't exceed in this particular test the line speeds are a little bit slower than so that's not my limitation. It's really going to come down to the processor on it. All right. And let's talk about how we have this PF sense system configured. We do have open VPN running and we have wire guard running. So I want to test both of these VPNs. As I said, we already know what speed this can route at. It is accurate per what net gate said for its total routing speed. But the VPN speed is usually what people start wanting to know. I also took this machine and loaded it up with a few different services, which do include Sericata and PF blocker along with N top PNG. The one that's actually the most taxing is going to be N top PNG. So I put it on here so we can show that it's running, that it is using this, but that is definitely where it's not necessarily with a system of this power, not the greatest thing to run, we'll just throw it out there. This is going to be pretty taxing on this. And it's going to scale with the number of clients you have behind it. It's going to scale with the amount of traffic you have going through here. So this can be a little bit intensive. And we'll show you the speed difference just in wire guard of running it versus not running it. And you'll kind of get the idea what I'm talking about here. Same thing with Sericata. Sericata is stream based. So for each stream, it has to analyze the amount of power it takes to process that stream goes up exponentially. So it's not about necessarily the speeds you get in the IPer performance tuning I'll be doing here. It is the overall, what happens when you have 200 clients behind it, that each have a series of connections, a series of streams for it to analyze. That's where you may notice a little bit more challenging and a little bit more processor usage out Sericata. But for basic testing, I wanted to get this part out of the way and show you how this works. So here we have, and go back over to my computers, it's already connected. We can say WG quick up and get the tunnel set up. So then we see sudo WG show. Then we can see the peer, the handshake, you can see the endpoint, the 172 1641, the internal connections it has. Then we're going to talk to that windows computer using IPer to see what type of speed we can get. Now this is with all the things I mentioned running. And we're getting about 855 830 856, it's going to vary a little bit. And if we actually repeat the test a couple of times, sometimes you might see a little bit slower. These appear to be some of the right catching up. There we go. Now we're down to like 745 750. This comes from end top PNG running. So it's really fast, but over long sustained times when you're pushing a lot of power through it. And then it's got to also take time to write out all the data from end top PNG. Yes, there's a cost to that essentially, doing that information exchange is going through the processor and top trying to log it. It's trying to write to the drive and you're pushing the processor to its limits using wire guards. It's a, you know, good protocol to get a lot of VPN speed. So let's go back over here to status and top PNG again. Oh, sheet. I'm sorry. Diagnostics settings. I'm going to turn it off here. Hit save. So that'll stop the service from running. And now we'll switch back and run the test a couple more times for this here. I perf again. And as that process such down, it's going to be some variation, but you'll notice over time, it'll probably get a little bit faster if I run this one more time after this. And we'll start getting back into those little bit higher speeds. This is where you're going to have little bits of variables, even though I purpose a single stream. Oh, actually, we can actually make hyper if we used a dash P say 20 streams across. Going to process a little bit different, but through those multiple streams. Now we're hitting about 850, 852. So we got 845 out of that one. Let's go ahead and just bring it back to single stream. Still back in 800s here. And it'll start seeing consistently here. It's probably still winding down some of the services and shutting down end top in the background. Now that and tops done the right stun for it. You can see a pretty consistent very high speed out of warrior guard on here. Now the next test I want to do, of course, is going to be with open VPN, because open VPN still is really popular and well, pretty much the most popular VPN when it comes to end user setup, because well, there's no user manager when you're dealing with wire guard. So we're going to go ahead and down this tunnel. And then we will sudo open VPN. And it is connected. Now let's go over here. And we're going to go to VPN. Open VPN. Check the status page. And you see that I've connected and I'm using the cha cha poly 1305 cipher. Now I want to point out the cipher I'm using because yes, this does have and it's under system. And we're going to go back over here and advanced miscellaneous and we do have Intel quick assist on here, which is not going to accelerate the cha cha poly. This is a different protocol. This is a CPU intensive protocol, but also a very fast one. It is actually the back end protocol that's used in wire guard as well. Go back over here and do the test. And the open VPN implementation of this right now will get us about 214, 208, so a little bit over the 200 bags per second. Not bad. You're going to see dips once in a while, maybe processor catching up, but still a reasonable VPN speed for open VPN on this. Now let's go ahead and do another test because QAT and this does support AES and I, and let's see if that's going to be any faster. And the way you change the algorithm first, if you're an open VPN, we're going to go over here to VPN, open VPN, edit, and you'll see that I have both of these algorithms as options. So I can choose either or. So go back over here and you can see the first one it should try is cha cha poly, then it says AES 256. So we're just going to head and delete this. And we're going to tell it to connect with this protocol and let's see if there's a bunch of a speed difference there. So open VPN again, and we'll go back over into the status page. And now we see we've connected with the AES GCM and we'll do the test again, see if there's much of a speed difference here. And it's just a little bit faster, but not that much. Well, then it went down. So let's see what our averages are. And 215 versus 205. Let's run that again. See if we get about the same speed again, and ever so slightly faster. So the acceleration probably helps a bit with the protocol, but it's not night and day. You're not doubling the speed. We got 213, 215. And if we scroll up here, we were at like 205 and 205 twice with the cha cha poly. So it probably is better to run the AES one, you're going to get a little bit more speed out of it. But for those that are always asking this question of which one's faster, or doesn't it help having this acceleration? It's not a night and day. It is not doubling your speed. It is a marginal increase, which is, Hey, any increase is great. I'm not knocking it. I'm just pointing out that the differences aren't as dramatic as people may think they are. And or as the salesperson in brochures may have said, because there's sometimes people who will refer back to the bragging of any new technology by the people producing it of how it's going to be revolutionary and breathtakingly faster, but then sometimes reality sets in. And that's why we're doing these tests because we like to look at things from a reality standpoint. Now, there's not much to see on the bottom of this. So we're going to focus on just what's on the back. So bottom of it's basically a big heat sink. We have our four ports labeled land, which I wish they weren't because they can actually be converted to WAN. It's just a matter of setting them up inside a PF sense. So these four ports are all discrete individual, not a actual switch port. So plugging these in have to be configured individually, not grouped together. That is not how they are set up out of the box. There is ways to bridge ports together, not a recommended solution, but you could. Ideally you're going to plug each one of these into its own place for a different switch or devices you want to plug into it. Then we have our WAN ports over here. Now these ports are two and a half gig on this side, but we only get one gig on this side. So mentioning as I did in a speed test, you can combine these ports together to get faster speeds. You can combine these ports together to get faster speeds, but of note, these are combo ports. You can use the SFP cage to get one gig or you can use the RG45 port to get one gig, but not both of these ports at the same time. Same thing with this. This is a combo port as well. The one port you see on the end over here is the console port. And then we also have a USB console port as well. So that's really it for the hardware from a physical standpoint on the external. There's not really any serviceable parts on the inside, so I'm not going to open this particular unit up. I will mention though, I do really like these barrel connectors and it is the same type of screw-on barrel connector that we've seen on the 6100. They are nice and I certainly don't recommend doing this, but for those of us that are curious, yes, you can dangle this by its power cord. Well, CAN is not something recommended by the company. This is just something Tom did in a video. I wouldn't call Neckate if you broke it this way. I don't think that's probably covered under warranty, but hey, at least it did work in my video demo here. Probably not an intended use case though. So my final thoughts on the 4100. I think it's another good product from Neckate. I think the heatsink is almost overkill for this atom processor because no matter how much we load it up, it barely got warm. But you know, I don't mind overkill on something like that. It should have a long, healthy life running. The last few weeks of testing it has yielded no issues. It seems to work perfectly fine. I know everyone undoubtedly has left comments before this far in the video wishing it was cheaper. And yes, I wish the supply chain was in better shape so things were better priced, but it's not just this. It's, well, lots of things are a little bit overpriced right now because of the market. I'm not going to rant anymore about that. Take some time reading supply chain, scratch your head and go, oh, yeah, there's a lot of calamity of this going on at once. But back to the product here, I think it's a good add to the lineup. I will be deploying these to our businesses as those 3100s kind of age out, or we need new systems deployed. They're a solid device just like the other Neckate hardware. I've always had really good reliability with it. And yeah, I like PF senses if you didn't know that already by watching this video or seeing some of the other videos I have on it. So I'll leave links to my PF sense tutorials. I will probably do a few more demos, which just may end up as part of not necessarily anything more than just some testing because I still have plenty more PF sense tutorials to do and to get to because I still need to do a 2022 edition of PF sense that I haven't done yet as of the recording of this video. But for those wondering, yes, that's coming. All right, thanks and see you in the forums for more in depth discussion. And thank you for making it all the way to the end of this video. If you've enjoyed the content, please give us a thumbs up. If you would like to see more content from this channel, hit the subscribe button and the bell icon. If you like to hire a short project, head over to laurancesystems.com and click the hires button right at the top. To help this channel out in other ways, there's a join button here for YouTube and a Patreon page where your support is greatly appreciated. For deals, discounts and offers, check out our affiliate links in the description of all of our videos, including a link to our shirt store where we have a wide variety of shirts that we sell and designs come out well randomly. So check back frequently. And finally, our forums. Forums.LauranceSystems.com is where you can have a more in depth discussion about this video and other tech topics covered on this channel. Thanks again for watching and look forward to hearing from you.