 I have the NetGate SG-5100. Now for all the bottles I have reviewed, all the way down to this thing, which I still love the anodized red metal on it, this is the SG-1000 I reviewed several years ago, to all the way to the SG-7100 I reviewed, I've never reviewed this specific model, and we have installed a few of these. So kind of the process for those of you that don't know or are new to the channel is as products come through that we're deploying at clients, they stop here on this table and get reviewed and part of a YouTube video frequently that then we deploy them. I've never had one pass through here that either had time to put on a table or when clients bought things directly and we did a remote job setting up for clients, I never really got this to, got to take the time to review this particular model, not here in the studio. But we have used them. Now the nice thing about the 5100 compared to some of the other models is we have IGB-0, IGB-1, and then IX-0 through IX-3. It has six logical ports. It does not use like the 7100, 3100, 1100, a few other models have where you're splitting up with a back-end VLAN to split the system on a chip to create the logical ports. I've covered that in another video where when you're dealing with the switch ports on there, how they have their own back-end VLAN that you have to tag them, none of that is needed for this. There are all one-gig ports on the 5100. So let's dive into the specs right here. So over to their website, this is the firewall appliance 5100. You buy it directly from NetGate. It is a Intel C3558 at 2.2 GHz, four gigs of DDR4 RAM, like I said, six ports. The first set of them, the 4X GBE RJ45s, the IX ones, are going to be the Intel system on a chip and then the other ones are like an add-on Intel i2-10 cards in there. Two USB 3 ports, passively cooled, no fans in this thing, and uses 7 watts of idle. Now I want to point out one of the important things that this has with that atom chip is the Intel AES instructions. A lot of people ask about the speed, what processor do I need, and you may have noticed if you look up this, and I'll save you the trouble, if you're looking at the raw compute power on Passmark, 2538 for that chip. Just not super fast, but this can do line speed, gigabit, routing. Because routing doesn't take a massive amount of compute power, but AES and I is important because if you want to do open VPN on this, you're going to need that level of crypto support. So that's what's important when you're setting this up. I'm not going to get in depth on this because I just don't have the knowledge of it, but this device is the base model that supports the TNSR. TNSR is vector packet routing, it is not PF sense, but it is another product from NETGate. Maybe at some point when I dig further into it, I'll understand it. They have a lot of information on their site for it, but it is a separate product, different than PF sense altogether. To my knowledge, it doesn't even have a web interface, it's all command line driven, but the concept behind in the use case for vector packet routing is when you're doing really, really high speed traffic shaping, traffic routing. Their vector packet routing picture tying cloud systems together that are working at scale might be something you need. So that's a different topic, but this device does support it is why I'm bringing it up. So the price on the device, we'll get this all the way before we dive into the details, is $799, regular price, $699 on sale, that's right now as of October 2019, that is the pricing on there. You buy it direct from NETGate, I'm not an affiliate or a reseller, therefore that's where you purchase it. I don't have a link or offer code or any special discount. Other than, I can tell you it says on sale on their website right now as of the recording of this video. And once again, all the technical specifications are there. A couple of little details, 4GIG DDR4 memory is in there, and we're going to open it up and talk about some of the other components inside. So the overall though, it does not come in a rack mount. I'll bring it up right away because I think that was something I was hoping for was a rack mount. But unfortunately, it only has a wall mount. So this does have to just kind of set on a shelf. All right, let's look at the details on it. So looking from the top here, here's the ports like I had labeled. Then we have the two USB 3 ports. And like I said, these match the inside when you're loading it. And then this is common. There's no video out, but there is the USB console, which you just pop right in and plug that in when I'm booting it. We'll actually show that so I can show you the boot time on it. Then over here on the backside, I like these power connectors. They're the barrel type ones. And the advantage of the barrel type power connector is when you have this set up somewhere, it screws in so you're not worried about if you slide this out, the power cord popping out. Those are nice. We do have a little power button right here to turn it on and off. And I actually like that it's at the back and no power button at the front. But we do have the indicator lights so you know from the front if it's on, but from the back it, you know, you have to actually hit the button in order to turn it on or off. So no one's going to just walk by it facing front and get it on there. Screws, a few screws on the side, a couple screws on the bottom. And this is the last of them and we'll slide it apart real quick. Look inside. All right. Pretty straight, easy layout inside. We have this metal plate, which I'm not going to remove, but it is removable. If we took, I guess we could real quick, why not? We're here. We'll remove it so you can see what's under it. But this is a hard drive for SATA. So if you wanted to add a hard drive to this, now why would you want to add a hard drive? The reason you may add a hard drive to this is so you can store logs. It would be a use case if you were doing some packet capture and needed to capture a lot of it. And you go, I need a lot of logging and things like that. Or if you're using like sericata, things like that, you need more logging from that. I needed somewhere to put it all. That would be ideal to put a SATA hard drive in there. So plastic clips. Get them up and away we go. All right. So there is the single four gig DDR memory there. Then we have a couple extra expansion slots here as stated in there. So we have a M2 and PCIe in here. So that's kind of cool. There's our SATA port right here. There is the power for the SATA adapter. Now back to being passively cooled. I'm not going to remove or try to delit it, but you can see it's pretty solid the way they have it mounted here. So even though I took these out, these stay in. They're nice and tightened down and they have it mashed in. So this large, I believe aluminum here dissipates the heat really well. So it stays nice and cool without having to ribbon overheat. You can see it's kind of hard to see inside it, but there's thermal pads in between. They didn't just cover CPU goo. Looks like nice thermal padding on there. Maybe there's some CPU goo in there as well. But I see a thermal pad on the controller, which I'm assuming is the controller on the backside of this for the network interface cards. I see the thermal pads in there. You can kind of see it in a process right up against there. Now this thing does not get very hot. So that's definitely one advantage of having such a large heat sink on there as there's not a lot of heat. All right, let's put this together and fire it up. Oh, that's kind of neat. I just noticed that. Now that I've flipped it over, the memory is cooled as well. So that's definitely a bonus. And then they have this pushing out to the front. They really thought about cooling a lot on this. Actually, I'm pretty impressed. So we have the box booted up and just so you know, the WAN is going to be right here. The first one, which is IGB0 and the LAN is in IGB1. Now this is directly connected to my laptop here. So it's a direct wire into my laptop. So we're going to do the speed testing. And this is on the 17269 network. So that's where the WAN side of this lies. So we have another server on the 17269 network. So it's going to talk directly to the WAN side of this. And then we're going to pass traffic through to my laptop that's behind this. I bring this up because a lot of people get confused. They think I'm testing from WAN to WAN when I do the firewall speed test. I'm not. I'm testing routing through the WAN, through the LAN into my laptop to show the different speed rates you can get. So the first one I'll show is the fact that we can get, you know, line speed on this. So right here is the IP address of the laptop or the PF Sense LAN 192.56192.168.51.1. So if we go over here and just so we know, we look at my DHCP server and we can look at the leases. Here's Tom's laptop at 192.168.51.100. Then we're going to go over here to firewall NAT. And we can see that I've forwarded port 5201, which is IPERF. And we're going to just do standard routing through this. I'll also make note that I have Saracota running on this because I didn't want to just load it and say load nothing on it and see if it routes. Let's see with Saracota running, which by the way, I'll show you real quick, I have set up to maximum detection. That way it's doing all the rules passing through here. Not some of the rules because you can change different levels. But we said maximum detection using the IPS policy. Just a quick and easy way to set it up. I have other videos that go more in depth than Saracota. But of course, the goal is to know, will it route at that speed with Saracota running? So let's go over here, which I've split the screen apart with TMUX. So here's my computer at that IP address, which just for show IPA. There is 192.168.51.100. Clear. Set that back as server. We're going to SSH2 root at 172.169.207. Just a basic server I have set up, and we're going to tell it to talk to the public IP address right here, 172.169.65, with IPERF time 30 seconds. Connect there. And you can see we're getting pretty much line speed, gigabit through the ports. But let's actually see what's going on inside of here. So we're going to go 8 to Shell. Let's run top. And you can see Saracota doing its thing here. So the processors are working, but not being overworked. We haven't pinned the machine to the point of being unresponsive or useless. Matter of fact, we can go over here and go to OpenVPN, because that's what we're going to talk about next. And these systems are working fine. We haven't destroyed it with full gigabit routing. So definitely powerful enough to do gigabit routing. Next test. The next test we really want to do on this is going to be OpenVPN. So let's go ahead and exit. So we're going to copy some files from the download folder. So there's our line speed. There's the system going back over to idle. And let's talk about OpenVPN. Now, there's a lot to tuning OpenVPN. You can get different speeds based on different ciphers that you use. 128 might be a little weaker. 256 a little stronger. But that's going to come at a cost. So you will get a little bit faster if you choose different encryption methods. So I'm just doing the basics here without getting too in-depth on this. With the settings being the AES 256CBC, which by the way, there's other crypto you can use. It'll be a little bit faster. Like I said, it's not a full test as far as all the OpenVPN options. But this is a well-secured one. There are, like I said, other options you can dig into. We're going to go ahead and go to Client Export. And we're just going to hit Most Clients and download this. And it downloaded the PF Sense UDP file. And from here, we're going to go to the downloads. Find it. There it is. So SCP. All right, there we go. All I did was do secure copies. I wanted to copy over that config file over to the server that's not living on the WAN side of this. So now we'll go back into the server. There's that file. Now what we're going to do here is split this one more time. So we want to SSH root at. So we're actually logged into this one twice. And at the top one here, we're just going to go OpenVPN. And then we'll put in the PF Sense file here. So PFSENSE. I don't know why it doesn't auto-complete for that dp4-1194. Typos today. Username LTS. And make sure it connects. All right, we are in. And it's completed. Now we can run that IPerf test, not against the WAN, but going through the OpenVPN. So if you actually run IPerf3-C now, because this is on the inside of the network, 68.51.100, we're connecting to it from inside. Which still gets an impressive 230 megabits second. And you can see OpenVPN pinned over here running MetaPretty high percentage. So we're getting that particular cipher about 229 megabits per second. So not bad. And like I said, there's a whole R2 trade-off of whether or not you want to use different ciphers or different type of tuning and different real-world use cases. But you can see that's not bad at all for OpenVPN speeds. So if you have remote users, or if you're connecting this with the site-to-site, you can expect to be using the ciphers I chose that level speed. Which, by the way, I cranked up the security. I know just by switching it to a, I believe it's a GCM cipher, I've almost got a hundred more megs on that particular cipher. So that's a whole trade-off. And that goes into a lot of debates about cryptography and how secure you need things. But like I said, I wanted to try it the most secure and it can only get better from there is kind of the point. But overall, I really like the box. It works great using it. And we've actually had this for a few days now. I think we got it late last week and we just been letting it run and I ran some long-term tests on it, pushing a lot of data to it, just to see if I could even get it above warm. That's all it really does. Actually, real quick, I think it has the thermal sensors in there so you can even see what it's running at. So let's look real quick. Jump back over here. Oh, good, I have the thermal sensors in here so you can see the temperature it's running at. Yeah, so it's not running that hot. So you can see the zones of the quarter. So 35C, not bad at all. Will it switch to Fahrenheit? Does it have an option? Oh, yeah, there we go, save. So people in America like me who always have to stare and think it's Celsius, we can figure it out. There we go. So it's running at like 95 degrees sitting here and it takes just a few gaps I had to edit out in this testing. So it's been on for at least a few minutes but even after running for a while, pushing it, it doesn't really get that hot. So I like the box. It fits the bill for if you didn't want to go all the way to the 7100, you'd need something that powerful but you wanted six ports on there so it saves you a little bit of money if you're going for that use case. It's a little bit more than the SG3100 which is one of our favorites for small business but one of the things that comes with that is that you start having problems running Sericata because you need that higher performance. This is going to have a little more power to handle that and it's going to have a little better VPN performance. So my overall, it's a great box. It's solid. I do wish it had a rack mount. It only does come with a wall mount. Other than that, I got no complaints. It's another solid product right from NetGate and we've been happy with them. I know some people think they sponsor me in some way. We just happen to deploy and use a lot of NetGate solutions we've done for a lot of companies or I should say PF Sense solutions and we like running their hardware because when I do an update at a remote place especially some of these are very far away from us and we just did one in Sweden, the one in Sweden. I don't have time to, well I'd love to go to Sweden if they'd pay it but obviously if I push an update I want the update to go through and not have no worries at all and when you're running their hardware that does save some of that trouble for those wondering why we kind of promote them. It's because we use them. It's just a product we like and you know where to find them over at NetGate.com. Thanks. And thank you for making it to the end of the video. If you like this video please give it a thumbs up. If you'd like to see more content from the channel hit the subscribe button and hit the bell icon if you'd like YouTube to notify you when new videos come out. If you'd like to hire us head over to laurancesystems.com fill out our contact page and let us know what we can help you with and what projects you'd like us to work together on. If you want to carry on the discussion head over to forums.laurancesystems.com where we can carry on the discussion about this video, other videos or other tech topics in general even suggestions for new videos that are accepted right there on our forums which are free. Also if you'd like to help the channel in other ways head over to our affiliate page we have a lot of great tech offers for you and once again thanks for watching and see you next time.