 Tommy here from Orange Systems, and I got a new firewall for Christmas This is actually my old firewall because the new one is in production in production use I should say now this video is not sponsored by neck gate But yes, they did send me a new firewall for Christmas specifically a neck 8 2200 now neck 8 has already posted videos about the specs and the Speed and the details of the device and I'm not here to talk about those because as I said they're documented Actually, this is something that gate does a great job of is Documenting all the different variables in terms of I perf and I mix traffic with their VPN speeds And they have the max posted routing speeds, which I mean it's cool that they post how fast it can route But let's talk about production use and that's what I'm here to cover Not just a bunch of how fast can it possibly go because that's not something you always use in the real world in the real world You're using a lot of different applications and because we're using is in production and we installed it on December 24th of 2022 And it is February 25th of 2023. I have a few months of usage on it of using it at my office with my employees VPN again and we'll talk about all the different things we do with it But too long didn't watch it's held up really really well It is lived up to being a great and good upgrade to the 6100 and I said upgrade to the 6100 But let's actually look at the PF sense lineup that's available here in February of 2023 We have the neckate 1100 and 2100 which are their arm-based devices. These work great I recommend them to a lot of people just getting started with PF sense kind of your advanced home users But if you decide you want more than just PF blocker and a lot of rules and a lot of e-lands You go, I also want VPN speed and they will support VPNs just not gonna be fast And you want some traffic inspection the 1100 and 2100 are gonna kind of fall flat on that the 4100 You can do that. This is where their x86 lineup starts, which is 4100 6100 and 8200 all x86 as are the neckate 1537 and 1541 But the 4100 only has two and a half gig But the 6100 having that 10 gig connection that makes it a really good choice And if you need 10 gig but a little bit more speed a little bit more processing That's where the 8200 comes in now the 4100 6100 8200 are all rack mountable But specifically the 8200 only ships as a rack mountable option and it's the same bracket for the 16100 or 4100 So there's they're all interchangeable also of note the little barrel connector and the power connector for these are the same on these Devices with the same power supply, which is actually more wattage than any of them need But hey, it's better to spec it that way than the other way now Let's talk about our workloads first is HA proxy also with let's encrypt This allows us to have the reverse proxy set up with good certificates for all the different internal things and some external things That we have to access this works really well But honestly it worked just as well on a 6100 because it's not something that requires too much processing power unless you have a really large use case for it in terms of like a High number or a high usage website But for the most part for most people, especially just running some internal services It's gonna run well on most any of the devices that naked has even the lower end ones next is free radius and open VPN free radius Is how we authenticate our open VPN for external employees or when employees are not in the office and need to remote in some are Dedicated external some are on and off external and it works perfectly fine Obviously, you're gonna get a little bit speed boost for going to the 8200 the next one is wire guard And that's how my studio connects to my office. I've been using wire guard for a little over a year now I have not had any problems with it. I know it's still marked as an experimental package But I really feel it's ready for production use I'm sure that experimental tag will come off pretty soon here in PF sense, but it does work really well Saracada and not just using it. It's the number of rules and number of interfaces This is where we did see a big performance improvement from the 6100 to the 8200 because it's not just running Saracada It's not the traffic inspection and speed that you run into but the reloading of rules If you have to do an update or you have to make a rule change to Saracada or snort This goes the same for both you will have a long pause for the reload time This can sometimes cause some confusion where you have a rule that got triggered falsely you flag it So it's a wait listed rule, but then you run into the problem of it Triggers again before the rule has time to reload because it may take 60 seconds or a minute or two Depending on how many rules you have to reload. This time was significantly cut down I didn't have a timer that I set from the 6100 to 8200, but this is the one thing It's not the routing that you run into with Saracada and it's slowing it down the connections One of the big ones is just that reload time gets notably Faster there are of course benefits with the routing and depending on how many connections you have the Saracada traffic inspection Can be a little bit intensive, but it also is in direct proportion number of rules You have now pf blocker doesn't take a whole lot of horsepower on pf blocker But that runs fine is another thing we're using and what does take and this was another significant improvement is the end top NG and top NG is great to get a video on it I really like it for being able to figure out where all the traffic is going and kind of inspect everything And we have a lot of connections and being able to sort things out This is something that I wouldn't even attempt or it's probably not even gonna work at all on your really low-end neck gate devices and as you move up though 4100 into the 6100 you're gonna get much better performance out of it and it still goes with the 8200 and I think having the MVME probably helps that a little bit because it does run a database to keep track of all the Connections and depending on your data retention settings. Yeah, that's gonna be a big deal in terms of Rewrite and keeping track of all that So if you want to go either with the 6100 max or you get an MVME or the 8200 and top NG If you're gonna use that a lot and really want to dive deep into it It's going to be a lot better on those models now. I'm not gonna lie I was a skeptic when I first seen neck heat designing these with this large heat sink on the bottom with the 4100 and a 6100 which share this same chassis as the 8200 essentially the same form factors are obviously a little different under the hood but the heat dissipation has prone to be very very effective with this design even though it's on the bottom They've left plenty of airflow on these now the 8200 unlike its predecessors the 4100 and 6100 does have active cooling with a fan on it But that hasn't really been much of an issue in terms of any sound because it's a laptop fan That spins at a relatively low rpm and we haven't even under any workload really seen this hit any higher than 40 max Centigrade it just doesn't get that hot neither did the 4100 or 6100 both that extra Power and extra processing that you get with that different ship Well, that's going to mean you have a slightly higher thermal profile potential as you load it up But we haven't had any issues at all with it But it's worth noting now final notes on the 8200 in terms of my overall feelings on it as I said at the beginning It's worked really well The only minor issue to report is when we first received the device it had PF since 2205 and PF blocker was giving me a weird PHP error. We did talk to netgate We know this was a bug that was kind of like a known at the time and would be fixed in the 2301 and I want to do this video after a 2301 update and the bug went away We haven't had any problems at all But I should keep working PF blocker wouldn't stop it We just give a PHP error on the reload about once a day kind of a strange bug But that bug has now been fixed And so unless you're planning and going back to the old version of PF sense and there's also been an update to PF blocker Unless you plan on going back to the old version of that I don't see this as a problem you'll run into one more little side note Just more as a reminder that all the ports although they come factory labeled when and land you can also reassign them They're all individual ports not just on the 8200 but also the 6100 where I mentioned this before and I believe I mentioned it With the 4100 review they can all be assigned to however you like So yes, you can use that 10 gig port to become your land and that's actually what I did and they have a lot of VLANs attached to it But leave your thoughts and comments down below How do my forums for a more in-depth discussion or head over to the neck gate forums and well dive into the topic of the Latest version of PF sense and let me know down below if you've decided to load it right away Or you're still waiting a little longer to go to version 2301. All right, and thanks