The new Netgate SG-2100 desktop-class network appliance is targeting to fill the gap between SG-1100 and SG-3100 devices. With the surge in remote working and the need to connect multiple sites with VPNs and secure networks, Netgate has a lower-cost device using an Arm-based processor, to provide something new. In our review, we are going to take a look at the new router and firewall appliance to see what it has to offer, and how it performs.
Netgate SG-2100 Overview
This solution is designed to be a low-power and quiet edge device. As a result, Netgate is using a desktop form factor. The device measures 107.95 x 172.72 x 43.18 mm ( 4.25 x 6.8 x1.7 inches). At the front of the device, one can find 3 RGB status LEDs which are largely overshadowed by the large Netgate logo.
Netgate SG-2100 has a reasonable design for a desktop unit with metal bottom and plastic top cover. Netgate’s original Arm-based mini-router, the Netgate SG-1000 came in an all-metal housing, but the product line has evolved.
All ports are located at the back of the device which has space for five (5) Gigabit Ethernet ports one combo GbE/SFP port by default is assigned to WAN and (4) switched GbE ports handled by Marvell 88E6141 Ethernet switch connected with 2.5G uplink to SoC. In addition, we can see a mini-USB console port, USB 2.0 host interface, micro SIM slot, (3) antenna holes covered by rubber caps, and power input.
Power is provided by included DC power adapter (12VDC, 2.0A) and unlike many other devices in the consumer market has a threaded barrel connector.
Inside, the SG-2100 is based on a Marvell ARMADA 88F3720 SoC. Looking at the block diagram, we see that SOC has a dual-core Cortex-A53 CPU and includes a variety of connectivity. For the SG-2100 it is interesting to note that it has USB 3.0, SATA 3.0, PCI-Express 2.0, and 2.5 GbE IP blocks.
For memory, the Marvell SoC in this device is coupled with 4GB DDR4-1600 memory and is not expandable.
At the bottom of the device, one can find 2 integrated keyholes for wall mounting, rubber feet, and 4 screws.
Inside the device, we have M.2 slot that can be used either for a M.2 2242 (42mm) SATA SSD or USB LTE module. It worth mentioning that the M.2 slot is technically not user-serviceable and either option can only be selected when ordering a new device from Netgate. At this time, ordering from Netgate gives an option to add a 32GB SATA SSD, but not a WiFi or LTE module.
Netgate SG-2100 Management
Netgate SG-2100 is managed by pfSense a FreeBSD based open-source distribution tailored for use as a firewall and router, which STH covers quite a bit. At the time of this review, the latest version available was 2.4.5p1. Please read our review for details about the new features available in this release.
On the x86 side, features such as AES-NI are well-supported by pfSense but basic crypto offload features are going beyond this simple setup. Intel is heavily pushing Intel QuickAssist Technology in its edge chips but that requires a lot of extra work to support so many software packages do not use it. Many of the Arm vendors have their own cryptographic offload engines. Here we can see the two Arm Cortex-A53 cores, but then we can see “Crypto: (Inactive)”. The Marvell SoC has a crypto offload feature, but the current pfSense release does not support it. This may change in the future which would, in turn, potentially change the performance numbers we are about to look at.
Next, we are going to look at the Netgate SG-2100 performance before getting to our final thoughts.