It has been quite a long time since STH has done a Netgate appliance review. The last time we looked at a SG series devices was the 2017 Netgate SG-1000. Now we have the Netgate SG-5100 which is in a completely different class than the SG-1000 in terms of features and performance. As you will see in the review, this is not a one-trick pony. It can run either pfSense or TNSR. TNSR is the company’s higher-performance Linux-based network operating system. Let us get into the review.
Netgate SG-5100 Hardware Overview
The Netgate SG-5100 is a fairly compact desktop unit. Rough measurements put it around 8.5×5.75×1.75 inches in size. The headline feature of the unit is a six 1GbE port array. The four IX ports come from the quad-core Intel Atom C3558 integrated MAC. The two IGB ports utilize two Intel i210-at NICs. Combined, Netgate has six Intel 1GbE NICs although there are slightly different feature sets.
Other features of the front panel are a USB serial console port, two USB 3.0 ports and status LEDs.
Technically, the Intel X553 on the Atom C3558 supports 10GbE and 2.5GbE speeds in a 2×10/2.5/1GbE + 2×2.5/1GbE configuration. It would have been really interesting if Netgate figured out how to make 2.5GbE a possibility on this platform but there are other parts such as PHYs that need to be accounted for. Still, we have had 1GbE firewall devices for a long time and in the next decade, we are going to see faster speeds required due to the rest of the infrastructure, including wireless, getting faster.
A feature you may have seen in the cover image is the heatsink top. The entire enclosure is made from metal. No cheap plastic here. The top of the unit has fins to increase surface area. That metal design acts as a heatsink to keep the unit passively cooled.
One can see the rear has a Kennsington lock port, a DC input, and both power and reset buttons. There are also four covered cutouts for Wi-Fi antenna mounting.
On the physical unit, we wanted to make two more points. First, the DC input has a locking connector. This is important to ensure that accidental bumps to not disrupt power. That is common in edge deployments. The power brick is a Channel Well unit that screws into the back of the chassis. That is a great touch.
Other internal specs include 8GB of eMMC and 4GB of RAM. Those can be upgraded to house up to 16GB of RAM. We also are using an internal M.2 port with a 32GB SATA M.2 (2242) SSD. If you want to see inside the unit which is largely inaccessible due to thermal glue, Netgate’s documentation has good photos.
What is missing from the Netgate SG-5100 that is present on some of the company’s higher-end solutions is an out of band IPMI/ Redfish management port. In the security world, BMCs are a risk. They also add cost and power consumption so it makes sense to exclude one. Still, that means you are using a 115200 rate serial console for low-level management.
Netgate SG-5100 Software Options
Technically, you can put a lot of different types of software on the Netgate SG-5100, but realistically, there are two main applications. The first is pfSense which STH covers quite a bit. While pfSense has a traditional shell, the gem of the FreeBSD-based solution is the Web management interface. For a novice, setting up interfaces, firewall rules, and VPNs is all done through an easy-to-use GUI.
The other option and the higher-performing one is Netgate TNSR. This eschews FreeBSD instead it uses a DPDK accelerated Linux stack. Netgate has taken a lot of the open-source improvements that go into a high-performance Linux networking stack and packaged them with a CLI that is more akin to traditional networking gear. For example, here is the “show interface” command in TNSR:
We are going to have a follow-up piece going into the performance of both on the SG-5100. As you may have seen, we have two Netgate SG-5100 units that we are going to use for this test. Still, we wanted to give some idea of what we are seeing, so next up we have the Netgate SG-5100 performance.