pfSense software is a popular open source firewall distribution based on FreeBSD operating system that is entirely managed via a web interface. Up until recently, FreeBSD (see comments section) pfSense would only support x86-64 (Intel or AMD hardware). But progress has been made with pfSense (and FreeBSD) for ARM, and Netgate, the company behind pfSense, is now selling two ARM based firewall appliances with SG-1000 microFirewall powered by Texas Instruments AM3352 Cortex A8 SoC, and sine a little over of month, SG-3100 firewall appliance based on a more suitable Marvell dual core Cortex A9 processor.
Netgate SG-3100 hardware specifications:
- Processor – Marvell ARMADA 38x 88F6820 dual core ARM Cortex-A9 @ 1.6 GHz with NEON SIMD and FPU
- System Memory – 2GB DDR4L Non ECC
- Storage – 8GB eMMC Flash
- Network Interfaces
- 2x Gigabit Ethernet configured as dual WAN or one WAN one LAN
- 4x ports Gigabit Marvell 88E6141 switch, uplinked at 2.5 Gbps to the third port on the SoC for LAN
- USB – 1x USB 3.0 port
- Expansion
- 2x M.2 ‘B’ key sockets (SSD, LTE)
- 1x M.2 ‘E’ key socket (2230 form factor) for WiFi / Bluetooth
- 1x miniPCIe (WiFi)
- microSIM
- mikroBUS socket, for community hacking and OEM expansion opportunities
- Console Port – 1x mini USB port
- Power Supply – 12V/3.33A threaded barrel connector
- Power Consumption – 5W (idle)
- Dimensions – Enclosure: 20.3 x 17.8 x 4 cm; motherboard: mini-ITX 17 cm x 17 cm
- Operating Temperature – 0°C to 65°C
- Certifications CE, FCC, RoHS, UL
The device is pre-loaded with pfSense with features such as stateful packet filtering firewall or pure router, routing policy per gateway and per-rule for failover and load balancing, transparent layer 2 firewall, support for IPV6, NAT, BGP, VPN: IPsec, OpenVPN, L2TP, Dynamic DNS client, and more. SG-3100 is said to support up to 1.8 million active connections.
This model targets SMB to medium sized networks, small to medium sized branch office, managed service providers (MSP), home or commercial high-speed Gigabit connections, or multiple VPN Connections.
Netgate SG-3100 is sold for $349 with a 12-month hardware warranty, and a one year subscription to pfSense Gold ($99 value) providing access to extensive documentation and videos. More details may be found on the product page.
Jean-Luc started CNX Software in 2010 as a part-time endeavor, before quitting his job as a software engineering manager, and starting to write daily news, and reviews full time later in 2011.
Support CNX Software! Donate via cryptocurrencies, become a Patron on Patreon, or purchase goods on Amazon or Aliexpress
the SG-1000 made sense when it came to the price and its size
but the SG-3100 for the price and function seems a bit much considering u could buy an x86 system with similar functions
That is a little expensive for what I uderstand it does, needs to have a few more value added (software) features out-of-the-box.
Wonder if it support 4G/LTE USB modems as backup internet?
pfSense is otherwise also missing a nice (official) iOS/Android app for easy access to management and basic feature like parental control.
Yeah quite expensive, you can build a cheaper atom or celeron box for that, which would probably be a lot faster.
@jeroen
Please show us the parts. You did note that this comes with a one year subscription worth $99 as well, correct? So you only have $250 left to play with. I’d be really interested to see what kind of hardware you come up with.
Me too. Especially with 5W idle consumption, an internal GbE switch connected upstream to the CPU with 2.5GbE and 2 additional and performant GbE NICs.
“Up until recently, FreeBSD would only support x86-64”. The initial ARM support was added to FreeBSD in 2004.
@Andrew
Well in the grand scheme of things, 2004 is only a few years ago :p
But seriously, reading pfSense forums or mailing list, I understood they did not provide an Arm image so far, because of a lack of FreeBSD support, or maybe they meant on low cost Arm boards.
FreeBSD has supported much more than x86 for a very long time… Alpha until ~2006, PowerPC support was started around 2002, mips for a long time as well, and sparc64 was the first big-endian target back in 2001. Only pfsense has restricted itself to x86.
@jeroen
https://www.amazon.co.uk/hardware-Appliance-Processor-Broadwell-Businesses/dp/B01N4CVSRB
Pfsense hardware Barebone 4 Lan pfSense Security Gateway Appliance Mi3215L Celeron Processor 3215U 2M Cache, 1.70 GHz, Broadwell Small Businesses Firewall,1 HDMI,4 Intel Lan,2 USB2.0,2 USB 3.0,1 COM, Support windows /Linux /Pfsense OS
by Kettop
Price: £138.00
Sale: £131.00
it;s the same hardware as turris omnia that comes with wifi at the same aprox. price
@maurer
A cheaper alternative could be Solid-Run’s Clearfog Base (also using the same SoC so able to run the pfSense release after adopting device-tree changes though I’ve no idea whether the SFP cage is supported in FreeBSD or only the two GbE ports)
@cnxsoft
Netgate was the driving force behind adding Armada 38x support to FreeBSD (since this being basic requirement to use devices based on this SoC with pfSense later). And according to Jim Thompson they plan to do the same with Armada 3700 so pfSense might run in 2018 on another ARM platform (EspressoBin). Since Armada 3700 features ARMv8 crypto extensions this could be a nice VPN endpoint then…
Wow that’s exactly what I was looking for to replace my aging firewall (via 533 MHz / Linux 2.4). However I didn’t plan to put that much money on it and just want to replace the OS with one I know better. The clearfog is nice as well but quickly becomes quite expensive when you start to add an enclosure. And between a 55 EUR edgerouter-x and such a board, the only really visible difference I’m seeing for my use case are mainline kernel and ability to add wifi. That’s not worth 6 times the price. I’ll continue to search around.
Ah, that reminds me of the Armada 38x getting pretty hot. On the Clearfogs there’s a huge heatsink but the above Netgate appliance solved it better: using the metal enclosure as giant heatsink: netgate.com/blog/lord-vader-your-firewall-is-ready.html
@tkaiser
IIRC, Turris Omnia also use their casing as a heatsink, but it’s definitely not the cast aluminum of the SG-3100.
@Pfsense hardware Barebones
You’re limiting yourself with pfsense 2.3.x release using that CPU…
@tkaiser
That doesn’t match my experience. On my two clearfogs, the CPU remains barely warm even at full load. The heatsink is only the size of the CPU module (something like 4x6cm I guess), and about 1cm thick, I wouldn’t call that huge, it’s 3 times smaller than the ones I put on my build farm’s miqi 🙂
By the way I use a USB-to-12V cable to power the clearfog base directly from my laptop, and it supports the two gig ports at full load and CPU at full load, so that means it doesn’t drain that much power. I really consider the 38x a very good SoC for I/O or networking applications. It definitely looks looks like the best thing I could use for a firewall!
@Pfsense hardware Barebones
Interesting recommendation for pfSense. The product’s description only mentions ‘Windows 7 Ultimate; Linux’ and the only review over at Amazon (2 stars for a reason) mentions that it’s neither running with pfSense nor OPNsense (missing driver support for the NICs in FreeBSD — great firewall appliance without Ethernet 😉 )
Which is quite understandable up until now. IMO an interesting read on the topic: https://forum.pfsense.org/index.php?PHPSESSID=6rohomesj4gs91o7res9aj7sm6&topic=120015.msg728596#msg728596