pfSense SG-1000

John Connor · Nov 1, 2016

Check out this nifty thing! https://netgate.com/products/sg-1000.html

Rifter · Nov 1, 2016

I was literally just planning out a build to do exactly this with a SOC microboard, guess they beat me to it, i may buy this.

Hardest part of making one is finding a SOC micro board that has real dual gigabit ethernet.

Red Squirrel · Nov 1, 2016

Wow that is really cool. I have an old 1U server running pfsense, but a box like this would use way less power than full blown PC hardware.

John Connor · Nov 2, 2016

So correct me if I'm wrong, but is pfSense already installed in this thing?

Red Squirrel · Nov 2, 2016

From what the site says it looks like it is. I'm guessing this is similar to a Raspberry PI though, you can probably put other stuff on it too.

ch33zw1z · Nov 2, 2016

Looks very cool. I just want the device though, no need for of sense gold

Rifter · Nov 2, 2016

ch33zw1z said:
Looks very cool. I just want the device though, no need for of sense gold

agreed, wish they had a cheaper striped version with just hardware. i can install software myself.

John Connor · Nov 3, 2016

I had asked Netgate some questions and have not received an E-mail from them. Can anyone answer these two questions?

Can I change the WAN MAC address in this appliance?

Can I block countries in this appliance?

Rifter · Nov 3, 2016

John Connor said:
I had asked Netgate some questions and have not received an E-mail from them. Can anyone answer these two questions?

Can I change the WAN MAC address in this appliance?

Can I block countries in this appliance?

good questions, please let me know their response, because i also have to change the mac address.

John Connor · Nov 3, 2016

I'm asking here because I have not got a return E-mail. I never used pfSense before. I found an old post on a pfSense forum back in circa '15 where a user had an issue changing the WAN MAC address. Although I think it was due to his NIC.

ch33zw1z · Nov 3, 2016

Put pfsense in a vm, probably faster than waiting for them

John Connor · Nov 3, 2016

I guess I could do that! I never thought about that before. Thx! I'll do just that and check out all its capabilities.

XavierMace · Nov 3, 2016

I really question that box having sufficient grunt to keep up if you do anything more than a basic firewall setup on it.

Red Squirrel · Nov 3, 2016

I'm not a fan of VMing a firewall, unless you have a separate VM server with two NICs that is strictly acting as a gateway VM server. You can do "router on a stick" as a firewall but it just does not feel right to me. I always like having real physical separation between inside and outside. It is less error prone.

John Connor · Nov 3, 2016

Red Squirrel said:
I'm not a fan of VMing a firewall, unless you have a separate VM server with two NICs that is strictly acting as a gateway VM server. You can do "router on a stick" as a firewall but it just does not feel right to me. I always like having real physical separation between inside and outside. It is less error prone.

I'm not gonna run a firewall in a VM. I just want to look at the software in preparation on buying this node/device thingamabob.

John Connor · Nov 4, 2016

Got a chance to test this in a VM. Pretty intuitive layout. Everything is pretty much straight forward, but there are a lot of other options that go beyond my networking knowledge. It's a very capable firewall. To change the WAN MAC address it's right under interfaces. But when I tried to change it the web page wouldn't load. I have a felling the virtual NIC was causing an issue or I need to do something IDK. I hope this doesn't happen in the SG-1000. Adding countries is easy with the addition of the module. They even have a Snort module which I need to test. I'll set everything up and Nmap this VM and see if it gets through with an open port. I'm hoping Snort will block it. There is also a Nmap module, but who in their right mind would run Nmap from their own IP address?

ch33zw1z · Nov 4, 2016

The mac address thing is likely due to the vm, but now you know it's in there.

John Connor · Nov 4, 2016

ch33zw1z said:
The mac address thing is likely due to the vm, but now you know it's in there.

Thanks for confirming. I really hope that is the issue because I often change my WAN MAC address to get a new IP.

John Connor · Nov 4, 2016

Does anyone know if Snort blocks Nmap scans out of the box with the opensource signatures? I was able to do an Nmap scan to the VM without being blocked. But maybe that was due to my IP being localhost? Or in RFC 1918?

Red Squirrel · Nov 5, 2016

If the ports are not open in first place I'm not sure if snort would actually see it. Though I could be wrong.

John Connor · Nov 5, 2016

Red Squirrel said:
If the ports are not open in first place I'm not sure if snort would actually see it. Though I could be wrong.

That's not what I'm asking.

John Connor · Nov 5, 2016

Anyone know how you can reboot the configuration in gthe SG-1000? I mean, how do you log into terminal? Is it via SSH?

ch33zw1z · Nov 5, 2016

PPfsense can be rebooted from guide or cli

John Connor · Nov 6, 2016

Guide?

And how do you enter CLI in the SG-1000? It does have a single USB adapter, but I'm not sure who you see a screen with that.

ch33zw1z · Nov 6, 2016

Lol damn phone , gui.

The cli will be ssh, possibly telnet by default...but not likely.

Edit: from spec sheet on your link

Console Port Micro USB

There's the local, non ip console port

pfSense SG-1000

Lifer

Lifer

No Lifer

Lifer

No Lifer

Lifer

Lifer

Lifer

Lifer

Lifer

Lifer

Lifer

Diamond Member

No Lifer

Lifer

Lifer

Lifer

Lifer

Lifer

No Lifer

Lifer

Lifer

Lifer

Lifer

Lifer