Netgate 4200 pfsense Firewall Review 

Finally some Netgate and pfsense content ❤

The look and feel of the Firewall gives me 3com switch vibes!

Just installed one this week, working great so far.

Been using the 4200 for a few months now in a home office environment and I’ve been impressed with the performance, so far so good

Pretty cool device. Glad they support FreeBSD and got their license drama sorted out.

Thanks for your always great videos!

I was JUST considering buying this and adding it as a second firewall to my protectli vault

This came just at the right time for our MPLS decommissioning. I’ve done a proof of concept for getting remote CCTV connected back to the central NVR using a couple of 4200s and an IPSec tunnel. Will add more sites now. The big increase in IPSec performance with these is perfect for that project.

I have a 4100 and am happy with its rock solid reliability. I am an unsophisticated user - still learning a lot about this stuff. No doubt I have things set up in a wildly insecure manner but it's just for tinkering and personal interest. I'm guessing it would not be worth my while to upgrade.

Hi Lawrence, great overview, could you maybe comment on real world power consumtion of the device. Thanks!

Nice overview of the unit. I installed 24.03RC on my spare XG230 Rev3 unit yesterday, although had to rebuild it due to the UEFI / BIOS issue which they're looking at now. Couple of Q's re the VPN aspect, PIA don't do port forwarding for torrents do they if I recall, unless it's offered via their static IP address service? Also QAT vs IPsec-MB Crypto?

I still am a little amazed at the fact that they finally get a new model atom, but found the one without QAT. The model has an ark page, but doesn't even show up on the list of "C" family of atom processors. Even the link to the Arizona Beach Processors on the Ark page for the processor goes to a dead link. sigh

replacing a Nov 2020 SG-5100 whose mmc died, added an ssd, it ran for one year, and now the mmc is stopping the device from booting.. short of physically removing the mmc I'll just replace the unit... Though I am still worried about the Sg-4200 MMC dying in a few years... Thanks for your videos they are great! PS. I saw others mention removing the MMC to get the unit to boot; I did that with a SMD hot air workstation I have, and surprisingly the uint now boots right up again.. So I'll update it and consider it a spare for the 4200 thats on its way..

I'm not sure if I really like the new look of these. My 5100 is 1U tall, black and fits well into my rack right on top of my switch.

Hi Tom, Have clustered 2 of the Netgate 4200s' or run them in an Active/Active mode?

Hi I love your videos. And I have a request can you do a video on how to setup dual wan fail over and how to make the box reroute where my no-ip address points to along with the firewall conf stuff? I assume you need to copy the rules from wan1 to 2? Have not tried would love more info in it hopefully before I break something. My box is overkill for what I use. I7 3770 and 16gb ram along with two dual port Intel network cards. I have a Fibre optic 250/250 line that I use as my primary. Then I have a cable 100/10 line that I want to have as a failover for my network. Both running on dynamic ips from the providers.

Hey, Tom. I'm curious about your snort config. Is it set up IDS or IPS? What rulesets do you use?

I'm waiting for fiber in my area to do more.

Question about Snort/Surricata, do you run your own certificate authority?

Awesome video. Thanks for putting it together, and especially highlighting the advantages of the Atom over something like a J4125. As someone teaching myself (or trying to) OPNSense as a hobby at home, it's easy to get overwhelmed by internet discussions from power users trying to min-max their configurations that want to put Xeons in everything. It's nice to see that the hardware acceleration in Atom CPUs has real, noticeable benefits to things I actually care about doing. It makes figuring out if I want to invest in something like this easier. I realize pfSense and OPNSense are not the same software, but the rule in the OPNSense guides seems to be not to use multiple downstream LAN ports on the firewall itself on a single LAN interface, as this requires some sort of bridging that can kill performance. Is that the case with OPNSense as well, or is this a case of it only "killing performance" in massive corporate deployments but being okay for a home or small business? Also, I'm curious if this device is appropriate for use in a network with 10 GbE LAN segments. I'm assuming the 2.5 GbE LAN ports would be a bottleneck in the case of iner-VLAN routing, so the expectation would be that the VLANs would be configured to prevent that when 10Gbps throughput actually mattered. Is that correct, or am I missing something?

Noticed QAT not enabled. What advantages would enabling provide?

I see 24% on swap usage. If there is enough free ram on the machine, why would it bother with swap. I am just a tad concerned as there might be more ware and tear on the solid state storage. Is this a FreeBSD thing?

Quick question, what use case would require a lot of additional storage?

Is Netgate/pfSense also going to do a Linux reboot ala ixSystems and TrueNAS Core -> Scale?

Excellent device. We've already sold many of these in the UK. It's really fast and offers great value for money.

Just remember to disable the pxe boot

I haven't watched the video through yet, I will later. But one thing I've found disappointing is the form factor that suddenly doesn't support rackmounting anymore. Sure you can put it on a shelf, but that just takes up more space (and it's ugly lol). Also no SFP(+) ports anymore. We're sticking with the 6100 and 2100 (I also don't like this one not being rackmountable but it's tiny so whatever) if we don't need alot of performance.

This video made me buy it. Too bad you don't have an affiliate link. Thanks!

Can Pfsense do what OPNSense does in protecting a home LAN with a Transparent Filtering Bridge? Dave's Garage channel on youtube details how to set up OPNSense on a miniPC and how to configure it as a transparent filtering bridge. He also sets up IDS (Intrusion Detection System) and IPS (Intrusion Prevention System) via Suricata and deploys the ClamAV antivirus solution on a router. Could you make a video about this on Netgate's 4200 pfsense to showcase its features? Thanks in advance for your consideration. I really like your content, opinions, and straight talk about networking and IT administration.

I was looking for something to replace my DIY server-based pfSense router, and this may fit the bill.

How does support model works for pfSense Plus software? Is it a subscription based model or a perpetual license sold with the device? Does automatic update work via UI or they require command line operations?

Completely sold on the multicolored blinky lights

Why snort if it is no longer being maintained for future versions?

I see Tom is using ISC DHCP - I'd like to see a detailed video on this, covering 24.03 release, problems / gotchas, is it ready to use?

locking power connectors are nice, being one who's knocked out power cords a billion times. but something else will always happen to "break" things. lol

Love your videos can you do a video on traffic monitoring ? For both LAN & WAN….How much data should be upload / download depending on what you’re using and doing on your network and how to detect traffic that could be malicious. That would be super helpful !

all of this went way over my head lol i just want to travel the high seas for movies while keeping my 2.5ghz speeds.

Interesting, Thank you. Any Logfiles should definitely go onto removable Flash or remote servers.

Would love you to review the Unifi Cloud Gateway Ultra (UCG-Ultra) and Gateway Max (UXG-Max), I know they just got released and stock is sparse but they seem like an interesting alternative to the UDM-Pro and UXG-Pro!

Cool device, but I am wondering about the actual power consumption. Devices are stacking up in my home: nokia fiber router -> homebuild proxmox firewall/server -> 5 unifi switches and 2 wifi access points.

Can you get gigabit over wg site to site?

I find your lack of Ipv6 disturbing 😉

Really expected more discussion on price and value.

Why not make a recommendation for building a custom 1U server with Linux, talking about what components to use for maximum reliability, with a how-to install PF-Sense in a server envirionment. If you don't have any incentive to promote or support NetGate, or are not worried about them seeing such a video, I'm sure lots of NEs would appreciate that video.

550 is crazy when you can get a N100 with 4 2.5gig of Ali Express for about 150 bucks shipped.

Will the max have an sfp port?

SNORT all day!

Type for everyone to get symetrical 1gbps fiber internet speeds ( at least ) and none of this will be needed anymore.

This looks like a missed opprotunity. if they had sfp+ or 10g-base-t ports, I'd totally be down but this 2.5g crap that's been going around is just disappointing.

for home lab probably "too good" - one can have similar one from uncle China for kind of 30% of the cost of this one

first

Guys, stick with OpnSense, continue to support open source and ditch mercenaries like Pfsense. Yeah, just my opinion.

The Hardware Break Very Easily Esp Netgate 4100 & 6100 Very Unreliable ... For Netgate I Will Go For 1537 & Above ... Below That I Custom Make With Intel 350 T4