The SG-2440 offers IT-grade networking options for your home or SOHO
Powerful and versatile pfSense OS; Expandability with mSATA and 2x mini PCIe; Can be upgraded with software packages
Not novice-friendly; Wi-Fi option doesn't offer 802.11ac; Pricier than most consumer gateways and routers
When we first got the pfSense SG-2440 in our office, it sat on a desk for a few weeks before we knew exactly what to do with it. After all, exactly how exciting can a firewall/router device be?
As it turns out, it can be friggin' awesome.
One of the interesting things about building PCs is that even the most ardent enthusiasts seldom invest the time or money to create a truly impressive home networking setup. After all, how many people simply use the router given to them by their ISP? Even if you buy your own router, modem, or combination device, seldom will devices offer more than a couple of tools that power users want. Even devices that soar north of $300 can be so-so with security and customization.
The SG-2440 is the polar opposite; it allows a wide and dizzying range of customization and configuration options.
It's what's inside that counts
The SG-2440 isn't much to look at, and lacks attention-grabbing features like the Netgear Nighthawk X6's antennas. In fact, this particular box didn't come with Wi-Fi antennas at all (you can add Wi-Fi as an option when ordering online, if you like). What it did come with was four gigabit Ethernet RJ45 connections, a couple of USB 2.0 ports, and a power connection.
The most important thing that it came with, however, was four external Phillips head case screws. That's right, this is a router you can customize and upgrade.
Stock, the SG-2440 comes with a 1.7GHz Intel Atom dual-core processor coupled with 4GB of low-voltage DDR3L RAM and 4GB of flash memory soldered to the board. The Atom processor and respectable amount of RAM makes this a very zippy device, compared with many other consumer routers and gateways. Configuration pages were served up quickly, and applying settings took only a few seconds.
Our unit came with a Micron 128GB mSATA SSD attached to the single mSATA slot. There are two mini PCIe slots, which means you can have two different Wi-Fi devices, if you so choose. It also has a SATA connector, though we had a hard time imagining just where you'd put a 2.5-inch SSD inside this tiny box. There's no connector for SATA power anyway, which makes the data connector even more odd.
The SG-2440 allows for expansion with an mSATA port and two mini PCIe ports.
There are five holes for Wi-Fi antennas on the rear panel that are covered by rubber plugs. You can get a unit with a 802.11a/b/g/n mini PCIe card pre-installed. There aren't any FreeBSD drivers to provide 802.11ac support in pfSense yet, so we'd upgrade the Wi-Fi card to AC as soon as drivers are available.
Keep in mind that the SG-2440 is not a modem, it's technically a gateway. You'll still need a cable, DSL, or fiber modem in order to use this box. DOCSIS 3.0 cable modems run around $70 at time of writing. If you have an old router/modem combo or an ISP-supplied router, you can save 70 bucks by enabling bridging mode (which turns off NAT, Wi-Fi, and other routing capabilities) on the old router. That is, if your router has an option to enable bridging mode.
For our testing, we connected the SG-2440's WAN port to a Motorola SURFboard cable modem/router. We then set the 2440's WAN IP address as a DMZ on the Motorola. You can technically attach the SG-2440 to your existing LAN behind your existing router, which would allow a second line of defense on your network.
THE MIND'S STRONGER THAN THE BODY
The brains behind the SG2440 is the pfSense Project, an open-source firewall and gateway distribution based on FreeBSD. Since the project is open-source, you can actually build your own router box and install pfSense on it. The SG-2440 is for those who don't feel like buying a bunch of parts for a new box, or buying extra network cards for an existing old box. Buying a pre-built device also also means you don't have to check hardware compatibility and install an OS.
The pfSense dashboard displays resource usage in addition to basic settings.
The first thing to understand about pfSense is that it is an OS running on a storage device. In this way, it runs more like a traditional desktop or server OS than a custom firmware like DD-WRT. It also runs on the 32- or 64-bit architectures we're used to on desktop machines. The pfSense software can also be installed as a firmware for compatible routers.
The primary way to interact with pfSense is through the web interface, which is a bit overwhelming at first. There are a slew of options that range from the most basic to IT professional–level features. You can set up a VPN, use it as a dynamic DNS client, and perform a wide range of advanced routing tasks.
The OpenVPN options in pfSense's web interface offer more than preset values.
If you can convince your ISP to install multiple broadband connections, you could easily take advantage of the second line. The pfSense OS also allows you to use multiple wide-area network (WAN) connections by configuring one of the other Ethernet devices as a DHCP (or PPPoE) client. You can then configure traffic scheduling and load balancing. It's basically like being able to double-fist the Internet.
The pfSense network device configuration screen gives you more than just DHCP or static IP options.
The software allows you to add an arbitrary number of network devices, though the SG-2440 has all the installed devices added for you. Devices can be designated as WAN or LAN, depending on your requirements.
The OS also allows you to download additional software packages like Avahi service discovery, the Apache web server, and the Squid web proxy cache. Of course, you need to actually get the box configured correctly before you can download a package list (or packages).
Great power requires great knowledge
The pfSense software is powerful and versatile, almost to a fault. There are so many options, it can sometimes be tricky to find just what you need quickly. This isn't a device that we'd expect the cable tech to know how to troubleshoot, let alone your mom (unless she's an IT professional).
If you purchase a pfSense gateway or appliance, you get two free support requests that are good for up to one year. If you'll need more support, the project offers support plans starting at $400 per year. That ain't cheap, so we suggest you brush up on your networking knowledge if you want to use this platform.
If you've got the tech chops to know how to set up a network properly, pfSense lets you fine tune just about anything you could want. Though we think we could build our own pfSense box for maybe slightly less than the SG-2440's price of $500, this little black box offers plenty of power in a compact form factor.
If $500 is a bit steep, pfSense offers the SG-2220, with only two Ethernet ports and a single USB 2.0 port for $300. You can also get the OS preloaded on a USB stick for $20. The unit we reviewed (with 128GB SSD and USB cable) prices out to $628. You can get 128GB mSATA SSDs at Newegg for as little as $60 or as much as $142.
We really like what we've seen so far. The pfSense platform offers so much that we think we'll find even more cool stuff the deeper we dive into the OS.
Price: $500; pfSense.org
|CPU||Intel "Rangeley" Atom C2358 1.7 Ghz with Intel QuickAssist|
|CPU Cores||Dual Core|
|Networking||4x Gigabit Ethernet Ports|
SoC Intel I354 Quad GbE on-die MACs
|Storage||4GB eMMC Flash on board|
|Expansion||1x mSATA, 2x mini PCIe|
|Console Port||Mini USB|
|USB Ports||2x 2.0|
|Dimensions||1.5" tall x 6.8" deep x 7" wide|
|Form Factor||Standard mini-ITX 170mm x 170mm|
|Power||External ITE P/S AC/DC 100-240V, 50-60 Hz, 12V 4.16A|
|Power Consumption||7W (idle)|
One last thing: We kind of wish the "p" in "pfSense" wasn't lowercase. Starting sentences with "pfSense" will melt a grammar Nazi's brain.
This review has been updated to reflect the fact that pfSense doesn't yet support 802.11ac due to a lack of FreeBSD drivers. This is less of a slight against the appliance and pfSense itself, since it relies on upstream driver projects for AC support. The upgradable nature of the device means that as soon as drivers are available, AC upgrades will be trivial.