Totally agree, everything I run in my lab is SSD. :)

Thanks again for your time.

We are working on it, yes. This is unlikely to be a fast turn around though.

Ok, then the first thing to try is hook up the serial console and see if that remains responsive when this happens.

Steve

Thanks.

I apologise it looks like human error. The form was submitted as an SG-1000 but we should have caught that.

I have sent you the correct firmware image for the 1100.

Steve

@jts2045 There's a patch specifically for the 22.05 issues for DEVEL, no need to downgrade that I am aware of.

Yeah, I would not recommend using RAM disks with Snort/Suricata. It can be made to work but they do not expect to see RAM disks.
4GB is enough to run Snort/Suricata and pfBlocker. Though, as stated, it will reduce the maximum throughput.

Steve

You can do it without a reboot:

[22.09-DEVELOPMENT][root@2100-2.stevew.lan]/root: ifconfig mvneta0 mvneta0: flags=8a43<UP,BROADCAST,RUNNING,ALLMULTI,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: WAN options=800bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,LINKSTATE> ether 00:e0:ed:b6:13:59 inet6 fe80::2e0:edff:feb6:1359%mvneta0 prefixlen 64 scopeid 0x1 inet 172.21.16.220 netmask 0xffffff00 broadcast 172.21.16.255 media: Ethernet autoselect (1000baseSX <full-duplex>) status: active nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL> [22.09-DEVELOPMENT][root@2100-2.stevew.lan]/root: ifconfig mvneta0 mvneta0: flags=8a43<UP,BROADCAST,RUNNING,ALLMULTI,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: WAN options=800bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,LINKSTATE> ether 00:e0:ed:b6:13:59 inet6 fe80::2e0:edff:feb6:1359%mvneta0 prefixlen 64 scopeid 0x1 inet 172.21.16.220 netmask 0xffffff00 broadcast 172.21.16.255 media: Ethernet autoselect (none) status: no carrier nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL> [22.09-DEVELOPMENT][root@2100-2.stevew.lan]/root: ifconfig mvneta0 mvneta0: flags=8a43<UP,BROADCAST,RUNNING,ALLMULTI,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: WAN options=800bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,LINKSTATE> ether 00:e0:ed:b6:13:59 inet6 fe80::2e0:edff:feb6:1359%mvneta0 prefixlen 64 scopeid 0x1 media: Ethernet autoselect (1000baseT <full-duplex>) status: active nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> [22.09-DEVELOPMENT][root@2100-2.stevew.lan]/root: ifconfig mvneta0 mvneta0: flags=8a43<UP,BROADCAST,RUNNING,ALLMULTI,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: WAN options=800bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,LINKSTATE> ether 00:e0:ed:b6:13:59 inet6 fe80::2e0:edff:feb6:1359%mvneta0 prefixlen 64 scopeid 0x1 inet 172.21.16.220 netmask 0xffffff00 broadcast 172.21.16.255 media: Ethernet autoselect (1000baseT <full-duplex>) status: active nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>

Steve

@senseinyc said in Netgate SG-3100 cannot retrieve packages:

it says on latest version (I know it's not). When I try to install new packages

Also, don't ever install "current" packages on an older pfSense version, so it doesn't try to, say, upgrade PHP or some other dependency.

Ah, yes, for a single threaded process like OpenVPN that i7 is going to be faster.

I expect better than 200Mbps though with AES-GCM given low enough latency.

That's worth testing. It's far more common to have the client side assigned though. I wouldn't expect that to cause a problem.

@michmoor said in 4100 Max - cpu temps:

@keyser Thanks! I appreciate the replies.
So basically an inefficient chip as compared to an i3 but still the overall performance should still be solid and temps shouldnt be an issue?
I feel more at ease now about it.

Well No, not really inefficient. Sure compared to the latest 11th or 12th generation i3, they are less efficient due to Being manufactured on an older silicon die node, But thats evolution for you. Compared to “same age i3’s” i would rather use the Word different. I3’s and higher are made for high single core single performance - achieved by turboing the frequency. This can make cpu performance fairly unpredictable because sometimes its fast, sometimes its in a throttle back State due to heat. The atoms are made for all day predictable performance, and have some optimizations for network/server type workloads that they can do with hardware assist. So they are a fairly good cpu in a “lower power” envelope for this kind of work.

@stephenw10 Thanks Steve. Much appreciated.

@serbus said in Netgate 6100 temps:

Not sure if the passive heat spreader design in the 6100 is similar to the one in the 3100, but you can check this out :

Definitely not... the heat dispersion on the 6100 (and 4100) is the entire bottom of the system... the 2100/3100 have chunks of aluminum, but not nearly as substantial as the 4100 and 6100s.

Yes, we can do that but going in that direction is usually less of an issue. If you have VLANs configured for the switch ports in the 3100 you can just reassign those interfaces to the discrete NICs in the 6100 when you import it.

Steve

@rcoleman-netgate said in Setting up SG2100:

@simon_lefisch said in Setting up SG2100:

mvneta1.xx tells me that all the switch ports are bridged. Is that actually the case? Is there any way to not have them bridged? I know on a Cisco Firepower 1010 you can set the interfaces separately or have them set as Bridged Virtual interfaces (BVI).

They are a single ethernet chip LAGGed as a switch. There is no way to break the LAGG and use them individually.

Worth noting that the only systems this is the case on are:
1100, 2100, 3100 and 7100 models. All others have discrete interfaces.

Thanks for that info, I did not know that. I appreciate you taking the time to let me know this 🙏 😁 🤙

Thank you all!!
Properly editing the file fixed the issue. I had a small typo.
The CPU usage may be lower than it has been for a while and now the temp is also down a tad. Going to monitor this for a bit. I know I had an issue with the WiFi. Going to see if that is cleared up as well.

@danholley That is weird. And as you say bizarre if 8.8.8.8 was reachable. :) But you're welcome.

I just had this problem too. Running that command via SSH fixed it for me too.

pfsense-upgrade -d

@stephenw10 I'd rather not muck with the fire-wall as my house has multiple users who need internet most of the time :-)

FWIW, I don't remember changing anything else to get the package manager working again.

@rico said in Unable to reset Netgate 6100 after configuration restore:

Request the latest 6100 Image here: https://www.netgate.com/tac-support-request
And reflash: https://docs.netgate.com/pfsense/en/latest/solutions/netgate-6100/reinstall-pfsense.html

-Rico

@stephenw10 said in Unable to reset Netgate 6100 after configuration restore:

Reinstalling is likely to be quickest and safest there. Otherwise you could probably manually edit the config to remove the duplicate sshkey entries.

Steve

creating the TAC support request did immidiatly result in getting the image needed - reinstalling was the quickest way - thank you Rico & Steve

@gich The port not working at full speed it's not a problem. It's suck but I'll live with it.
I was only wondering if there was a deeper connection between those problems.

@lexip you have to create a parent interface for LAGG0 -- one does not exist by default.

Or just enable SSH which is one checkbox:
https://docs.netgate.com/pfsense/en/latest/config/advanced-admin.html#secure-shell-ssh

Or use the console directly.

But there's a good chance you can't create a connection directly using just the module. And the code to separate the WAN data from other available services may not exist in pfSense.

Steve

@elvisripley
Thanks for all the info.
Have my pre-drywall walkthrough shortly, so I am about 2-3 months out still. But I also know I need to buy equipment in advance so I can get it all done before we move in.

Ah, yeah almost certainly Snort there. Really the Snort and Suricata packages are not expected to work with RAM disks. It's possible but you have to have to be very careful configuring it.

Steve

@rwq891 If you're still in the market for an SSD I can report the Kingston SA400M8/240G A400 SSD, 240GB, M.2 to be working in my SG-3100.

@rcoleman-netgate

wilco. thx.

@jimp Yes the error was same.

@gertjan Thanks, that's good advice; I tend to prefer command line as well so I will definitely take a peek at df next time. Unfortunately, no ZFS for me, for reasons discussed above (no support on ARM32 chips).

Don't know specifically about the XG-1541, but typically that setting is found in the BIOS configuration of PCs and other appliances like the XG-1541.

Boot with direct console access and enter the BIOS SETUP utility. In there, look for a setting related to the power on/off state. Typically the wording will offer two options when power is removed and then later restored. One option will cause the hardware to "stay in power OFF mode", and the second option will cause the hardware to "resume previous state". That second option means if the unit was turned off when power was removed, it will stay off when power is restored. If the unit was powered on when the power was lost, it will automatically power back on when the power source is available again.

Thank you for these explanations. Very clear!

tray.png

@rcoleman-netgate That works, even if the usb console doesn't.
I'll run with that instead of returning the unit, as the config is working and this still gives me a serial option if required.
Thanks for all the info.

@esbyte-babak f26217fe-5b69-4ba9-9f12-5d4cf5273b7c-image.png
This is the part number of the installed RAM according to my documentation