@Derelict
You made it clear enough: "The webgui always listens on all interfaces."
This morning: backup, disable LAN, and... YES: I still have GUI access from Cisco over trunk, direct from OPT1, (and temporarily direct from from WAN).

I'm in GUI from WAN (static at 192.168.8.1)
FW rules on WAN:
Pass IPv4 TCP 192.168.8.202 * This Firewall 443 HTTPS * none TEMP GUI over WAN
Pass IPv4 ICMPany 192.168.8.202 * This Firewall * * none TEMP Ping over WAN
Modify the TCP rule replacing
This Firewall
with
Single host or alias: 192.168.8.1
and it works (as you said it should).

Sorry to have troubled you. I'm switching between nine different IPs on my laptop -- must have been "doing it wrong" when I lost GUI on OPT1 during my experiments.

Thanks, Chris

I'm pleased to hear that you are up and running.

Enjoy your weekend!

@hpspar05 No problem, happy to help! If you encounter any other problems with UniFi equipment, you can always visit their forums. Their support is also partly community driven, and like the nice Netgate folks here, their devs are also active in the forums, helping people.

Yes, screen is amazing.

This is why we suggest it in our help document:
https://docs.netgate.com/pfsense/en/latest/solutions/sg-1100/connect-to-console.html#gnu-screen

aaa sorry didn't saw the post, was only looking for LACP.

I'll gonna try this. thanks

To completely restore factory fresh do this:
https://docs.netgate.com/pfsense/en/latest/solutions/sg-3100/reinstall-pfsense.html

The reset button on the the SG-3100 is just a CPU reset, equivalent to pulling the power, so using that during normal running is not advised.

Steve

Nothing specific for the 3100. However you should try to get something that is supported by the apcupsd or nut packages so the firewall can be shutdown gracefully.

https://docs.netgate.com/pfsense/en/latest/packages/nut-package.html

Steve

Thanks Stephen, I will look at getting this into a cron job.

@axxxxe said in SG-3100 semi-frozen:

pfSense login screen. I entered my username and password and Firefox then hung with "waiting".

If the WAN is down the home page/dashboard's checks can take a while to time out. Really anything that does a DNS lookup can take a while especially if multiple DNS servers are configured, since they all need to time out. Possibly disabling the check for new versions might help, but obviously not after the fact. 5 minutes seems like a long time though.

Do not select anything if CPU supports AES-NI.

Hey @Derelict Thanks for the ideas. I've managed to find the issue, and it was an equipment problem on our ISP side.

I ran some packet captures on both the internal VoIP VLAN, and the external SBC interface(our phone comes in over the same fiber asour IP, but on a separate interface on the demarcation unit(T-340)), found a lot of dropped packets, moved onto our WAN switch, and saw that there was an EXCESSIVE amount of Tx/Rx errors and collisions on the demarcation interface. When I dug into the interface itself, found that it was only negotiating at half-duplex, which would explain the issues. When I went back through my old config files for the SG-8860, I found that I had to force it into full-duplex mode as the T-340 for some reason will not auto-negotiate to full-duplex, but if I force my side to full, it works just fine, and not a single error since.

Thanks again for chiming in.

@jahonix said in EOL hardware:

Marvell 88E1543

That's just a PHY as far as I know, not a switch. The C3K SoC has 4 NICs built in and they are using an i350 for the other 4 looking at the specs.

Steve

Contact support, see: https://forum.netgate.com/topic/141047/useful-resources-for-new-appliance-owners

The SG-5100 does not use Coreboot so it's not detected as a compatible device.

That message could probably use updating.

Steve

Wouldn't dream of it Steve

We like to give our customer's choice.

After the order is complete, we are the one's that fulfill the shipment, either with A-Z or from our store.

Can you open a ticket with us, at https://go.netgate.com I'll keep my eye out for it and send that information over.

Please include your Serial number, Netgate DeviceID or Order number when opening the ticket.

Can you open a ticket for your SG-4860 with us at https://go.netgate.com

Yup, just sign up at the ticket system if you've never used it before:
https://go.netgate.com/support/signup

Steve

Only cryptodev.
AES-NI is x86.

-Rico