With 9 VPN tunnels then, yes, if you need to pass 1Gbps traffic with some reasonable percentage of it encrypted. The SG-3100 is quite fast for IPSec because of it's crypto hardware but it won't pass the remaining traffic unencrypted to 1Gbps. Steve

I fixed it. It seemed to have been related to the SPF ports not being able to talk over the vlan. Thanks again!

I did open a ticket, but I wanted to post this here as well. I think the problem with console is due to the case on the SG-1100 preventing the cable from fully seating in the "micro" USB slot ( I think that is the term for it ). If I apply a bit of pressure on the cable the device stays up and I can get some console commands run. Of course, I am one handed at the time :). I have been able to perform a "clean" OS shutdown, and i will try to see if I can repair things now. I do have a ticket open as I am betting I will need to reload the firmware before this is done.

@chrismacmahon said in Unable to retrieve package information on Netgate SG-1100 with pfsense 2.4.4_2: /usr/bin/openssl ec -in /etc/thoth/key.pem -noout -text thanks I did

Which port on the 3100 is the Cisco switch connected to? If it's the OPT port you can just create VLANs on that interface in pfSense and it will see the tagged traffic coming in on those. You can assign them as new interfaces etc. If it's connected to one of the LAN ports then, yes, you would need to set the internal switch to .1q mode and trunk those incoming VLANs on the external and internal ports. Then you can add vlan interfaces on the internal port. This may help: https://www.youtube.com/watch?v=NgRy14rYhV8 Steve

@willemdh said in New pfSense Appliance no longer booting properly after minor changes: Did not purchase a support subscription, am I supposed to be able to create support tickets without? You can open a ticket for firmware requests. Help document for the XG-7100: https://docs.netgate.com/pfsense/en/latest/solutions/xg-7100-1u/reinstall-pfsense.html Help documents for backups and restore: https://docs.netgate.com/pfsense/en/latest/book/backup/restoring-from-backups.html

Thank Steve.

I miss-configured DNS settings and pfSense was not able to ping anything. Once I fixed the DNS setup I was able to install packages. Serves me right for trying to do morning troubleshooting without coffee first...

The only thing you can do here to make it less likely is to move /var and /tmp to RAM drives. Most of the filesystem writes are to those so by not writing to the flash it's significantly less likely to be writing there when the power fails. That's how I have my test 3100 configured here and I pull the power on that all the time and have yet to see a filesystem issue. But don't do that! Steve

The loader variables are loaded before the driver attaches to the hardware. If you have unsupported modules that should allow them to attach if they can attach at all. But yes you're right the variable name changed. https://docs.netgate.com/pfsense/en/latest/install/upgrading-older-versions-2.2.html#intel-10gbit-s-ixgbe-ix-users-with-unsupported-sfp-modules Steve

@muppet said in SG-1100 PPPoE Performance: @akuma1x Yes it's easy enough to buy some secondhand/commodity hardware. Anything you can find with enough network ports and an Atom C3XXX, or Intel i3/i5/i7 processors, or even some of the more recent fast Celeron and Xeon processors. Those are all good for a pfsense box. Try to stay away from the laptop-grade mobile processors, and the older Celeron J1900 stuff. Those are going to show their age and weaknesses quicker than the other ones. HP and Dell made/make some good small form factor stuff. Just make sure you can add at least 1 multi-port INTEL network card in there and you'll be all set with a nice pfsense firewall box. Jeff

@stephenw10 you really are awesome! that is exactly what i did yesterday. Thank you so much!

@Derelict You made it clear enough: "The webgui always listens on all interfaces." This morning: backup, disable LAN, and... YES: I still have GUI access from Cisco over trunk, direct from OPT1, (and temporarily direct from from WAN). I'm in GUI from WAN (static at 192.168.8.1) FW rules on WAN: Pass IPv4 TCP 192.168.8.202 * This Firewall 443 HTTPS * none TEMP GUI over WAN Pass IPv4 ICMPany 192.168.8.202 * This Firewall * * none TEMP Ping over WAN Modify the TCP rule replacing This Firewall with Single host or alias: 192.168.8.1 and it works (as you said it should). Sorry to have troubled you. I'm switching between nine different IPs on my laptop -- must have been "doing it wrong" when I lost GUI on OPT1 during my experiments. Thanks, Chris

I'm pleased to hear that you are up and running. Enjoy your weekend!

@hpspar05 No problem, happy to help! If you encounter any other problems with UniFi equipment, you can always visit their forums. Their support is also partly community driven, and like the nice Netgate folks here, their devs are also active in the forums, helping people.

Yes, screen is amazing. This is why we suggest it in our help document: https://docs.netgate.com/pfsense/en/latest/solutions/sg-1100/connect-to-console.html#gnu-screen

aaa sorry didn't saw the post, was only looking for LACP. I'll gonna try this. thanks

To completely restore factory fresh do this: https://docs.netgate.com/pfsense/en/latest/solutions/sg-3100/reinstall-pfsense.html The reset button on the the SG-3100 is just a CPU reset, equivalent to pulling the power, so using that during normal running is not advised. Steve

Nothing specific for the 3100. However you should try to get something that is supported by the apcupsd or nut packages so the firewall can be shutdown gracefully. https://docs.netgate.com/pfsense/en/latest/packages/nut-package.html Steve