This does seem like a layer 2 (switching, vlan) problem. I don't think anything is necessarily wrong with routing, per se. Based on your diagram, the NAS should be able to ping the IP Camera. Also, I assume you have the entire LAN on /24? I recommend assigning a different IP range to different VLANs. You could go with a /25 or /26 to divide it up. A real test would be to wire the two TP-Link SG108E together (shown with the Netgate between them). Could the PC ping everything then? If so, add the NetGate back and look closer at the LAN/vLAN config. You'll definitely need 802.1q enabled. If not, then the answer lies with one of the switches. Worse case, don't use VLANs, and instead use the OPT1 interface (and a different subnet) for the IP Camera network segment.

@akong77 Why you have doubt, that it won't support. First the processor is supported by the FreeBSD, second is the issue of the NIC and you didn't mentioned it. Say its the X553 from intel, and you happens to jump on the forums, that it is not been supported, than you should check whether that is supported or not. Infact better check, whether the drivers are available for the FreeBSD by that specific vendor and supported.

SUCCESS for the factory image installation!! I took the micro sd card and used a different adapter and re-imaged the card on my ubuntu. I removed and reinserted the sd card. Now I get one of the 2 file system to mount!!! Next I reinserted it into the SG-1000 with the SD BOOT jumper in place. Then powered it up with the console cable active. This worked! After a long stream of messages it finally stopped where it reported: This will install the standard firmware and will erase all the existing contents of eMMC permanently. eMMC device: mmcsd1 Are you sure you want to continue ? (y/N) answering y then proceeded to performing the firmware installation and then it shutdown. I removed the SD BOOT jumper and the sd card. Then I powered it back up. It then came up to the proper version used for the re-imaging and I was able to begin to configure the device. The web gui now reports: Version 2.4.3_1 is available. Version information updated at Wed Jul 18 17:10:30 MDT 2018 SUCCESS thanks oldunixguy

Please contact our support so they can have a look. Simply submit a ticket here. Thanks!

If it does cost to repair/replace, your insurance should cover it. Either homeowners or renter's insurance.

This won't answer all your questions but, I did find this on reddit: https://www.reddit.com/r/PFSENSE/comments/8hbsze/xg7100_performance_with_suricata_at_1_gbps/

I'm running a Motorola MB8600 (32 channels down and 8 channels up). Total speed demon and very reliable. Only thing I wish it had was more than one port. (It actually has 4 ports, but three are masked off- for use with bonded connections only). @behemyth said in New SG-3100 with gigabit comcast line... can't get over 540Mbps: My 3100 has been rock solid running Comcast Gig. Make sure you test with [speedtest.xfinity.com], it will use a dedicated server that is always able to do gig, when you just use speedtest you use other peoples servers, and most of the time they dont have gig bandwidth. I did have weird issues with my modem firmware causing slower speeds, but they appear to have fixed that. What modem model are you running btw?

@ivor Thanks. Finally got a chance to re-install. Got to say that I don't much like the USB port on this machine. Never had to fight so hard to insert a flash drive. Thought I would break it for sure before it finally went in, and then it didn't want to come back out. Looks like the re-install went smoothly though. Now I guess it's a waiting game to see if the problem recurs.

@internaught said in Netgate XG-1541 vs Ubiquiti USG Pro 4: I'd like to have at least 500Mbps VPN throughput using L2TP I assume the OP means IPSec/L2TP here. Either way it's probably going to give trouble. https://www.netgate.com/docs/pfsense/vpn/ipsec/l2tp-ipsec.html Steve

Ensure PowerD is enabled and set to either Hiadaptive or Maximum. System > Advanced, Miscellaneous What packages are you running? How is your WAN provisioned? PPPoE? DHCP? Static?

Will do! I'm guessing it was the first bit of code that caused it, since it seems to define the switch. And when that's not defined no data will of course go over it.

@ivor Thank you for your answer, I opened a ticket as you suggested: https://go.netgate.com/support/tickets/8229

Hopefully, this will help: https://forum.netgate.com/topic/128969/update-to-2-4-3-bricked-sg-4860-fixed

Ok, I tried the Ram Disk route. Turned it on, set it to 256, rebooted. Turned it back off, rebooted. Still there is nothing under the update tab. So now i've raised a ticket.

In the end, I had to bite the bullet and just rebuild it.

Thanks! That gave me the idea that solved it. I checked the broadband modem/router that was going to send it on to the pfSense, and it turned out that the damn thing had lost the DMZ settings when I changed the static IP from the old Asus router to the pfSense box (I had DMZ setup for the 10.0.0.4 IP address, but something must have happened, because that was wiped out)! So I spent the minutes it took and set the modem to bridge mode. That should prevent that ever happening again.

Great to hear.. Yeah took me a while to be able to get pfsense into the work place.. Have couple of small units in play now with more to follow (hopefully) and then cross fingers knock on wood some bigger devices in other area's of the network. Here to help and answer questions - so if you have any.. Just ask.. Been running pfsense for 10-11 years ;) Only recently in the work place..

No you would not create a gateway group. You would just create VIPs for your other IP, then sure you can have any specific client on 1 network use IP .2 and other clients on that same network or a different network/vlan use .3 as their source IP when they nat to the public internet. But that wouldn't be done with gateway groups. If you had multiple interfaces, pfsense will not allow you to put them in the same network, ie this 13.13.13 wan transit network. As to what appliance - what budget do you have? The sg-3100 can do gig.. But you might want something a bit more beefy? 4860 (end of sale), 7100? I do believe there are some other models in the works as well that might fit you need/budget. A bit more about your network and plans for pfsense - running packages like proxy/ips ? etc..