Ok, I tried the Ram Disk route. Turned it on, set it to 256, rebooted. Turned it back off, rebooted. Still there is nothing under the update tab. So now i've raised a ticket.

In the end, I had to bite the bullet and just rebuild it.

Thanks! That gave me the idea that solved it. I checked the broadband modem/router that was going to send it on to the pfSense, and it turned out that the damn thing had lost the DMZ settings when I changed the static IP from the old Asus router to the pfSense box (I had DMZ setup for the 10.0.0.4 IP address, but something must have happened, because that was wiped out)! So I spent the minutes it took and set the modem to bridge mode. That should prevent that ever happening again.

Great to hear.. Yeah took me a while to be able to get pfsense into the work place.. Have couple of small units in play now with more to follow (hopefully) and then cross fingers knock on wood some bigger devices in other area's of the network. Here to help and answer questions - so if you have any.. Just ask.. Been running pfsense for 10-11 years ;) Only recently in the work place..

No you would not create a gateway group. You would just create VIPs for your other IP, then sure you can have any specific client on 1 network use IP .2 and other clients on that same network or a different network/vlan use .3 as their source IP when they nat to the public internet. But that wouldn't be done with gateway groups. If you had multiple interfaces, pfsense will not allow you to put them in the same network, ie this 13.13.13 wan transit network. As to what appliance - what budget do you have? The sg-3100 can do gig.. But you might want something a bit more beefy? 4860 (end of sale), 7100? I do believe there are some other models in the works as well that might fit you need/budget. A bit more about your network and plans for pfsense - running packages like proxy/ips ? etc..

In order for pfSense to see the VLANs on its VLAN interfaces on mvneta1, the VLANs must also be tagged on switch port 5, which is the "trunk" link to pfSense on the SoC. [image: 1528682160262-sg-3100-switch.png]

@ivor Well, it's now up to 80% memory usage, blocking on WAN but alerting on LAN. 4GB would have been a trivial cost improvement over 2GB stock. Also, sort fails to start after a reboot. I have to stop the LAN interface and manually start the WAN, let it stabilize, then manually restart the LAN scanning.

Lesson learned for next time you buy any hardware I guess. If your wanting to play with non standard stuff check with the maker of said hardware that your nonstand thing is supported. Even if very common. Sorry wish I could say oh click this, or set that - maybe there is but from what I have been reading about the marvel no not really.

No there isn't a header or unpopulated through-holes/pads for serial. I believe the only viable option would be a PCIe serial card in an m.2 form factor. I attempted to do the same on the SG 2440 which has mini PCIe, but the only product didn't appear to have FreeBSD support so I gave up. Yes, you can add a cellular modem. Unfortunately, most of them don't support NDIS and get crap speeds unless they are connected directly to a machine running Windows. As for a guide, there don't appear to be many so you will have to do some googling and hope for the best. Personally, I'm waiting for generic android tether support. Granted this will probably result in a double nat (or worse) but it will be easy to setup once implemented. https://www.netgate.com/docs/pfsense/solutions/sg-2220/index.html

@ilgtech75 --- Correction it looks like I’d have to disjoin port 9 OR port 10 from Lagg0 and add it to LAGG1 along with 4 of the ethX ports to create the second lagg so that it was connected to the actual PFSENSE… Would this be the correct approach?

I have reached out to support, thanks for the advice everyone.

@ivor said in SG-4860 RED LED's after update to 2.4.0; won't boot: Please submit a ticket to so our support can have a look https://customercare.netgate.com/ Thanks!

@atteast If you're running WAN with IPv6 and/or have Bogons enabled to block on WAN, the next Bogon List Update (bogonsv6) will probably too large and crash those 200.000 entries. For a clean reload of rules etc. the table needs a size of double the count of entries and with bogonsv6 we are already near/around 100k entries. So that's why you can see the GIT commit to change the default from 200k to 400k in future releases :) But yeah, that's not device specific, all our devices/customers ran into that issue in early May. edit: my bad, I read 200k, not 2M as you wrote. That of course is more then enough :)

I have a sg4860 and do not have a gig internet to test with... It doesn't even break a sweat in handling my 500/50 connection. I always see 500+ down.. Your bios is bit dated - I would update that. mine Vendor: coreboot Version: ADI_RCCVE-01.00.00.17-nodebug Release Date: Mon Sep 18 2017 You could try to disable PTI, I don't think it's hit would be that drastic.. But you could try turn it off. How exactly are you testing your speed? [image: 7344347157.png] My buddy has sg4860 as well, and he see's 900's on his ATT fiber connection without any issues.

Hi Please raise a ticket at go.netgate.com so we can help troubleshoot this with you. Thank you, -James

Have gone through those steps to disable IPv6, no change in speeds. And correct, this is just a direct connection to my ISP, no VPN connections.

Yup :)

Several posts with each restricted to a very specific issue is fine IMO. Often easier to diagnose issues like that. Long rambling posts encompassing numerous issues can be hard to follow but do sometimes allow a better overall picture of the issues. If you're not using those 10GbE ports for anything else eight now I'd pick up a direct attach cable and use that to the switch. Assuming they are physically local. Better total throughput in almost any situation. Only drawback there is no failover if that one connection does fail but there are multiple other single points of failure so it's not really an increased risk. Steve