I appreciate all the support I received on here, but today I ended up returning my 8200. mostly it was me misunderstanding the advertised throughput values. I somehow either had the non-Firewalled or the TNSR values in my head which became my expectations. I was achieving 5Gb/s download speed pretty consistently, but needed a beefier box in order to exceed that so I'm going to be switching back to a DIY build (probably not as much overkill as I had before though).

I had the same problem and the root cause was different : the date on the router was erroneous, so the certificate was "not yet valid" from the router point of view. The solution was to fix NTP server and wait few seconds for time synchronization (like in 99108)

@stephenw10 Hopefully we don't have a reoccurrence (although this device has had it happen twice in two weeks now) but should have console connected to the 5 known devices this seems to happen to.. all appear to have the same symptoms so hopefully capturing one will provide answers for all...

Oh cross posted. Yes you have an early version with the MMC 4.5 chip. That doesn't report lifetime data.

@Cabledude A summer house (even though it is TINY) is such a privilige that I cannot even begin to tell you how lucky I feel Yeah, I got the base model in both cases - and upgraded them both with a 500Gb'ish SSD because I - luckily - realized soon enough that my use of logging, pfBlockerNG, NtopNG and Syslog-NG would kill the eMMC on both boxes in short order. I stage logs for my switch and access points on each site in Syslog-NG, filters it and transfers it with TCP to my Raspberry Pi log analyzer (Geeky - i know....) The 6100 is way overkill for 1000/1000 - it is never above 20% utilization on CPU or Memory. It would require use of the 10Gbe interfaces to go higher - but at least a have that for future use now. At the time there was no 4100 which would be the much more obvious and sufficient choice. The 3100 which was the alternative was going EOL and already suffered from not being a 64bit device (no ZFS filesystem fx.), so that was never actually in play.

@JonathanLee [image: 1694026411478-wan-resized.jpg] My connection with fidium has been great ... 1g plan and they credit me $10/month for having my own router. 2.5g rj45 on the ont to my 6100.

Yup that or go to Diag > States and filter on the LAN for :123

@stephenw10 co-sign

It would be interesting to see the output from: [23.05.1-RELEASE][root@8200-2.stevew.lan]/root: sysctl -a | grep fw_version dev.qat.0.fw_version: 4.18.0 dev.ix.3.fw_version: eTrack 0x80000889 dev.ix.2.fw_version: eTrack 0x80000889 dev.ix.1.fw_version: eTrack 0x8000084b PHY FW V65535 dev.ix.0.fw_version: eTrack 0x8000084b PHY FW V65535 If running some other OS did change anything I'd expect it to show there. Steve

@stephenw10 Thank you. I was thinking of getting RJ45 SFP+ but hearing from the forum it can get very hot and may require rebooting. I will stick with the dac solution. It is addition cost but better have cool equipment than a hot one.

Send me the NDI in chat and I'll check what it is in our records.

@stephenw10 Hello, Yes, it's the Netgate 6100... The response (I open a ticket) is to try a firmware reinstall via a memorystick and the serial interface. I will try that ASAP with the firmware provided by your colleague via your nextcloud infrastructure. Regards

@rcoleman-netgate Yep. I got the red light RMA in just under the wire, updated install image within the last 6 months. So I'm going on the quality of the hardware (2440, 2100, 5100, 4100) and the overall support when needed. I'm not trying to sound like a "fanboi" or whatever the young kids say nowdays, but give yourself a pat on the back.

Nope if you're using a PPPoE WAN connection you cannot use the switch on WAN directly. What you can do here depends on how your ISP is providing the /29 to you. Since it looks like you're in the UK I'd guess they are providing the /29 dircetly on the PPPoE and not routing it via some other IP? If so that limits what can be done.

Yes, you will be able to import the config directly. The interfaces are all the same. Steve

@SquareJ looks like its defective port seen it happen on different switches and firewalls

@stephenw10 Success! For the record, I used the following to format the M.2 SSD/SCSCI: trim /dev/ada0 gpart create -s GPT ada0 gpart show ada0 Per your guidance I modified the bootcmd env var in Marvell (adding "run scsiboot"): setenv bootcmd 'run setLED; run mmcboot; run scsiboot; run usbboot; run net;' I then ran "run usbboot" to kick off my inserted usb thumb drive to install the firmware onto the M.2. I left my usb drive in after reboot & it picked up the config.xml & correctly reconfigured my firewall, per the documentation. Thanks, Paul

I'm pretty sure that Mikrotik platform will be using some hardware offloading to pass traffic without having to process each packet. You can see that by how much slower it is with only 25 IP filtering rules. I'm assuming the 'simple rules' that do not slow throughput are handled in the offloaded path but anything more complex cannot be. There are quite a few devices that behave like that. Big numbers until you try to do anything complex when throughput tanks. The 1100, like anything running pfSense, uses pf for all filtering. No hardware ACLs. Steve

[image: 1692110647027-taps_fl001.png] You should check out the new hardware for sale.

The same image can be used across any similar devices. But the images for each device type you have are different. You will need 3 recovery images. Steve