@mpfrench said in Add RAM to Netgate 1100: [31-Mar-2023 11:29:12 US/Central] PHP Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 122613632 bytes) in /usr/local/pkg/pfblockerng/pfblockerng.inc on line 3961 pfSense version ? pfBlockerng version ? If both are current, then yeah, it's trying to load a file in memory that won't fit. PHP is a process with it's own memory space. It isn't limited to max available system memory, it is allowed to use what is specified in the php.ini file. For example, this one : [image: 1680505115239-b7e32136-9278-4dfe-b3cd-c5118f873681-image.png] selecting it also shows : [image: 1680505089203-8f880f67-c9a1-44e1-bdc0-4443f720ffb2-image.png] The XXX adult list is quite big : close to 120 Mbytes. edit : aha : ok, you already know what to do - if it can be done : https://forum.netgate.com/topic/179185/php-memory-allocation-error-in-pfblockerng-dnsbl

Open a support ticket: https://www.netgate.com/tac-support-request The LED on the PSU should never flash like that. Steve

Hmm, I could imagine very high loading might cause the command to not respond at all. But simply bouncing the WAN would not do that.

You should see 22.05 available as the previous version in the drop down. It should be possible to update to that from 21.05. But, yes, you can always re-install 22.05 clean to get to it. Steve

@stephenw10 PureNAT did it ! Thank you

Amazing support. Requested the img and got a link within 2mins. Thank you!

Yeah, it's unlikely you would ever see 60W, or really very close to it. The actual idle consumption varies with how many NICs you have linked. On an uncalibrated 'kill-a-Watt' style plug top meter I see 15-16W with one 1G and 1 2.5G NICs linked. Steve

@stephenw10 I did this right now. Thanks for your help.

@stephenw10 The problem from my understanding is this is not a proper transceiver. It’s more a interface from the Fiber to the xgspon onu. Need something with a MAC address capability and this does not offer it.

@stephenw10 Thanks you. I will look into that when trying it out for real.

@stephenw10 ok cool thanks for that, they all go into the same switch anyway so single port loosing connection isnt too major at the moment, its more just in case one device goes down which it sounds like it will work with will keep that in mind for future upgrades though

@milesteg The Netgate 4100 will have you covered - it handles 1Gbe symmetric with ease as long as you are not doing deep packet inspection (Suricata/Snort). It’s the easy choise for your needs. Reasons to go higher: 4100 MAX: If you really want to log a lot on rules, and in packages NtopNG and pfBlocker. Heavy logging can shorten the lifespan of the regular 4100 because of the small eMMC (a lot less endurance than the 128Gb SSD in the MAX) Netgate 6100: Twice the CPU power and RAM of the 4100 + 10Gbe interfaces. A good idea if you want to do “normal” Suricata/Snort at 1Gbe speeds, or might think a 10Gbe Fiber is in your future. The extra memory is most likely not needed unless you are doing it for suricata/snort or VERY heavy pfBlocker setups. Netgate 8200: 4 times the CPU power and memory for HEAVY packet inspection at 1Gbe, or closer to actual 10Gbe throughput in real world multiusage scenarios without deep inspection.

After a few hours of troubleshooting on my own network. I took my 5100 to a friends house and was able to get the expected speeds there. So I returned home and called my ISP. They made some changes on their end (changed vlans and ports) and now it is working properly! The ISP is new to the area, and still has some bumps. Sorry for the question to the group, but I am good now. @michmoor - I do use pfBlockerNG - but I had disabled that during troubleshooting. With all re-enabled, I am now getting expected speeds. I don't have an answer to the obvious question of why did it work with the PC connected directly to the ONT. The only thing I can come up with is that I did reboot the ONT between tests, so that may have had an impact. Thanks again to the group.

For ease of reading the config and understanding what's happening I would create a VLAN 4091 interface on ix1 and then bridge that with the existing VLAN 4091 on lagg0. That does mea you need to handle the vlan in the external switch but I would take that just to keep LAN the same throughout. Then I would re-assign LAN as the bridge and move the filtering onto it so you only have to filter in one place. However if there's any way you can avoid bridging VLANs I would do that. Steve

@stephenw10 said in 6100 ix0 and ix1 unable to negotiate with SFP 1G ports?: I would consider it best practice to not combine tagged and untagged traffic on the same interface if possible. That's for a number of reasons including that applying a setting to the parent can break tagged traffic on it in some cases, though it should not. More often it opens a possibility for traffic to escape a VLAN if something connected to it incorrectly untagging traffic. If that interface will accept and route untagged traffic it can end up being passed incorrectly. However that isn't the case here because you don't need to add an IP address to the parent NIC or put any firewall rules on it. Steve Thank you again! :)

@rvd said in Does SG-1100 limit my internet speed?: BTW - Is there a reason there's no longer a 3100? Will be there a replacement for it in the future? Supply chain issues -- our supplier had trouble getting components in the device. It's replacement is the Netgate 4100.

I installed the horizontal fan. With a closed door, the core temperature dropped to 51 and 47 degrees, but I have seem lower temperatures as well. When I open the door, the temperature is around 42, so maybe there is a bit more improvement possible with increasing the power of the rack top ventilator.

@stephenw10 said in Netgate RCC-VE 8860 and 23.01 Hardware Errata: The initial bug report that was on our internal redmine (NG 8916) which is why it was repliacted in that todo. I agree though the LED statement needs to be updated. The Todo I pointed to, which is now closed, was created by Offstage Roller on 2/23/2023 merely as a request to clarify/clean up the already published errata text, not as a replication of a full bug entry for ongoing status, details, etc.