Thanks for the 2nd and 3rd set of eyes. I got the courage to test this out today and it works fine. It's now production.
Much appreciated!

@stephenw10 said in 2100 firmware upgrade?:

The 'BIOS' used by the 2100 is uboot. That can be upgraded at the same time a pfSense upgrade is run if it's required. However at this time there have been no uboot updates for the 2100. Nothing is required.

Steve

Perfect, thanks for that. Always good to find out, felt like I missed that at first :)

@froglevelmc Go to: https://www.netgate.com/tac-support-request
Open a Ticket with TAC and request the firmware.

Ok, that's significantly more powerful that the 6100 so I'd expect it to take longer there with the same ruleset.

Steve

The 7100 ix SFP+ ports do not support link speed negotiation. If you use a module that is dual-speed capable it must be set at 1G to link at 1G.

If the module is shown and data from it can be read by the NIC then as long as it's seeing level from the remote side it may be possible to make it work.

Steve

I can't speak for Netgate directly on this, I wasn't involved in that decision.

Personally I prefer Intel because you're not paying for features that pfSense can't use. Both in money and power consumption/heat. In FreeNAS that's different. I imagine they might well use the TCP offloading the Chelsio NICs offer. Though I've never looked into it.

More cooling never hurts!

Steve

@rainbowdash This sensor is not reading any actual temperatures and will be ignored in future releases of pfSense Plus.

You can safely ignore its reading for the time being.

You should be able to remove those log files from the console there and that will free enough space to allow it to boot normally.

Yes, if you install Suricata you must enable log rotation and I always set small logs sizes and set a total log folder size.
Both the 2100 MAX and BASE will run Suricata though I would be very careful about running on a BASE model because the logging increases drive writes to the eMMC significantly.

Steve

@benhurharrison Open a ticket at https://go.netgate.com/ and request a fresh install image for your 1100. Reimage the device, then restore your config and you should be good to go.

No. The rules reference the internal names in the config (wan, lan, opt1, opt2 etc) so if you reassign opt2 from igb0 to ix1 the rules will follow it.

Steve

@stephenw10 Perfect, thanks for all the info, helps a ton.

We aren't really having issues with performance per-se, just was seeing if I could find anything that would speed it up, but sounds like a CPIC card probably wouldn't make a huge difference since we aren't even close to saturating the full 2 gigabits in the first place.

Thanks again!

One thing to be aware of here is that the mvneta NICs in the 3100 are single queue.

That means if you're testing between two VLANs on the same NIC you can only use a single transmit and receive queue.

You may see significantly worse performance than you would between the WAN and OTP ports, for example, where two NICs are in use.

That's the primary difference between the 2100 and 1100 and we see ~50% better throughput there.

Steve

In Sys > Adv > Misc I would enable QAT and Intel Core for crypto and thermal hardware. Those are the defaults but may not be set after importing a config.

Steve

@stephenw10 Understood, thank you for the explanation.

@rcoleman-netgate Thanks, Ryan. I will open the ticket now.

@sater1957 said in SG-1100 rebooting, maybe known issue:

is the system shipped with ZFS enabled?

Yes.

Is this problem fixed in current SG-1100's?

It is not a symptom on the hardware we are selling today.

That is worth that's what I'd do.
FWIW the ZFS step in the reinstall is just pressing enter one more time -- but replacing the hardware is a better choice. Set the 1100 with the reboot issue aside for a temporary replacement in the future.

@rustydusty1717 Yes, restore images are specific to the model.

21.05.2 is old. You should upgrade.

However I'm not aware of anything that would specifically affect OpenVPN speed in that version.
In 22.05 you can use QAT and DCO which can be significantly faster. However 25Mbps is far below what the 5100 is capable of in any config.

What sort of latency is there across the tunnel from the laptop?

High latency and SMB, especially if it's V2, is notoriously terrible.
Try testing with something else to be sure it's not just the link, like iperf or example.

Steve

@martinaz Both :)

It's scheduled for Jan 2023. Exact timing is subject to testing etc.

You might try grabbing a pcap of the dhcp lease process on that WAN just to confirm that's what the issue is. It seems likely though.

Steve