Yes, by default clients behind pfSense will use pfSense for DNS and pfSense will resolve IP addresses directly using Unbound (the DNS Resolver). So it shouldn't matter what AT&T is doing if that's still the configuration.

Go to Diag > DNS Lookup in the pfSense gui and try to resolve some something. That will show you all the configured DNS services, including Unbound at 127.0.0.1, and whether they are responding.

Steve

If it spontaneously shuts off during use (nothing in the system log) it's almost certainly a hardware failure. In that case it's likely nothing would be logged anywhere. The only place anything might appear would be at the console. If it's a serial console device you can connect a client to it and log that output somewhere.
Which device is this?

Steve

@dennypage said in Netgate 5100 : Power on after power loss:

IIRC, there is a setting in the BIOS for always powering on when power is applied. I thought it was set by default on the 5100, but I'm not 100% sure.

To see the setting, tou need to attach a console cable and reboot. During boot there is a prompt that says what key to press to enter setup.

Thanks this worked.

I would start out by restoring this config:

7100-8-port-config.xml

That has all the switch/vlan/lagg config for discrete ports already included. So after doing that you can re-run the setup wizard to add the basic system settings then assign the ports however you need them.

Steve

@stephenw10 It is a defect.
https://forum.netgate.com/topic/141691/defect-etc-rc-d-hostid-file-for-zfs-not-generated-from-uuid/4?_=1669295521699

@musicwizard @maglub do you have a sg6100 you can test the speed on please so i know what to buy?

@kkris That was so simple - I have spend all day trying to figure it out - then did what you suggested and bang ... fixed. Cheers

Mmm, unfortunately that's what I suspected since your module does not present a 1G link rate as available. I can only really suggest you try a different module. A 1G module should work fine there.

Steve

@larrikin Not to bump an old forum, but I am eyeing a 1541 as well. Did you ever get one? If so how loud is it?

@cloudified I had same thoughts. I'm really happy with the 6100. But if there is a new 7100 in the near future I'd like to know before going too deep with 6100s.

You can have the WAN as DHCP and add additional static IPs as VIPs.

You can't have multiple DHCP clients on the same interface/subnet.

Steve

Thanks for both answers, do not use IoT or appliance style devices here (at least not yet). 😊

Regards

@stephenw10 I also have 5100 and running Snort. I have some rules on 2 interfaces - both LAN. I dont have any on WAN side.

I selected rules in Categories that are relevant to my network.
My CPU is 4% and RAM 12% used. I am happy how Snort works for me - Legacy Mode.

My throughput did not change.

@gabe-a my man, what I posted was from the Netgate website itself, but it only applies to in place upgrades for TNSR itself. If you read the documentation that @Derelict provided, it shows you how to update the underlying linux distro. It's not particularly complicated.

I am going to be honest with you, I've set up and deployed TNSR on an SG5100 multiple times at this point and have not had the experience you are having. The documentation got me up and running and I've been satisfied with my experience and the product - and it's only gotten better over time. My config isn't insane, just some VLANS, some ACLs, some dst NAT rules, and an ipsec site to site, though I see that Wireguard is now supported for site to site and remote access, so I'll be playing with that here very soon. If TNSR isn't for you, I can respect that. No one said we all have to like or appreciate the same things. I do think you will be truly pressed to find any consumer-level gear that can perform at the scale you are looking at. And anything commercial is likely going to cost you much more if you can get your hands on it at all.

To be very frank, you made a purchase based on a Comcast tech's advice without seemingly truly understanding the performance of the software for the hardware that you purchased. I personally would have contacted Netgate to discuss your performance needs and allowed them to help you select the best hardware. I believe the next option up (1531 or something like that) has the power to provide the performance you want/need using the more simple or intuitive PfSense. Netgate posts pfSense performance numbers openly and fairly and frequently stresses that imix is the more realistic test for performance.

I don't know what more to say or do to help you as this has become more of a rage venting than an inquiry for configuration assistance. Happy to try to be of help if the conversation goes the latter direction again. I also believe you could reach out to Netgate for advice or possibly even some configuration assistance.

EDIT: please do realize that I am not associated with Netgate, don't collect a dime for making plugs or promoting their hardware or software. I am not even formally trained or certified as a sys admin or anything like that. 'm just a regular user with a curiosity for networking and a desire to learn always.

@rcoleman-netgate said in SG-1100 boot stops waiting for input:

@naderbelaid I would reinstall from an image. Did you download the image from us recently or do an in-line upgrade?

If the latter please open a ticket at https://go.netgate.com/ and request the current release. You will need a backup of your config to restore after completing the re-imaging process.

Reinstalling from an image solved the problem. Thank you very much

@patian The advice for the 5100 is the same as the 4100 and 6100 and the others seeing this:
https://forum.netgate.com/topic/175619/pfsense-6100-not-able-to-load-available-packages?_=1667339125482

If that doesn't work we recommend backing up the config, requesting the firmware from https://go.netgate.com/, reinstalling and restoring your config.

Honestly I was affraid for this answer it was already what I was thinking. Well going with plan B thanks for the advice!!

First thing I would do it run: ifconfig -vvvm ix0 (or ix1) and make sure it sees the SFP module correctly.

If the switch port it's connected to is 1G there's a good chance you will need to set the NIC to 1G fixed to get a link to it.

Steve

@stephenw10 that worked.
Thank you.
If I would have just RTFM, I would have figured it out.
Thank you for not telling me to RTFM, just a certain part!
I also posted the above to reddit.