@steveits said in Firewall Maximum Table Entries: @cloudified Yes that's a bug, it's been there a while. https://redmine.pfsense.org/issues/11566 Thanks, Steve.

@johnpoz said in SG-3100 switch weird behavior (resolved): once you put it up, I will give it a go via a VM maybe. I don't as of yet have a pi4 to play with.. Been looking for an excuse to get one hehe.. But they have been hard to find as well, I would prob go with the 8GB ram model as well. Done, english is not my first language so I hope its okay. https://forum.netgate.com/topic/175394/graylog-server-on-a-raspberry-pi

I did it : I changed # Device Mountpoint FStype Options Dump Pass# /dev/msdosfs/EFISYS /boot/efi msdosfs rw,noatime,noauto 0 0 /dev/gptid/6a2f135c-af59-11ec-b93b-90ec7729392c none swap sw 0 0 for # Device Mountpoint FStype Options Dump Pass# /dev/msdosfs/EFISYS /boot/efi msdosfs rw,noatime,noauto 0 0 /dev/nvd0p3 none swap sw 0 0 and suddenly, after reboot, I have a swap partition : [image: 1666186030706-0bfa1530-daf3-4c61-9a0b-ad6a3116d6f8-image.png]

@eria211 said in High load Netgate 6100: @steveits I am absolutely stunned, as soon as I edited the file and reloaded pfblocker the CPU dropped to 33% and the load average has gone from 5.2 down to 2.45 Thank you for your help - I will make this change on the other 6100's This will also fix the IP blocking stats and reporting as well. I finally made this same change to my 6100 yesterday.

If you need that to resolve to a private IP you would still need to add that. Or you could disable DNS rebinding protection globally but adding that one domain is preferable. Steve

Open a ticket. MCA errors like that are usually hardware related. Steve

Were you able to resolve this? Steve

The 1541 has an PCIe 3.0 x16 slot that has 4 lanes available (x4). Theoretically you can use either of those cards since PCIe will simply use the available lanes. The total throughput to the card would be reduced but that's unlikely to be a limiting factor in pfSense. Steve

@ahxcjay said in Throughput problems on 4100: @keyser said in Throughput problems on 4100: We alle want to help, but it’s not very motivating when posts like yours just flame the product Fair point, and I apologise. I was just so frustrated that I really really like the produt, yet the upload speeds were killing my enjoyment of it. I asked the mods to change $subject to something more appropriate. The problem is that google searches from people also finds this post, and some people only read headlines…. Understand, and that was in my thinking also, hence the request to change the $subject. This post on the other hand, just earns the full respect of all of us We can all make mistakes, especially when frustrated - but it takes a real man to own up to it, acknowledge a mistake was made and apologise. If only all people showed this kind of respect instead of fleeing the “crime scene”, the Internet would be SO much a better place. Thank you for responding and kudos to you

@rico said in A Very Happy Customer...: Wow, nice rack! -Rico Not bad for a home network. :)

Board manual shows: Up to 128GB of DDR4 ECC RDIMM or 64GB of DDR4 ECC/Non-ECC UDIMM with speeds up to 2133MHz. Which seems unclear. It has to match what's already in the though which should be 8 GB DDR4 2666 RDIMM. Steve

That doc is a bit old really. Loading AES-NI by itself is better in anything after 22.01. The BSD crypto device is not used by anything usefully from that point on. OpenVPN (OpenSSL) will use AES-NI directly if the CPU supports it OpenVPN with DCO enabled will use it with the AES-NI module loaded as will IPSec. And yes anything with QAT support should use that instead. Steve

@hescominsoon You might want to consider tnsr first and then breaking down past that for the firewall needs. Beyond that you might want to think about overall throughput. 1700 units over 10g is about 6mbps per location. You're talking about giving residents 8x that throughput - you will hit congestion at times, possibly very often.

@fsc830 @rcoleman-netgate thank you for your answers. I just opened a ticket to Netgate support.

@ggilley FWIW, I've used the QNAP QSW-308-1C with the unified RJ45/SFP+. That worked, and so did the Planet Technologies XT-705A. I've also tried the UniFi Flex XG, and that didn't work. For some reason the ATT router didn't want to passthrough or assign an IP, but I could manually assign an address on the subnet (vs passthrough). The other thing to be mindful of, performance compared to the on-router speedtest. The HUMAX router seems to lose about 300Mbps, and then the media converters may lose a bit too. Another FYI, unlocking x710 for any SFP+ module https://forums.servethehome.com/index.php?threads/unlocking-any-brand-sfp-modules-on-intel-x710.29040/ unlocking x520 for any SFP+ module https://forums.servethehome.com/index.php?threads/patching-intel-x520-eeprom-to-unlock-all-sfp-transceivers.24634/ Follow up with what kind of performance you get. I've noticed all sorts of variations with different equipment. It's hard to say what's best, even though they all sync on the AT&T side.

Great result. The MAC addresses you have there should be sequential and I don't believe they were. If you don't see sequential MACs in pfSense you might want to open a new ticket with support and get the full set of uboot envs for your specific device to be sure. Steve

@rcoleman-netgate said in Factory Reset or Corrupted Image: In this system it does not do a FR at all, just a system-level reset like you'd find on a desktop PC So, it's like the power cord : a perfect way for totally messing up the disk file system. @voltron7552 : every time you reset the device with that button, or the power is removed witthout doing a user initiated power down using the GUI or console SSH access, option 6, run asap this : How to Run a pfSense Software File System Check (5/2020) This is not optional.

@keyser This is a specific issue with FreeBSD, not specifically a pfSense issue. There are a number of things that the FreeBSD core OS isn't capable of at the moment but are moving towards so hopefully in the coming years some of those things might be.... more capable?

Got a long enough SFP+ DAC cable to try, and it works fine between the 1537 and FS.com media converter. So the failure with using 10GBASE-SR must just be some auto-negotiation issue with those SFP+ modules, that only occurs with the media converter setup.