@stephenw10 I also have 5100 and running Snort. I have some rules on 2 interfaces - both LAN. I dont have any on WAN side. I selected rules in Categories that are relevant to my network. My CPU is 4% and RAM 12% used. I am happy how Snort works for me - Legacy Mode. My throughput did not change.

@gabe-a my man, what I posted was from the Netgate website itself, but it only applies to in place upgrades for TNSR itself. If you read the documentation that @Derelict provided, it shows you how to update the underlying linux distro. It's not particularly complicated. I am going to be honest with you, I've set up and deployed TNSR on an SG5100 multiple times at this point and have not had the experience you are having. The documentation got me up and running and I've been satisfied with my experience and the product - and it's only gotten better over time. My config isn't insane, just some VLANS, some ACLs, some dst NAT rules, and an ipsec site to site, though I see that Wireguard is now supported for site to site and remote access, so I'll be playing with that here very soon. If TNSR isn't for you, I can respect that. No one said we all have to like or appreciate the same things. I do think you will be truly pressed to find any consumer-level gear that can perform at the scale you are looking at. And anything commercial is likely going to cost you much more if you can get your hands on it at all. To be very frank, you made a purchase based on a Comcast tech's advice without seemingly truly understanding the performance of the software for the hardware that you purchased. I personally would have contacted Netgate to discuss your performance needs and allowed them to help you select the best hardware. I believe the next option up (1531 or something like that) has the power to provide the performance you want/need using the more simple or intuitive PfSense. Netgate posts pfSense performance numbers openly and fairly and frequently stresses that imix is the more realistic test for performance. I don't know what more to say or do to help you as this has become more of a rage venting than an inquiry for configuration assistance. Happy to try to be of help if the conversation goes the latter direction again. I also believe you could reach out to Netgate for advice or possibly even some configuration assistance. EDIT: please do realize that I am not associated with Netgate, don't collect a dime for making plugs or promoting their hardware or software. I am not even formally trained or certified as a sys admin or anything like that. 'm just a regular user with a curiosity for networking and a desire to learn always.

@rcoleman-netgate said in SG-1100 boot stops waiting for input: @naderbelaid I would reinstall from an image. Did you download the image from us recently or do an in-line upgrade? If the latter please open a ticket at https://go.netgate.com/ and request the current release. You will need a backup of your config to restore after completing the re-imaging process. Reinstalling from an image solved the problem. Thank you very much

@patian The advice for the 5100 is the same as the 4100 and 6100 and the others seeing this: https://forum.netgate.com/topic/175619/pfsense-6100-not-able-to-load-available-packages?_=1667339125482 If that doesn't work we recommend backing up the config, requesting the firmware from https://go.netgate.com/, reinstalling and restoring your config.

Honestly I was affraid for this answer it was already what I was thinking. Well going with plan B thanks for the advice!!

First thing I would do it run: ifconfig -vvvm ix0 (or ix1) and make sure it sees the SFP module correctly. If the switch port it's connected to is 1G there's a good chance you will need to set the NIC to 1G fixed to get a link to it. Steve

@stephenw10 that worked. Thank you. If I would have just RTFM, I would have figured it out. Thank you for not telling me to RTFM, just a certain part! I also posted the above to reddit.

I might have chosen that too but I don't think that was a choice we ever had. That just how the LEDs are wired. Blue for 2.5G would have been nice. Steve

It's also worth noting that that these numbers reset after each restart.

final update - I've tested with both DACs (works fine) and officially supported Intel 850 optics - also works well. I'm currently using the Intel optics since they are supported.

@steveits Thank you both for your insight. I will attempt the power-off method first, but I won't be able to do that unless I'm on-site this upcoming weekend. I will report back with updates if it doesn't work out.

Unfortunately there was significantly more work required that that. We have had several developers working on it over the years bu each came to the conclusion that the work required to make it function usefully was more than the resulting improvement was worth. Eventually we had to cease the development effort there. Steve

It does depend where in the process it's rebooting. If it's an older device that's been on a shelf somewhere and is just now being deployed then it may well be hitting a UFS filesystem issue and that check will resolve it. However you might consider reinstalling as ZFS anyway since it's more convenient to do that now before it's been deployed. Steve

No that's very much not typical for Netgate support. Do you have a ticket or RMA number so I can look into it? Steve

@steveits said in Firewall Maximum Table Entries: @cloudified Yes that's a bug, it's been there a while. https://redmine.pfsense.org/issues/11566 Thanks, Steve.

@johnpoz said in SG-3100 switch weird behavior (resolved): once you put it up, I will give it a go via a VM maybe. I don't as of yet have a pi4 to play with.. Been looking for an excuse to get one hehe.. But they have been hard to find as well, I would prob go with the 8GB ram model as well. Done, english is not my first language so I hope its okay. https://forum.netgate.com/topic/175394/graylog-server-on-a-raspberry-pi

I did it : I changed # Device Mountpoint FStype Options Dump Pass# /dev/msdosfs/EFISYS /boot/efi msdosfs rw,noatime,noauto 0 0 /dev/gptid/6a2f135c-af59-11ec-b93b-90ec7729392c none swap sw 0 0 for # Device Mountpoint FStype Options Dump Pass# /dev/msdosfs/EFISYS /boot/efi msdosfs rw,noatime,noauto 0 0 /dev/nvd0p3 none swap sw 0 0 and suddenly, after reboot, I have a swap partition : [image: 1666186030706-0bfa1530-daf3-4c61-9a0b-ad6a3116d6f8-image.png]

@eria211 said in High load Netgate 6100: @steveits I am absolutely stunned, as soon as I edited the file and reloaded pfblocker the CPU dropped to 33% and the load average has gone from 5.2 down to 2.45 Thank you for your help - I will make this change on the other 6100's This will also fix the IP blocking stats and reporting as well. I finally made this same change to my 6100 yesterday.

If you need that to resolve to a private IP you would still need to add that. Or you could disable DNS rebinding protection globally but adding that one domain is preferable. Steve

Open a ticket. MCA errors like that are usually hardware related. Steve