@stephenw10
I think you're right.
I've set the Firewalll Optimization to normal, which should've set the time out for "FIN WAIT" to 900 seconds, but it still doesn't kill the state.
So I guess back to the roots to find out what the problem is.

EDIT
Well uhm, somehow it solved my problem automatically without restarting the VPN tunnel. I think the Firewall Optimization worked, need to do more testing though.

No, the 6100/4100 are UEFI only. Blinkboot will not boot a legacy image.

Steve

Thanks.

I apologise it looks like human error. The form was submitted as an SG-1000 but we should have caught that.

I have sent you the correct firmware image for the 1100.

Steve

@jts2045 There's a patch specifically for the 22.05 issues for DEVEL, no need to downgrade that I am aware of.

Yeah, I would not recommend using RAM disks with Snort/Suricata. It can be made to work but they do not expect to see RAM disks.
4GB is enough to run Snort/Suricata and pfBlocker. Though, as stated, it will reduce the maximum throughput.

Steve

You can do it without a reboot:

[22.09-DEVELOPMENT][root@2100-2.stevew.lan]/root: ifconfig mvneta0 mvneta0: flags=8a43<UP,BROADCAST,RUNNING,ALLMULTI,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: WAN options=800bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,LINKSTATE> ether 00:e0:ed:b6:13:59 inet6 fe80::2e0:edff:feb6:1359%mvneta0 prefixlen 64 scopeid 0x1 inet 172.21.16.220 netmask 0xffffff00 broadcast 172.21.16.255 media: Ethernet autoselect (1000baseSX <full-duplex>) status: active nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL> [22.09-DEVELOPMENT][root@2100-2.stevew.lan]/root: ifconfig mvneta0 mvneta0: flags=8a43<UP,BROADCAST,RUNNING,ALLMULTI,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: WAN options=800bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,LINKSTATE> ether 00:e0:ed:b6:13:59 inet6 fe80::2e0:edff:feb6:1359%mvneta0 prefixlen 64 scopeid 0x1 inet 172.21.16.220 netmask 0xffffff00 broadcast 172.21.16.255 media: Ethernet autoselect (none) status: no carrier nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL> [22.09-DEVELOPMENT][root@2100-2.stevew.lan]/root: ifconfig mvneta0 mvneta0: flags=8a43<UP,BROADCAST,RUNNING,ALLMULTI,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: WAN options=800bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,LINKSTATE> ether 00:e0:ed:b6:13:59 inet6 fe80::2e0:edff:feb6:1359%mvneta0 prefixlen 64 scopeid 0x1 media: Ethernet autoselect (1000baseT <full-duplex>) status: active nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> [22.09-DEVELOPMENT][root@2100-2.stevew.lan]/root: ifconfig mvneta0 mvneta0: flags=8a43<UP,BROADCAST,RUNNING,ALLMULTI,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: WAN options=800bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,LINKSTATE> ether 00:e0:ed:b6:13:59 inet6 fe80::2e0:edff:feb6:1359%mvneta0 prefixlen 64 scopeid 0x1 inet 172.21.16.220 netmask 0xffffff00 broadcast 172.21.16.255 media: Ethernet autoselect (1000baseT <full-duplex>) status: active nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>

Steve

@senseinyc said in Netgate SG-3100 cannot retrieve packages:

it says on latest version (I know it's not). When I try to install new packages

Also, don't ever install "current" packages on an older pfSense version, so it doesn't try to, say, upgrade PHP or some other dependency.

@michmoor said in 4100 Max - cpu temps:

@keyser Thanks! I appreciate the replies.
So basically an inefficient chip as compared to an i3 but still the overall performance should still be solid and temps shouldnt be an issue?
I feel more at ease now about it.

Well No, not really inefficient. Sure compared to the latest 11th or 12th generation i3, they are less efficient due to Being manufactured on an older silicon die node, But thats evolution for you. Compared to “same age i3’s” i would rather use the Word different. I3’s and higher are made for high single core single performance - achieved by turboing the frequency. This can make cpu performance fairly unpredictable because sometimes its fast, sometimes its in a throttle back State due to heat. The atoms are made for all day predictable performance, and have some optimizations for network/server type workloads that they can do with hardware assist. So they are a fairly good cpu in a “lower power” envelope for this kind of work.

@stephenw10 Thanks Steve. Much appreciated.

Yes, we can do that but going in that direction is usually less of an issue. If you have VLANs configured for the switch ports in the 3100 you can just reassign those interfaces to the discrete NICs in the 6100 when you import it.

Steve

@rcoleman-netgate said in Setting up SG2100:

@simon_lefisch said in Setting up SG2100:

mvneta1.xx tells me that all the switch ports are bridged. Is that actually the case? Is there any way to not have them bridged? I know on a Cisco Firepower 1010 you can set the interfaces separately or have them set as Bridged Virtual interfaces (BVI).

They are a single ethernet chip LAGGed as a switch. There is no way to break the LAGG and use them individually.

Worth noting that the only systems this is the case on are:
1100, 2100, 3100 and 7100 models. All others have discrete interfaces.

Thanks for that info, I did not know that. I appreciate you taking the time to let me know this 🙏 😁 🤙

I love this got it for my 6100. I still setup up my rack put this is the start.

Rack_Setup.jpg

Thank you all!!
Properly editing the file fixed the issue. I had a small typo.
The CPU usage may be lower than it has been for a while and now the temp is also down a tad. Going to monitor this for a bit. I know I had an issue with the WiFi. Going to see if that is cleared up as well.

@danholley That is weird. And as you say bizarre if 8.8.8.8 was reachable. :) But you're welcome.

I just had this problem too. Running that command via SSH fixed it for me too.

pfsense-upgrade -d

@stephenw10 I'd rather not muck with the fire-wall as my house has multiple users who need internet most of the time :-)

FWIW, I don't remember changing anything else to get the package manager working again.

@rico said in Unable to reset Netgate 6100 after configuration restore:

Request the latest 6100 Image here: https://www.netgate.com/tac-support-request
And reflash: https://docs.netgate.com/pfsense/en/latest/solutions/netgate-6100/reinstall-pfsense.html

-Rico

@stephenw10 said in Unable to reset Netgate 6100 after configuration restore:

Reinstalling is likely to be quickest and safest there. Otherwise you could probably manually edit the config to remove the duplicate sshkey entries.

Steve

creating the TAC support request did immidiatly result in getting the image needed - reinstalling was the quickest way - thank you Rico & Steve

@gich The port not working at full speed it's not a problem. It's suck but I'll live with it.
I was only wondering if there was a deeper connection between those problems.

@lexip you have to create a parent interface for LAGG0 -- one does not exist by default.

@elvisripley
Thanks for all the info.
Have my pre-drywall walkthrough shortly, so I am about 2-3 months out still. But I also know I need to buy equipment in advance so I can get it all done before we move in.