Not on the built-in interfaces, no. They are 10G/1G only. Steve

Ok, well what do you see? Can you post the logs so we can review?

@stephenw10 thanks for the answer

Thank you for the clarification and technical insight. I will put this device in a different spot that does not rely on transmitted VLAN tags.

@gerald26500 said in Netgate 6100: @keyser Oh man , I feel so stupid. Il all FW rules I had IPV4 TCP ... instead of IPV4 * so all good now I really appreciate your help though ! Thanks! Those things happens to all of us. As Long as it works as intended all is good

It could. Potentially. But, as I said, it would very easy to end up with some asymmetry and the unexpected blocking that brings with it. Steve

Hi again,.. just reading through previous posts re: ADVA's and 1G sm connetivity.. As it happens I have had repeated success with with media convertors (as have many I'm sure) but thought I'd mention it here as a possible help to others.. With 6 ADVA's, all 1G SFP presented (and different providers) I have used these to succesfully connect: [image: 1643479770623-4b96af75-b8b8-433a-a4d2-e30ec2dc2450-image.png] I did try the Mikrotik SFP in the 7100 for a direct connection to ADVA.. but no joy... Pricing is good for the kit too... as I mentioned it has worked very well over past 3 years (when first went in) on 6 sites with 1G SFP ADVAs...

@stephenw10 said in Proper steps for ZFS pave & (re)install on 6100: The biggest advantage is that ZFS is a more robust file system. If you are installing somewhere that power cannot be guaranteed you are far less likely to have file system damage issues caused by outages. Steve Sounds good. I guess it'll be the first thing I'll do after receiving my unit.

The 3100 cannot run ZFS usefully, it's not available in any current installer. Is that unit somehow actually running ZFS? If so you should definitely re-install 21.05.2 clean. Or wait for 22.01. Steve

I have some generic LC BiDi modules I use for testing that work in the 6100. In the combo port the PHY is wired to be 1G only so they don't show as fibre: [22.01-RC][admin@6100-2.stevew.lan]/root: ifconfig -vvm ix2 ix2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: WAN2 options=8138b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER> capabilities=f53fbb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,NETMAP,RXCSUM_IPV6,TXCSUM_IPV6> ether 90:ec:77:0f:74:44 inet6 fe80::92ec:77ff:fe0f:7444%ix2 prefixlen 64 scopeid 0x7 media: Ethernet autoselect (1000baseT <full-duplex,rxpause,txpause>) status: active supported media: media autoselect media 10baseT/UTP media 100baseTX media 1000baseT nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> In the 10G SPF port it shows as: [22.01-RC][admin@6100.stevew.lan]/root: ifconfig -vvm ix1 ix1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: IX1 options=8138b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER> capabilities=f53fbb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,NETMAP,RXCSUM_IPV6,TXCSUM_IPV6> ether 00:08:a2:12:17:7f inet6 fe80::208:a2ff:fe12:177f%ix1 prefixlen 64 scopeid 0x6 inet 192.168.79.2 netmask 0xffffff00 broadcast 192.168.79.255 media: Ethernet autoselect (Unknown <rxpause,txpause>) status: active supported media: media autoselect nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> plugged: SFP/SFP+/SFP28 1000BASE-LX (LC) vendor: OEM PN: SFP-GE-BX03-U SN: NV20200713016 DATE: 2020-07-14 module temperature: 29.84 C Voltage: 3.32 Volts RX: 0.17 mW (-7.60 dBm) TX: 0.08 mW (-10.57 dBm) Steve

@keyser said in Symmetrical gigabit and performance of the Netgate 6100: I upgraded to 1000/1000 and the SG-2100 topped out at about 640'ish Mbps (no inspection/monitoring). So I have just upgraded to a SG-6100 and it handles the 1000/1000 effortless with thousands of sessions, suricata (lot of rules) and ntopNG running. There is definitely room for a lot more throughput in it. My guess is it would handle 2.5Gbit under these circumstances as well. Superb. Exactly what I was looking for. Thank you!

@styxl As always you can simply import your config, follow the guide and reassign your logical interfaces (WAN. LAN, OP1, OPT2) to the desired physical interfaces in the SG-6100 (Igc0-3 and ix0-3)

Indeed there is no switch in the 6100 all it's interfaces are discrete NICs. The additional LAN interfaces should already be assigned so just enable them and assign a static IP/subnet. Then enable dhcp on the interface if you need it and add firewall rules to pass traffic as required. Steve

@gertjan That's quite a reply! Thanks about it! So far I thought IDS is simply alerting suspicious traffic, while IPS does on top of that - adding firewall rule to block it. I tough simply this is perform while doing checks against IPS databases such as snort and there is no need to open the packets. Because like you said if I would like to have TLS open I need to have my router CA installed on trust stores on all my end pcs. which is too much and eventually if my CA is corrupt all goes shit. So is not IPS still on the table those days?!

Yeah...I just saw this post...didn't see it in my search of the forum before: https://forum.netgate.com/topic/147330/how-to-tag-interface-sfp-ix0-on-an-xg-7100/8 hmmm, I see what you are saying they route between the interfaces. In our small network, we have those vlans listed above with end devices spread out on different switches. I have the Eth 2, and 4 used to ensure routing. Yeah I should have the switches connected but they are not top of the line, and with the costs and this being a nonprofit it is hard to spend that money and even to get the money. I was hoping to utilize the SFP+ ports like I did on the Ubiquity UDM Pro of which we replaced. I like this unit Netgate, so much better, though...I am now recommending this to everyone.

Is this something that just started? Was the PWR button working as expected previously? If this is in warranty you should open a ticket with us: https://www.netgate.com/tac-support-request Steve

@akuma1x I just installed the 512GB M.2 SATA and reinstalled pfSense using ZFS and it appears to work just fine and all of the storage is available. I don't know why I bought such a large drive. I guess price point stupidity. But this thing boots so much faster now I love it.

ix3 is the WAN1 port but I assume you meant that since it's showing the copper link? Try it in the WAN3 port (ix0). That should at least show you the module info if it can detect it. For example: [22.01-RC][admin@6100-2.stevew.lan]/root: ifconfig -vvvm ix0 ix0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: WAN3 options=8138b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER> capabilities=f53fbb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,NETMAP,RXCSUM_IPV6,TXCSUM_IPV6> ether 90:ec:77:0f:74:45 inet6 fe80::92ec:77ff:fe0f:7445%ix0 prefixlen 64 scopeid 0x5 media: Ethernet autoselect status: no carrier supported media: media autoselect media 10Gbase-Twinax nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> plugged: SFP/SFP+/SFP28 1X Copper Active (Copper pigtail) vendor: BROCADE PN: 58-1000027-01 SN: CBMB11110040HR8 DATE: 2011-03-31 SFF8472 DUMP (0xA0 0..127 range): 03 04 21 02 00 00 04 41 88 80 D5 00 67 00 00 00 00 00 03 00 42 52 4F 43 41 44 45 20 20 20 20 20 20 20 20 20 00 00 05 1E 35 38 2D 31 30 30 30 30 32 37 2D 30 31 20 20 20 41 20 20 20 0C 00 00 78 00 12 00 00 43 42 4D 42 31 31 31 31 30 30 34 30 48 52 38 20 31 31 30 33 33 31 20 20 00 00 00 09 35 37 39 38 39 30 30 30 34 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 42 20 20 20 Steve

Thanks @mer and @akuma1x for lighting fast replies! Ok then I am good to go.

@chudak see https://forum.netgate.com/post/1019967