@gertjan That's quite a reply!
Thanks about it!

So far I thought IDS is simply alerting suspicious traffic, while IPS does on top of that - adding firewall rule to block it.
I tough simply this is perform while doing checks against IPS databases such as snort and there is no need to open the packets.

Because like you said if I would like to have TLS open I need to have my router CA installed on trust stores on all my end pcs. which is too much and eventually if my CA is corrupt all goes shit.

So is not IPS still on the table those days?!

Yeah...I just saw this post...didn't see it in my search of the forum before:

https://forum.netgate.com/topic/147330/how-to-tag-interface-sfp-ix0-on-an-xg-7100/8

hmmm, I see what you are saying they route between the interfaces. In our small network, we have those vlans listed above with end devices spread out on different switches. I have the Eth 2, and 4 used to ensure routing. Yeah I should have the switches connected but they are not top of the line, and with the costs and this being a nonprofit it is hard to spend that money and even to get the money. I was hoping to utilize the SFP+ ports like I did on the Ubiquity UDM Pro of which we replaced.

I like this unit Netgate, so much better, though...I am now recommending this to everyone.

Is this something that just started? Was the PWR button working as expected previously?

If this is in warranty you should open a ticket with us: https://www.netgate.com/tac-support-request

Steve

@akuma1x I just installed the 512GB M.2 SATA and reinstalled pfSense using ZFS and it appears to work just fine and all of the storage is available. I don't know why I bought such a large drive. I guess price point stupidity. But this thing boots so much faster now I love it.

ix3 is the WAN1 port but I assume you meant that since it's showing the copper link?

Try it in the WAN3 port (ix0). That should at least show you the module info if it can detect it. For example:

[22.01-RC][admin@6100-2.stevew.lan]/root: ifconfig -vvvm ix0 ix0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: WAN3 options=8138b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER> capabilities=f53fbb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,NETMAP,RXCSUM_IPV6,TXCSUM_IPV6> ether 90:ec:77:0f:74:45 inet6 fe80::92ec:77ff:fe0f:7445%ix0 prefixlen 64 scopeid 0x5 media: Ethernet autoselect status: no carrier supported media: media autoselect media 10Gbase-Twinax nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> plugged: SFP/SFP+/SFP28 1X Copper Active (Copper pigtail) vendor: BROCADE PN: 58-1000027-01 SN: CBMB11110040HR8 DATE: 2011-03-31 SFF8472 DUMP (0xA0 0..127 range): 03 04 21 02 00 00 04 41 88 80 D5 00 67 00 00 00 00 00 03 00 42 52 4F 43 41 44 45 20 20 20 20 20 20 20 20 20 00 00 05 1E 35 38 2D 31 30 30 30 30 32 37 2D 30 31 20 20 20 41 20 20 20 0C 00 00 78 00 12 00 00 43 42 4D 42 31 31 31 31 30 30 34 30 48 52 38 20 31 31 30 33 33 31 20 20 00 00 00 09 35 37 39 38 39 30 30 30 34 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 42 20 20 20

Steve

Thanks @mer and @akuma1x for lighting fast replies!
Ok then I am good to go.

@chudak see https://forum.netgate.com/post/1019967

@keyser I have 1Gbps fiber at home too, and agree that there's a gap to be filled. Right now I'm using a 6100 and while I agree that it's a bit pricey for a home router, when you spread it out over the likely 5+ year lifespan of the device it really doesn't matter that much.

A 4100 is coming "real soon now" and will likely be that goldilocks device you've been waiting for. I'm sure it would have been here by now if it weren't for the supply chain nonsense.

@stephenw10 The original pfsense device had multiple IP addresses on the WAN interface. When I migrated to the SG-3100, rather that using the primary public IP address, it was using one of the other IP addresses on the WAN interface. Once I realized this, I modified the WAN interface, then the clients were able to connect again.

The SG-3100 in now in place and all is well.

Thanks for your assistance.

I can confirm this issue, I restored my SG2100 and first up I did change to http and port 8081. I was not able to login using Brave.
I was however able to login via ssh.
I changed browser to Midori (doing this on a Manjaro Linux install) then I was able to login and I got a log entry on my ssh session stating that a successful login was made.

Now I tried to switch back to Brave, I try to login, I do see the same message in the ssh session that a successful login was made but the browser blinks and empties the login fields and does not login.

Starting a private window and trying to login succeeds. So this has to be some kind of caching issue.
I can confirm that it is a caching issue, deleting the browser cache does do the trick. After that I am able to login in again.

@blackh0le 👍

I would only expect to see that if there are no IPSec tunnels enabled.

What have you tried so far? How is it failing? Can we see any screenshots? Logs?

Steve

Log lines indicate the exact moment of the events :

@leonroy said in Unbound was killed: out of swap space:

Jan 11 13:01:33 unbound 63374 [63374:0] notice: Restart of unbound 1.12.0.

and while it's starting - 15 seconds later :

@leonroy said in Unbound was killed: out of swap space:

Jan 11 13:01:48 unbound 63374 [63374:0] info: service stopped (unbound 1.12.0).

and a small instance (< 1 second) :

Jan 11 13:01:48 unbound 63374 [63374:0] notice: Restart of unbound 1.12.0.

To make a long story, go to the Unbound / Resolver settings page and uncheck this :

ffec4b58-bccf-4e36-8b6e-dc41c1cea202-image.png

Stick a post-it on the pfSense box that says :
"Check the resolver logs again after 48 hours and see how many stops/restarts happened the last 48 hours".
If you find "a couple" or even less : issue solved.

There isnt much practical use in combining them because of different speeds.
Even with weights, still when one hits the 30Mbit will take notice, especially if downloading something.
Of course If you are a caffee with casual users it wont matter.
You can always configure the slower line as a backup, only. While doing this you can use the slower line for eg iot, or other "batch" uses like backup syncs etc.

@stephenw10 @keyser @stephenw10

Thank you all for your reply. I did manage to get the cheap alternative power adapter with the same voltage and ampere, device had the same behaviour as with the original power adapter. Am now guessing it's the device.

Thank you again. Good Day.

Sway

@luckman212 said in Netgate 6100 - devd firing an event on power button press?:

Any chance that in the future we could get the power button to fire notify events to devd upon a momentary press (< 3s)?

Since the button is only connected to the uc it would require a code update for the controller and that requires reflashing the SPI chip. It have to be a really good reason! 😉

Steve

@stephenw10

Thanks, got the right file for installation! Regards, Norbert

@pfimprudence sorry to revist this old thread but did you ever have issues with the 2.0a BIOS you installed from Super Micro? I see now there is a version 2.3 on Super Micros site. Did you happen to try that?

Also do you happen to get the 1.3 version from Netgate and can share? We have the version 1.2c from 2017 and I have not been able to get any official updates from Netgate team.

We need to replace the M.2 SSD on our 1537 and I imagine that there is better support for current devices including NVMe with the newer BIOS. Not to mention any security flaws on Intel Xeon CPU that might have been fixed. (Really annoying there is no BIOS changelog anywhere..)

Thanks!

Ah, there we go that's about what I'd expect to see.

One of the interesting things about iperf is that it's deliberately designed to be single threaded. Running multiple parallel streams using the '-P' switch does not change that, you are still running one iperf process. But, as you already tried, that means you can run it multiple times to test combinations of CPU cores and streams. You still see a better result using -P because the firewall and the NICs can use multiple queues and therefore CPU cores to move that traffic.

Steve

@stephenw10 said in SG-1100 factory reset no GUI access no console access:

Nope the cable has always been standard in everything we've shipped. The USB-serial chip is on-board and the cable simply connects to it. 😉

I decided to have some fun and dug up my "USB cable box", took out four micro USB cables and tested all of them on SG-1100 console compatibility. Each cable passed that test, confirming the standard (data) cables are okay 🙂