@stephenw10 said in SG-4860 Red Status Light: You can create an account and open a ticket for a hardware issue: https://go.netgate.com/ @blaznet Hopefully you have done as Steve recommended. When my SG-4860 died with seemingly the same failure mode, I sorta went into panic. It was a lot of money and out of warranty. I sent it overnight per their direction. When they got it, they analyzed it and sent me another. Total down time was about 5 days. I think I just paid the shipping. Netgate has been really good about standing behind their hardware, especially on known issues. You may have a different outcome but I was very pleased with how they handled my SG-4860's death... and resurrection. The replacement has been running a couple of years now. Being a retired EE (amongst other things) my research on some of the suspected components looks like they don't like prolonged heat soak. My SG-4860 is in an area that is always about the same temperature but does get a bit warmer in summer months. As a precaution now, I just drop a small muffin fan with soft feet over the top vent for about 10 weeks every summer. I try to keep the CPU cores under 110° F year round. The rest of the components seem to follow suit. But, I learned my lesson and I just bought a spare SG-4860.

@steveits Thank you. After spending some quality time in the console I finally got it working. The web configure crashed when I tried to change the VLANs. But, it's working now. Thank you.

@mer said in SG-1100 Unable to check for updates (Certificate verification failed): physically pull power For @harrdou , there's a doc page on this. I believe I read that was fixed in 21.02 or maybe .05 but the point is if you pull power once, then update, it shouldn't happen again.

Ah, the pfBlocker widget. If you have very large number of DNS-BL entries you may have to change that, yes. Steve

Thanks to you both for the input. Greatly appreciated.

Just to confirm that is exactly right. WAN and OPT are discrete NICs, mvneta2 and mvneta0. LAN (mvneta1) is connected to the switch internally. Steve

@stephenw10 thx for the info.

@stephenw10 forgot to report back but yes my problem has been solved. Many thanks.

I would also connect each switch to the 6100 separately if they are physically located to allow that. The only time you might not want that is if you regularly have multiple Gbps traffic between hosts on different switches where the 6100 would have to push that. Those switches look to have 10G ports and the 6100 has two 10G ports. If you're not using them already I'd use those. Steve

Yup, open a ticket with us for that. Steve

@citaku I don’t even know why the information is not in the documentation. We buy expensive hardware, supporting netgate and pfSense at the same time, and we cannot get the simple reference of the SSD being used.

Thanks steve. I got an img from support reimaged device and is working fine. Again Thank you

@jimp See outputs below.... FROM SG-5100 DHCP GUI: [image: 1635430256812-capture.png] FROM "/var/dhcpd/var/db/dhcpd6.leases" Lease FILE: authoring-byte-order entry is generated, DO NOT DELETE authoring-byte-order little-endian; server-duid "[REDACTED]"; ia-na "[REDACTED]" { cltt 4 2021/10/28 06:46:19; iaaddr [REDACTED] { binding state active; preferred-life 27000; max-life 43200; ends 4 2021/10/28 16:26:10; } } ia-na "[REDACTED]" { cltt 4 2021/10/28 11:52:14; iaaddr [REDACTED] { binding state active; preferred-life 27000; max-life 43200; ends 4 2021/10/28 23:52:14; } } ia-na "[REDACTED]" { cltt 4 2021/10/28 12:16:19; iaaddr [REDACTED] { binding state active; preferred-life 27000; max-life 43200; ends 5 2021/10/29 00:16:19; } } ia-na "[REDACTED]" { cltt 4 2021/10/28 11:24:51; iaaddr [REDACTED] { binding state active; preferred-life 20157; max-life 43200; ends 4 2021/10/28 23:24:51; } } ia-na "[REDACTED]" { cltt 4 2021/10/28 11:56:39; iaaddr [REDACTED] { binding state active; preferred-life 27000; max-life 43200; ends 4 2021/10/28 23:56:39; } } ia-na "[REDACTED]" { cltt 4 2021/10/28 12:08:29; iaaddr [REDACTED] { binding state active; preferred-life 27000; max-life 43200; ends 5 2021/10/29 00:08:29; } } ia-na "[REDACTED]" { cltt 3 2021/10/27 22:55:03; } ia-na "[REDACTED]" { cltt 3 2021/10/27 17:00:43; } ia-na "[REDACTED]" { cltt 3 2021/10/27 21:46:16; } ia-na "[REDACTED]" { cltt 4 2021/10/28 11:10:44; iaaddr [REDACTED] { binding state active; preferred-life 27000; max-life 43200; ends 4 2021/10/28 23:10:44; } } ia-na "[REDACTED]" { cltt 3 2021/10/27 18:03:46; } ia-na "[REDACTED]" { cltt 4 2021/10/28 11:08:53; iaaddr [REDACTED] { binding state active; preferred-life 7200; max-life 43200; ends 4 2021/10/28 23:08:53; } } ia-na "[REDACTED]" { cltt 3 2021/10/27 22:53:32; } ia-na "[REDACTED]" { cltt 3 2021/10/27 21:45:18; } ia-na "[REDACTED]" { cltt 4 2021/10/28 12:22:00; iaaddr [REDACTED] { binding state active; preferred-life 23597; max-life 43200; ends 5 2021/10/29 00:22:00; } } ia-na "[REDACTED]" { cltt 4 2021/10/28 04:49:16; iaaddr [REDACTED] { binding state active; preferred-life 27000; max-life 43200; ends 4 2021/10/28 16:49:16; } } ia-na "[REDACTED]" { cltt 4 2021/10/28 08:49:05; iaaddr [REDACTED] { binding state active; preferred-life 27000; max-life 43200; ends 4 2021/10/28 20:49:05; } } ia-na "[REDACTED]" { cltt 4 2021/10/28 05:37:30; iaaddr [REDACTED] { binding state active; preferred-life 27000; max-life 43200; ends 4 2021/10/28 17:37:30; } } ia-na "[REDACTED]" { cltt 4 2021/10/28 13:10:10; iaaddr [REDACTED] { binding state active; preferred-life 27000; max-life 43200; ends 5 2021/10/29 01:10:10; } } ia-na "[REDACTED]" { cltt 4 2021/10/28 13:17:10; iaaddr [REDACTED] { binding state active; preferred-life 27000; max-life 43200; ends 5 2021/10/29 01:17:10; } } ia-na "[REDACTED] { cltt 4 2021/10/28 13:24:13; iaaddr [REDACTED] { binding state active; preferred-life 27000; max-life 43200; ends 5 2021/10/29 01:24:13; } } ia-na "[REDACTED]" { cltt 4 2021/10/28 13:44:58; iaaddr [REDACTED] { binding state active; preferred-life 27000; max-life 43200; ends 5 2021/10/29 01:44:58; } }

@kabluton Yes. There is a lot of good documentation here: https://docs.netgate.com/pfsense/en/latest/solutions/netgate-2100/index.html

@nocling said in Can SG-1100 handle this S2S VPN?: If you choose the SG-2100, the power consumption is almost the same. But you have more power. The SG-2100 has a dedicated WAN port instead of the SG-1100 and can achieve higher performance because 1 NIC can only use 1 CPU core. And you have 4GB of RAM to do some things with no problem. Exactly - and in My case also especially because it has a Dual personallity SFP WAN port which allowed me to terminate My fiber to home directly in My firewall (No ISP box to use power anymore). I could do that because My ISP runs single strand Ethernet which is easy to get a SFP tranciever for

@bruenore See also the doc : Docs » pfSense software » Solutions » Netgate 3100 Security Gateway Manual As long as you're in the situation where the power can go down, keep this Netgate video in reach : How to Run a pfSense Software File System Check. ( or get an UPS ;) )

5100 is a great product; the only thing missing is Layer 3 switching and a 10GB WAN/LAN port. ...oooh i miss Layer 3 switching.....

@steveits said in Upload configuration to a Netgate 7100 from other PfSense: Hopefully the posting will be helpful to others. hmmm, so you're back and you won't forget? I love you man, but you know that... +++edit: I hope your style is honed by a serious CNC..... :)

@pourts The initial question is whether you want to prevent wired and wireless from talking to each other? If you do, you can use different interfaces on pfSense and use firewall rules to block traffic between them, from LAN to OPT and OPT to LAN. The 1100 has an OPT port so that could be for wireless. There's no need for a VLAN-capable switch in this scenario, but you may need two "dumb" switches, one on LAN and one on OPT, if you have multiple devices.

@gertjan Console would not respond to commands, but I was able to halt the system through the WebGUI prior to removing power. Update (10/22): the router ran fine for about 13 hours and then the OpenVPN (site to site) service hung, the service would not restart, and I had to reboot the router.