Suricata should run fine on the SG-2100. Just be sure to set log file size limits including a total size limit. Steve

Ok, if you're doing that I would put the bridge between WAN and OPT and use LAN for management. That removes the switch from the connection.

Thank you stephen. I guess we already talked over e-mail about this issue, i appreciate your answer here too though. I could also add one of the 4 port 1Gbps PCIe NICs that are supported by the 7100U and not being limitied to load balancing laggs only, right? In any case and this is a little bit off-topic but bear with me for a second. I am really interested about the future of pfsense+. Been a long timer user of the community edition and from a business perspective the move to pfsense+ was understandable and probably the right one. Of course i wish that the CE edition will still remain and receives regular updates but i guess that remains to be seen. I am also looking forward to pfsense+ on VMs or 3rd party hardware and i would be very happy to see this come to fruition in 2021. Thanks again. :)

@stephenw10 thanks! that path ultimately lead to a damaged port igd0! remaining ports in good shape, so did a quick right-shift from Interfaces, Assignments...

There's no provision for using multiple drives in pfSense so you would need to boot from m.2 SSD or add your own scripts to enable it. There's a pretty good chance you would fill the drive accidentally and cause problems for the firewall. Hard to recommend doing that. Either way though, the m.2 slot is not NVMe so no PCIe lines. Steve

Thanks for spotting that. I have opened a ticket to get it corrected. https://redmine.pfsense.org/issues/12266 Steve

It shows that because you're on a version that is now several versions old. It needs to update the package that contains the available repos but can't get the latest version of that from the 2.4.4 branch. If you run the update though you will probably go straight to 2.5.2 or 21.05.1 since it will be able to update the repo package as soon as it starts to pull in new packages. Steve

@rico said in upgrade fails: run usbrecovery perfect i resolve the problem. tks

Depending on what packages you have running you may be able to use ram disks. I've yet to see a filesystem problem on any device that has ram disks enabled. You can't really use it with Snort, Suricata or pfBlocker though unless you're very careful with tuning. Steve

@bmeeks said in Prepurchase Question: Suricata on SG-3100 appliances have apparently been solved In fact I did two upgrades to 21.05.01 on 3100s today and they both offered the suricata package (package 6.x, Suricata 5.x), not the suricata4 package.

Those pics don't seem to have uploaded correctly. I think the reset procedure from the APU was the same. It's been a while though! In which case this applies: https://youtu.be/Cwz7vWu_KO0 Steve

It's a tradeoff for performance and features versus a fully fault-tolerant hardware/software setup that is immune to sudden power failures. The full disk subsystem used in the pfSense appliances allows for better logging and installation and use of third-party packages that need a read-write disk subsystem. The professional way to deploy these and other pro-level firewall appliances is to power them with a UPS. Can be a relatively small and inexpensive one. Just make sure it offers a USB communications ability to send status info to a monitoring daemon. On pfSense, you then install either the apcupsd or nut package to monitor the UPS and gracefully shutdown the firewall when the UPS signals that power is lost and the battery is almost exhausted. The ZFS filesystem option is more fault-tolerant, and if you want to perform a complete reinstall, you can enable that option. I think there is a move afoot to make ZFS the default setup in coming future version updates. ZFS is not immune to issues caused by sudden power loss, but it is more resilient to the same as compared to UFS.

Hmm, the only thing I'm aware of that may be related is the additional gpio device that is detected in 21.0X compared with 2.4.X. We had to make some changes to our driver for that I believe. The active device was incremented. That must be working for you though or it wouldn't work at all. Not something that would fail after some time. Steve

@hebein said in Netgate 5100 - after reboot no config: old logs from suricata that filled up the filesystem A couple years ago, give or take, there was an issue where the Suricata GUI would show log rotation was enabled but it actually wasn't by default. That was fixed back then, and I would think if you are on 21.01 you'd have a newer package and this doesn't apply to you. But IIRC the workaround was just to save the Suricata log page settings so it did actually enable. Except for that we haven't had any such issues with its log rotation. If it's a high traffic site you might consider unchecking "Enable HTTP Log" on the interface.

That level of throttling is almost always something low level like a speed/duplex mismatch or an IP address conflict. Check Status > Interfaces for errors/collisions especially when using the expansion card. Check the system logs for any errors shown. Steve

The anonymous, privacy centric nature of Protonmail is always going to attract spammers unfortunately. And spam filters are far from perfect. That's just the trade-off you make. Steve

Thanks for the follow up.

I unblocked that email anyway in case you need to use it in future. Steve