Ok, then you can configure them however you want. Whatever is more convenient for what you're trying to connect.

You can configure two of the switch ports as a load-balance type LAGG, yes.

Just edit the lagg number on the ports tab. For example:
Screenshot from 2021-07-19 11-42-45.png

It can only use LAGG type load-balance though, it doesn't support LACP.

Steve

The 6100 does not have any DIMM slots. the 8GB RAM is all on-board so it's not expandable.

Steve

If you have more than one gateway defined make sure the default gateway is set to the specific gateway in question. If it's still set to automatic in System > Routing > Gateways it's probably switching to the other gateway and not switching back.

Steve

@noexit said in Which Netgate to get?:

My current router is an old Dell Dimension E310 PC (Intel(R) Pentium(R) 4 CPU 2.80GHz) with 1GB of RAM and 1000baseT 3com NICs running pfSense 2.3.4.

Gah!
Yeah, that's an actual P4, 32bit only, so upgrade time for sure!

The SG-2100 would be fine for those speeds and, as mentioned, the 4GB RAM leaves plenty of headroom for Snort, ntopng etc.
It won't pass full Gigabit line rate though if that's likely to be something you need anytime soon.

Steve

So you just see no available configs to export? No users listed?

Did you create user certs against the new CA?

Steve

Beyond the switch config detailed here you only need to create the VLAN interfaces on mvneta1 and apply firewall rules as required.
Are you seeing any particular problem?

Steve

@bkseitz 2.5.2 is the numbering used for Community Edition (CE). Since you have a Netgate appliance, you are being migrated to pfSense Plus which is currently at 21.05. Plus is the same as CE with a few minor additions.

Announcing pfSense Plus

I swapped cables, swapped the firewall for a white box pfSense, swapped the firewall with a UniFi USG, placed a switch in between the firewall and the ISP, and the interface was still flapping. The ISP is a WISP. They supposedly swapped out the radio on top of the roof, but it was still flapping. I wanted them to replace the cable and the PoE injector, but they didn't. We ended up hard setting the speed/duplex to 100 FDX and the connection is better, but still not perfect. The customer is going to be changing ISPs.

EDIT: Managed to solve this via Support. Needed to reinstall PFSense via the 'run recovery' command. Hit a snag with one of my USB drives, but the 'reset usb' command (x3) , as well as a different drive fixed the issue.

Great, and super timely support from Netgate!

@truckin

You can only assign interfaces to a LAGG that are not already assigned somewhere else.

Add them to the LAGG and then assign the LAGG as an interface itself.

In fact you should be able to assign the LAGG with only the one interface assigned to it to free up the other if needed.

Go here and create a ticket: https://go.netgate.com/. You can use the Sign-Up link under "Your Tickets" to create an account if you don't already have one. There is no charge for providing a Netgate appliance image. You will need to have, and provide, the Netgate ID and Serial Number of your appliance, though.

@jimp It's a netgate (Super Micro C2758), probably 4-5 years old? We are ordering a new (7100?) pair to replace these, but I was hoping to check which hardware fault it might be.

I can't reproduce any problem like that here, where I could easily reproduce the error before.

If you haven't yet, after you have updated miniupnpd manually as described above, reboot the router to ensure the correct copy is the only one being used.

It's also possible there is a lot of local traffic hitting UPnP/NAT-PMP and it's just busy at the time you noticed it.

Hmm, OK. Well glad you were able to connect.

The putty interface can be confusing at times. It's all too easy to think you're opening a serial connection when in fact it's just showing you the serial settings and the session is still set as SSH.

Steve

It probably is fixed by https://redmine.pfsense.org/issues/11748 which means it would be OK on the latest version of pfSense Plus on the 3100. Is it running 21.05 or something older?

@gertjan I have not tried this as the eMMC is not even supposed to be in-use. I'll have to schedule time for a reboot + check. Even though the log is being spammed with errors, the SG-5100 is working and many people need the VPN gateway to work remotely

Yes, I saw the miniupnpd errors in my logs... but every time I try to paste them into this ticket, it is refused claiming its spam. Hence my GRRR comment up the chain :)

I've applied the fixed in the upnp-broken ticket and will see how it goes.

I did find an preorder ad since posting this that clarifies there are 8 independent and flexible WAN/LAN ports. Just my OCD goes crazy when I see it labeled all WAN LOL.

Too bad not available until September because I may need to order another SG-5100 soon, since it is the same price seems like a much better device.

Is SG-5100 still going to be around or is SG-6100 the replacement?

@stephenw10 Got it, didn't realize the other capacity was on-board. Thanks!