You should be able to re-install clean if you can access uboot still. Open a ticket with us to get the recovery image if you haven't already: https://go.netgate.com/ Steve

@mackeyuk I don't like following directions. Maybe this will help [image: 1626805416765-bridge.png] [image: 1626805416749-interfaces.png] [image: 1626805416701-sg.png]

There should be no problem importing the full config there beyond the expected complication of the switch config. Certs, users etc will all import. If you're having any issue with that please open a ticket with us: https://go.netgate.com/ We can convert your existing config so it imports directly. Steve

@stephenw10 no m.2/eMMC option when showing available boot devices. I opened a ticket. Thanks

Ok, then you can configure them however you want. Whatever is more convenient for what you're trying to connect.

You can configure two of the switch ports as a load-balance type LAGG, yes. Just edit the lagg number on the ports tab. For example: [image: 1626691434520-screenshot-from-2021-07-19-11-42-45.png] It can only use LAGG type load-balance though, it doesn't support LACP. Steve

The 6100 does not have any DIMM slots. the 8GB RAM is all on-board so it's not expandable. Steve

If you have more than one gateway defined make sure the default gateway is set to the specific gateway in question. If it's still set to automatic in System > Routing > Gateways it's probably switching to the other gateway and not switching back. Steve

@noexit said in Which Netgate to get?: My current router is an old Dell Dimension E310 PC (Intel(R) Pentium(R) 4 CPU 2.80GHz) with 1GB of RAM and 1000baseT 3com NICs running pfSense 2.3.4. Gah! Yeah, that's an actual P4, 32bit only, so upgrade time for sure! The SG-2100 would be fine for those speeds and, as mentioned, the 4GB RAM leaves plenty of headroom for Snort, ntopng etc. It won't pass full Gigabit line rate though if that's likely to be something you need anytime soon. Steve

So you just see no available configs to export? No users listed? Did you create user certs against the new CA? Steve

Beyond the switch config detailed here you only need to create the VLAN interfaces on mvneta1 and apply firewall rules as required. Are you seeing any particular problem? Steve

@bkseitz 2.5.2 is the numbering used for Community Edition (CE). Since you have a Netgate appliance, you are being migrated to pfSense Plus which is currently at 21.05. Plus is the same as CE with a few minor additions. Announcing pfSense Plus

I swapped cables, swapped the firewall for a white box pfSense, swapped the firewall with a UniFi USG, placed a switch in between the firewall and the ISP, and the interface was still flapping. The ISP is a WISP. They supposedly swapped out the radio on top of the roof, but it was still flapping. I wanted them to replace the cable and the PoE injector, but they didn't. We ended up hard setting the speed/duplex to 100 FDX and the connection is better, but still not perfect. The customer is going to be changing ISPs.

EDIT: Managed to solve this via Support. Needed to reinstall PFSense via the 'run recovery' command. Hit a snag with one of my USB drives, but the 'reset usb' command (x3) , as well as a different drive fixed the issue. Great, and super timely support from Netgate!

@truckin You can only assign interfaces to a LAGG that are not already assigned somewhere else. Add them to the LAGG and then assign the LAGG as an interface itself. In fact you should be able to assign the LAGG with only the one interface assigned to it to free up the other if needed.

Go here and create a ticket: https://go.netgate.com/. You can use the Sign-Up link under "Your Tickets" to create an account if you don't already have one. There is no charge for providing a Netgate appliance image. You will need to have, and provide, the Netgate ID and Serial Number of your appliance, though.

@jimp It's a netgate (Super Micro C2758), probably 4-5 years old? We are ordering a new (7100?) pair to replace these, but I was hoping to check which hardware fault it might be.

I can't reproduce any problem like that here, where I could easily reproduce the error before. If you haven't yet, after you have updated miniupnpd manually as described above, reboot the router to ensure the correct copy is the only one being used. It's also possible there is a lot of local traffic hitting UPnP/NAT-PMP and it's just busy at the time you noticed it.

Hmm, OK. Well glad you were able to connect. The putty interface can be confusing at times. It's all too easy to think you're opening a serial connection when in fact it's just showing you the serial settings and the session is still set as SSH. Steve