Thanks! I didn't tag the appropriate network in pfsense correctly. It is working as expected. Rookie mistake....

Regards,

Tony

There is also an overview there too:
https://docs.netgate.com/pfsense/en/latest/solutions/xg-7100/switch-overview.html

If you're importing an older config open a ticket, we can convert that for you to use the XG-7100 ports directly:
https://go.netgate.com/

If you're starting clean we can get you a default config where all 8 ports are already separately configured and assigned.

Steve

As said, the CE version, available from here is "Intel/AMD" only.

The SG-3100 uses an ARM processor.

Resolved.
New firmware; 21.02.2

And to answer my own question, for some other poor soul that might search the forum for help. I forgot to add tagged switch ports 9 and 10 as described in documentation. So my tagged traffic was arriving to switch and staying on the switch never reaching the netgate core device.

Once I added ports 9 and 10 tagged in vlan config, everything worked

interface-vlan-config-to-work.png

We want to see what pfSense thinks the interface status is when the switch shows it's not connected, or not linked maybe.

@paul-netgate
Update: dear Steve I got it resolved. I had to assign the right port profile to the Ubiquiti switch port.
Thanks again for your help and have a nice day.
Best, Paul

@gertjan In all seriousness, though, that's one of the loudest and scariest POST failure beeps I've ever heard.

@gertjan Thanks!

Issue resolved by contacting support for the new version.

@bigsy Sorted this myself by reading the manual. 😁

For anyone interested, per the section on 'Segmentation Fault in pkg', which says "Certain cryptographic hardware can have a software-induced race condition which leads to a problematic state. In this state, pkg will crash with a segmentation fault", halting then powering off the system seems to have worked.

Indeed, with any luck those bugs should be resolved soon.

And, yes, the SG-2100 will not pass 1Gbps with firewall and NAT. If you're luck enough to have a home connection that is 1Gbps you would want something more powerful.

Steve

Just to be clear here we have always used Freshworks/Freshservice for the go. support portal.

An update to their service removed much of the customisation we had done changing the login page back to the default for a time. Nothing changed on the backend though, it's still the same ticket system.

Steve

What's connected to LAN3? Does that show the link being lost?

It could be a speed/duplex negotiation issue, you could try setting that switch port to a fixed speed if the device connected supports that.

Steve

@spacecase I've tried a few spot checks during active sessions over the last few evenings, but my testing was limited. After experiencing what might've been disruptions of session stability when I disabled 1:1 NAT, I quickly reverted back to my baseline configuration.

Forwarding the configured UDP ports at the router doesn't seem to make a noticeable difference, which seems to be consistent with the alternate configuration approach at this link.

https://forum.jamkazam.com/showthread.php?tid=1371

@richi44 My mistake. I did traceroute directly from cli and not from network which is routed to the tunnel. Everything just works.

@akuma1x Many thanks! Order placed for a SG-3100, looks like it will meet the need.

@bmeeks said in SG-3100 Boot Issue:

But just keeling over while on active duty is a bit unusual.

That's what I thought, also. Thanks for the reply!

My SG-3100 runs with 1000/50, but my segment is not good and FQ_codel limits the Speed far away from Hardware Limit.
If i deactivate FQ_codel, or run up to 900+GBit but 100ms+ of ping time.
That is it not worth.
Is a nice low Power high speed device.

@derelict Many thanks, that's what I wanted to learn.

Now time to find a reseller with a good price in France ;)

I set my Pace to forward everything to the psSense firewall, then normal firewall rules on pfSense to port forward to the inside. pfSense is in the DMZ with the outside address. I have not had any issues.