The SG-1100 use Switchports, no need for Bridge.

I use VLAN 1 to with my, on the Opt is a UniFi AP with Guest Net tagged on top.
DHCP is on the pfsense, there a so many settings you could set if you need.

@gertjan

Serial = (virtual) COM Port, yes

Bricked = kinda depends on how "bricked" bricked was...but it wasn't bricked so bad it became a door stop. :)

@steveits said in XG-7100 - Interface assignement:

A, kind of. The state

Well.

Just FYI, i came back to SG-5100.
I create a CARP between physical Appliance and virtual appliance hosted in my cluster, it works like a charm.
Public network is distributed through a VLAN, and i have double BGP attachment on a VPC Cisco core. Public routes are redistributed with i-bgp.

I can loose a switch core --> prod still working.
I can loose SG-5100 physical appliance --> Virtual appliance in the cluster is taking relay thanks to carp.

I love this setup, don't know why buying Fortinet or Stonesoft solution while pfsense is answering to problems....

@pzanga Excellent.

Remember to remove the VLAN’s as Well as they are No longer needed

@steveits said in SG-3100 Loadbalance and failover:

I've seen comments elsewhere that Starlink uses CGNAT.

Well then I saw it right 😉

Aha, this is not the best situation, because you can only hope that the CGNAT is only because of the few IPv4 address space of the provider and there are no nonsense filtering rules on the NAT.

It's like when you're at work and you need two hands and it's one fixed behind your back.

It's also strange that they use 192.168.0.0/16 and not 10.0.0.0/8, they're not that out of addresses then, hmmm?

Thanks! I didn't tag the appropriate network in pfsense correctly. It is working as expected. Rookie mistake....

Regards,

Tony

There is also an overview there too:
https://docs.netgate.com/pfsense/en/latest/solutions/xg-7100/switch-overview.html

If you're importing an older config open a ticket, we can convert that for you to use the XG-7100 ports directly:
https://go.netgate.com/

If you're starting clean we can get you a default config where all 8 ports are already separately configured and assigned.

Steve

As said, the CE version, available from here is "Intel/AMD" only.

The SG-3100 uses an ARM processor.

Resolved.
New firmware; 21.02.2

And to answer my own question, for some other poor soul that might search the forum for help. I forgot to add tagged switch ports 9 and 10 as described in documentation. So my tagged traffic was arriving to switch and staying on the switch never reaching the netgate core device.

Once I added ports 9 and 10 tagged in vlan config, everything worked

interface-vlan-config-to-work.png

We want to see what pfSense thinks the interface status is when the switch shows it's not connected, or not linked maybe.

@paul-netgate
Update: dear Steve I got it resolved. I had to assign the right port profile to the Ubiquiti switch port.
Thanks again for your help and have a nice day.
Best, Paul

@gertjan In all seriousness, though, that's one of the loudest and scariest POST failure beeps I've ever heard.

@gertjan Thanks!

Issue resolved by contacting support for the new version.

@bigsy Sorted this myself by reading the manual. 😁

For anyone interested, per the section on 'Segmentation Fault in pkg', which says "Certain cryptographic hardware can have a software-induced race condition which leads to a problematic state. In this state, pkg will crash with a segmentation fault", halting then powering off the system seems to have worked.

Indeed, with any luck those bugs should be resolved soon.

And, yes, the SG-2100 will not pass 1Gbps with firewall and NAT. If you're luck enough to have a home connection that is 1Gbps you would want something more powerful.

Steve

Just to be clear here we have always used Freshworks/Freshservice for the go. support portal.

An update to their service removed much of the customisation we had done changing the login page back to the default for a time. Nothing changed on the backend though, it's still the same ticket system.

Steve

What's connected to LAN3? Does that show the link being lost?

It could be a speed/duplex negotiation issue, you could try setting that switch port to a fixed speed if the device connected supports that.

Steve

@spacecase I've tried a few spot checks during active sessions over the last few evenings, but my testing was limited. After experiencing what might've been disruptions of session stability when I disabled 1:1 NAT, I quickly reverted back to my baseline configuration.

Forwarding the configured UDP ports at the router doesn't seem to make a noticeable difference, which seems to be consistent with the alternate configuration approach at this link.

https://forum.jamkazam.com/showthread.php?tid=1371

@richi44 My mistake. I did traceroute directly from cli and not from network which is routed to the tunnel. Everything just works.