@stephenw10 Update 21.05 solved the problem. Thank you.

After upgrading a few SG-3100 to 20.05 it seems to have resolved my issues with VPN speed, and I get expected IPsec VPN performance now. SG-5100 is still far better if can justify the price.

On the other side, the tcpdump show: [2.4.5-RELEASE][admin@pf1-tos.domain]/root: tcpdump -i xn0.10 ether host c8:df:84:c1:16:37 -nn tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on xn0.10, link-type EN10MB (Ethernet), capture size 262144 bytes 18:05:55.841165 ARP, Request who-has 172.16.80.241 tell 172.16.80.242, length 42 18:05:55.841190 ARP, Reply 172.16.80.241 is-at 00:16:3e:19:25:5f, length 28 18:05:56.850828 ARP, Request who-has 172.16.80.241 tell 172.16.80.242, length 42 18:05:56.850855 ARP, Reply 172.16.80.241 is-at 00:16:3e:19:25:5f, length 28 i can't run it on the origin otherwise the ping start working...

@stephenw10 I update both, pfBlockerNG dev holds Unbound down at startup. Next Reboot, all good. SafeXcel works now very nice, 50MBit Throughput, 45-50% before, 20-22% after. Looks like a nice version.

That's all the output? That's very early in the boot process, in uboot before it even tries to boot anything. If it was still booting 2.4.X and you simply ran the upgrade I would not expect a failure at that point. That looks more like a hardware issue if that really is all the output it's showing. Steve

The SG-1100 use Switchports, no need for Bridge. I use VLAN 1 to with my, on the Opt is a UniFi AP with Guest Net tagged on top. DHCP is on the pfsense, there a so many settings you could set if you need.

@gertjan Serial = (virtual) COM Port, yes Bricked = kinda depends on how "bricked" bricked was...but it wasn't bricked so bad it became a door stop. :)

@steveits said in XG-7100 - Interface assignement: A, kind of. The state Well. Just FYI, i came back to SG-5100. I create a CARP between physical Appliance and virtual appliance hosted in my cluster, it works like a charm. Public network is distributed through a VLAN, and i have double BGP attachment on a VPC Cisco core. Public routes are redistributed with i-bgp. I can loose a switch core --> prod still working. I can loose SG-5100 physical appliance --> Virtual appliance in the cluster is taking relay thanks to carp. I love this setup, don't know why buying Fortinet or Stonesoft solution while pfsense is answering to problems....

@pzanga Excellent. Remember to remove the VLAN’s as Well as they are No longer needed

@steveits said in SG-3100 Loadbalance and failover: I've seen comments elsewhere that Starlink uses CGNAT. Well then I saw it right Aha, this is not the best situation, because you can only hope that the CGNAT is only because of the few IPv4 address space of the provider and there are no nonsense filtering rules on the NAT. It's like when you're at work and you need two hands and it's one fixed behind your back. It's also strange that they use 192.168.0.0/16 and not 10.0.0.0/8, they're not that out of addresses then, hmmm?

Thanks! I didn't tag the appropriate network in pfsense correctly. It is working as expected. Rookie mistake.... Regards, Tony

There is also an overview there too: https://docs.netgate.com/pfsense/en/latest/solutions/xg-7100/switch-overview.html If you're importing an older config open a ticket, we can convert that for you to use the XG-7100 ports directly: https://go.netgate.com/ If you're starting clean we can get you a default config where all 8 ports are already separately configured and assigned. Steve

As said, the CE version, available from here is "Intel/AMD" only. The SG-3100 uses an ARM processor.

Resolved. New firmware; 21.02.2

And to answer my own question, for some other poor soul that might search the forum for help. I forgot to add tagged switch ports 9 and 10 as described in documentation. So my tagged traffic was arriving to switch and staying on the switch never reaching the netgate core device. Once I added ports 9 and 10 tagged in vlan config, everything worked [image: 1621531283714-interface-vlan-config-to-work.png]

We want to see what pfSense thinks the interface status is when the switch shows it's not connected, or not linked maybe.

@paul-netgate Update: dear Steve I got it resolved. I had to assign the right port profile to the Ubiquiti switch port. Thanks again for your help and have a nice day. Best, Paul

@gertjan In all seriousness, though, that's one of the loudest and scariest POST failure beeps I've ever heard.

@gertjan Thanks! Issue resolved by contacting support for the new version.

@bigsy Sorted this myself by reading the manual. For anyone interested, per the section on 'Segmentation Fault in pkg', which says "Certain cryptographic hardware can have a software-induced race condition which leads to a problematic state. In this state, pkg will crash with a segmentation fault", halting then powering off the system seems to have worked.