1: You do not need to contact support to update the firmware. That process is only needed if you need to reflash it from scratch (cleaning the built in flash). It comes with a firmware build onboard, and that will update itself just like you are use to on your server.

2: It does not need internet to be setup. BUT: The GUI is very very slow when no Internet/DNS is available, and if you restore a config to it, no packages are installed automatically from the config. So it’s a tradeoff: You can restore your config “offline” on a very slow GUI, and you’ll have to reinstall any packages (all settings are preserved) once it gets online and have internet access. OR: You can shut down your server, insert the SG-3100 and restore your config.

Mmm, it's hard to compare those directly but I'd guess you might be pushing an XG-7100 with that spike loading.

Steve

@stephenw10
OK, will do, once the device arrives. Thanks.

You can recover the config from the pfSense install image as long as the partition is not completely destroyed, it gives you option before you install:
https://docs.netgate.com/pfsense/en/latest/backup/restore-during-install.html#recover-config-xml-from-existing-installation

Worst case you can cat the recovered config to the console from there and copy it out into a file.

Steve

Ok, I figured it out.

When configuring the vlan interfaces, at first I hadn't noticed, it was set with a mask of /32.

The rules being generated automatically, the NAT was set for the interface, with the same mask but not for the network with the right mask.

I fixed the VLAN interface mask a while ago but the NAT was still wrong.

Working like a charm now!

There was another post with a different wording , and the name Sara i think.

But my thought too.

/Bingo

Bridging VLANs like that is generally not recommended.

How many internal interfaces do you need configured like that?

If it's just one you could try breaking the ix2-3 lagg and reconfiguring the switch to connect Eth8 to ix2 directly and bridge that. Removing the VLAN will probably prevent the loss there.
Make sure you have some access to the firewall other than via the switched ports if you try that as it's very easy to get locked out!

Do you need to filter traffic across the bridge? If not you would be better off using an external switch to set that up.

Open a ticket with the device details: https://go.netgate.com/

Steve

@snigy bump

Resolved. I keep forgetting to check the vlan tab under switch...
I keep getting thrown off by the xg-7100 have two places for vlans...
Added the port to that and it works now.

I agree. But if you have pfBlocker set to update lists every hour I would not expect it to restart Unbound every time.

Steve

Yup, both those things are true.

The jumper is there in case you end up with a damaged uboot image on the eMMC, you can force it to ignore that and load from SD to recover. If the eMMC is complete blank it should try to load from SD anyway without the jumper.

Steve

Resolved issue after opening ticket with netgate. It was an install error on their part. I used the recovery image to install from scratch and selected ada0 as the target.

I now have about 27 gigs free.

@swygue said in Looking a bit more explanation about the SG-3100 and STP:

Are you saying I can connect SW1 to LAN1 and SW2 to LAN2?

Yes. As long as switch 1 is not also connected directly to switch 2 you will not have a loop.

Steve

@pmk_mck take the case off and let it run with a fan blowing on it, i mean..if you're blowing air in the dust is there anyways. Just dont want to electrocute or short anything during the test. I can do the same if you want to know the result.

The fan itself is standard 4 wire as far as I know so that should work if it will fit.

The actual required cooling is minimal so as long as it can be attached in some way you should have no problems.

Steve

Not really. I would say this is some WAN side connection issue except you can see much higher speeds when connecting from the device itself.

Please open a ticket with us so we can review the config and connection status: https://go.netgate.com/

Steve

You can open a ticket with is about that: https://go.netgate.com/
It is almost certainly outside any warranty though.

As far as I know running from m.2 SSD should be make that any more or less likely.

Steve

Thanks bmeeks. I need to do your second suggestion.