I would not expect that to cause any problem. I've seen it numerous time on XG-7100s that were working just fine.

Steve

Unit has been sold, thank you for your private messages.

How exactly are you losing upstream connectivity?

I assume you can still connect to the pfSense webgui when this happens?

Can the firewall itself still connect? Can you ping and external host from Diag > Ping? For example: google.com or 8.8.8.8?

Does the WAN gateway still show as UP?

Steve

Hard to see how that could be. The packet is arriving over the IPSec. TCP Syn packets are tiny anyway. But if you've seen something similar before I guess....

But that pass rule should match and clearly isn't. IP Options on it or something odd?

Steve

We can probably sell you a riser kit if you call our sales guys, pretty sure it's not listed separately on our store.

You should be able to connect SFP to SFP+ at 1G. You might have to set the ix ports to 1G fixed to get it to link.

Steve

@stephenw10 thanks. In the meantime I already have done that and it was quite straight forward, as you mentioned.
I will plug in the new appliance in the next days and see what happens (I also modified a switch port to be a "PVID port", just to learn and prepare).

It depends what you're importing into. The SG-5100 would be fine, import the config in the webgui and re-assign the interfaces there before rebooting. The XG-7100 requires some VLAN/LAGG/Switch config so imported files usually require some modification. We can do that for you though.

Steve

You can get OEM branded Intel cards quite cheap 2nd hand if you need to. There's a handy list here: https://forums.servethehome.com/index.php?threads/list-of-nics-and-their-equivalent-oem-parts.20974/

Not all cards may work though. I have personally used an HP 560SFP+ in a XG-7100 and whilst the card is detected and is usable it has the odd quirk of preventing the XG-7100 reboot. Only really an annoyance for me but obviously a huge issue if you were to reboot it remotely.
The other thing is that the expansion card is parsed before the on-board NICs so if you use an ix based card like that expect to have to re-assign your interfaces. Crucially including the internal LAGG.

The NIC we sell uses the ixl(4) driver so does not have that issue.

Steve

I will leave here all I have done along with Netgate support.

First of all, I tried to read through console port if there was any data being retrieved by the firewall (https://docs.netgate.com/pfsense/en/latest/solutions/sg-1000/connect-to-console.html), but nothing was received. I have connected that console port, and then turn it on till it shutdown, but no outcome.

After this , I made a NVRAM reset used for SG-series units:

• Remove power from the system.
• Remove the case and orient the system with the Ethernet ports facing you.
• Locate the NVRAM reset jumper located just the left of the CPU heatsink.
• On early models it is labelled J8, on later models it is labelled J10. Only one of the two will have pins and the jumper present.
• Move the jumper from pins 1 & 2 to pins 2 & 3.
• Power the system on. The STATUS and SATA LEDs will light briefly then go out.
• Remove power, move the jumper back to it's original position and reattach the case.

But also no luck.

I really hope this info could help others, but one thing is for sure, I have received support from Netgate when there was 5 AM at their timezone, and we start talking through ticket support with gaps between 5 and 10 minutes. This is something I really appreciate, not leaving consumers to their luck, in very hard situations. Note that I didnt had a support contract, and start that ticket as a pfsense user with acommunity edition! And thats why I will buy again Netgate, in this case two XG-7100 units for high availability even being difficult to buy such devices here in Portugal.

Netgate ♥

It's a very common power supply - 12V 2A DC 5.5mm x 2.1mm jack, centre pin positive. You should be able to easily source one from Amazon etc.

@stephenw10 Thank you Steve. I contacted the seller, but I was too late, the unit has been sold to another buyer. I appreciate the offer to help though!

Ah, nice result. 👍

You should open a ticket with us about that: https://go.netgate.com/

There may be other envs missing or changed if that one was.

Steve

Thanks, it's works now. I have made an File system check.
Marc

Without testing that ourselves it's impossible to say for sure. But...

I would expect that to work fine with the SG-1100. It would certainly have no problems running it. The PSU has to be capable of suppying the maximum current draw, that's with an mPCIe card and USB devices in both ports. the Normal running current is far less.
As a very rough comparison I have tested a similar device that runs on 4AA NiMH cells and saw ~1hr runtime from (4.8Vx2000mAh) 9.6Wh.

I don't see any values for the charging current given on their spec sheet so, yes, the SG-1100 may not be sufficient in which case it might be damaged.
However it probably won't work anyway because the barrel connector on the SG-1100 is 5.5x2.1 so the PSU will likely not fit into the UPS device. You would have to use an alternative PSU if fit-pc have used a 2.5mm pin in their socket (also not specified).
You could probably ask them about both those things though.

And, just to be clear, using anything but the supplied PSU is not something we can warranty. 😉

Steve

OK, now it's better. With AES128-GCM I can hit the speed of 85MB/s and the processor is around 80%.

c8441de3-b38e-41a8-8e0f-348348e7ce9c-image.png

We can imagine firewall will never hit 160MB/s but, it is closer to the performances announced by Netgate. And my internet bandwith is 1Gb/s, so it's really close to the maximum.

Thank you for your help.

Anthony

That is correct, LAN will be able to ping IOT. IOT will not be able to create connection to ping LAN though which is what you asked about.

Steve

It does, and you can use them with a modified config, it requires additional switch config.

The expansion card provides separate igb interfaces so if, for example, your existing config only had 4 interfaces from the 8860 assigned you would not require any config changes.

To be clear you do not need the expansion card.

Steve

Hmm, I would not expect to ever require a power cycle for the switched ports.
The only time I have ever seen that is if a bad SFP module is used. It's possible the ix0/1 ports can require a power cycle to clear their state.
Anyway glad you found it.

Steve

@stephenw10 Sounds great to me, even more so hearing it from an administrator after 4 hours :D