Backup the config file from Diagnostics > Backup/Restore.

Restore it back into the firewall once it's booting from m.2.

It is also possible to install the config automatically from the USB installer:
https://docs.netgate.com/pfsense/en/latest/backup/automatically-restore-during-install.html

Which of those you'd use depends on what you're installing into.

Steve

many thanks for the information

random != urandom

random device will only return random bytes within the estimated number of bits of noise in the entropy pool. when the entropy pool is empty, reads from /dev/random will block until additional environmental noise is gathered

urandom device will not block waiting for more entropy.

When you need random data fast, you should use /dev/urandom
For cryptographic purposes you should use /dev/random

kiokoman@nanto:~$ dd if=/dev/random of=/tmp/speedtest bs=1024 count=100000 dd: warning: partial read (115 bytes); suggest iflag=fullblock 0+100000 record in 0+100000 record out 8194031 bytes (8,2 MB, 7,8 MiB) copied, 8,15628 s, 1,0 MB/s kiokoman@nanto:~$ dd if=/dev/urandom of=/tmp/speedtest bs=1024 count=100000 100000+0 record in 100000+0 record out 102400000 bytes (102 MB, 98 MiB) copied, 1,88982 s, 54,2 MB/s

Ah, good to hear.

Connect LAN-to-LAN on the 7100s (Like ETH3 - ETH3)

Connect a workstation to another LAN port on either of the firewalls (ETH4 to ETH8).

Does your problem go away?

If so, it's the Dell switch.

Yes that's expected unfortunately. The interface to query the switch port status is relatively slow, if you have that widget on the dashboard it will introduce a delay.

Steve

Were you able to resolve this? What exact install image are you using?

Steve

Thank you!

@Derelict said in XG-7100 efficiency low?:

That is why one should not rely on external test sites when testing device performance.

You don't say ;) heheheeh

I've posted fragments of it before, though my previous example didn't have the devices mapped statically.

There are some other tricky bits to the setup, mostly finding ways in the available USB device info dump to uniquely identify each device. Depending on the chips involved it might not be possible, too, since sometimes the USB/Serial chips don't get a unique serial number/ID, so if you have multiple overlapping devices it may be a crap shoot.

Ah OK. That is not easily achievable.

You want to add the SFP ports for redundancy? To get a 10G connection?

You can create a lagg of both SFP ports and connect them to the external switch, that would be a preferable setup.

Steve

@Grunt0307 said in Poor SG-5100 Performance?:

No, I don't see any crash reports when it comes back online in the GUI, is there some place I can look to see them?

If crash reports are present you will see an alert on the dashboard reporting that. They are stored in /var/crash though.

Steve

No. You do not need paid support for hardware issues.

But the first thing you need to do is get a serial console connected and see what is being displayed there.

https://docs.netgate.com/pfsense/en/latest/solutions/sg-3100/connect-to-console.html

That will be the first thing we'll ask you to do there.

Paste the output here or in the ticket you create at https://go.netgate.com/

@Derelict Thank you, this module worked. While it still shows "Unknown" and doesn't show vendor/module information, the connection is up and working.

So your using 1 of the sftp interfaces as your wan? All of the non sfp interfaces are part a switch.

Or your using eth1 as wan, and then eth2-8 are lan - which I believe is the default config.

If you have a downstream switch and devices can all ping each other than has nothing to do with pfsense - so sure yeah you could unplug pfsense, turn it off and all your devices on your downstream switch could still talk to each other.

If your not seeing any log entries - say your wan quality going wonking? - I would validate your uplink from your downstream switch to pfsense is good. Check the cable - you could also try changing ports both on your downstream switch and the switch port connected to pfsense. Since its un managed its impossible to check the switch for issues, like a interface reset (other than watching for lights) or errors on the connection, or a mac address flip or stuff like that. Duplex issues, there are lots of things that could happen but without a managed switch hard to look into those.. You would hope though that such things would be logged/viewable on the 7100... But not sure on the details for that model - don't have one to play with :(

Since you say your using a dumb switch downs stream, I take your not doing any sort of lagg for your upload - and only have 1 port connected to the 7100 switch from your downstream switch.

Are you sure its 10 or 15 minutes, this is repeating pattern, like every X minutes? If was say 20... this is the default arp cache of pfsense.. And maybe you have something odd going on with that.. But if is not repeating exactly X mins seems unlikely.

Also we are talking IPv4 right - not ipv6.. Just for clarification.

One test you might be able to do is get a sniff going on pfsense for pings from some device on your lan... Make sure you set it to store enough - it defaults to only 100 packets... Then get a running ping going from one of your lan clients to to the pfsense lan IP... Then after the issue, go back to pfsense and stop the capture and take a look see.. Was pfsense still getting the pings, and just didn't answer during the issue, or did you not see any ping requests during the issue.

There are some ping tools you can use that allow for faster pings than the default normal 1 a second... So you could get say a clearer picture of the issue duration.. If it really only 1-3 seconds long when it happens.

Oh btw how exactly are testing loss of internet, could it be say more just a delay in resolution when say unbound is restarting on a dhcp registration.. This can present symptoms like your seeing where internet doesn't work for second, then you refresh your browser and working.

The desktop or 1U variant?

As far as I know they would both power on by default after losing power though. The power switch in the 1U is a physical switch in the PSU and that's what I use to power it on/off here. A power outage would do the same thing. It does that from standby also.
The desktop has an external power brick so that would also power off entirely.

Are you seeing something different?

Steve

Hmm, yeah we've certainly tested those. Can you get any details from them in something else?

Those I've seen showed as: vendor: Intel Corp PN: FTLX8571D3BCV-IT

But I believe those can be programmed to match other vendors for compatibility perhaps those you are trying are flashed differently.

Steve

No. Console option 4 is how that is done.

If you want a complete factory default, reinstalling the recovery image is the way to accomplish that.

https://docs.netgate.com/pfsense/en/latest/solutions/sg-3100/reinstall-pfsense.html

@provels

I agree but I also need minimal downtime and maintenance down the road. That said, my J3355 has been rock solid but I have the luxury of being able to fiddle with it at home.

I also need the small footprint of the purpose built units due to the current location of the router. I have never found a small router sized mini-ITX case to build with.

To save $100 or less building my own is less appealing too.