https://forum.netgate.com/topic/144636/sg-1100-intermittent-reboots

open a ticket with support

It's not like an uncommited change like you might find on a switch. If there is something set that's allowing it to function it would have to have been done manually from the CLI. There's no way for the config to know about that but it seems unlikely unless maybe there was a lot of trouble-shooting on that firewall at some point. Try running those two commands on the running firewall and compare the output with the non-running device. Did you open a ticket? Steve

Ah, nice! Glad you got it sorted. Steve

Unlikely. It's possible to break the ruleset entirely by having shaping that ends up invalid on the interface it's defined on but you would see problems all the time if that were the case. Steve

@richtemark "Parts left out cost nothing and create no service problems" ~ Bunkie Knudsen, Chevrolet General Manager - 1961

Try to start Suricata from the GUI. If it fails, then click on the LOGS VIEW tab and then select the suricata.log file in the drop-down for which log to view. Read through that log, or post its contents here for assistance. There should be an error in that log file describing the problem. Suricata is pretty good about letting you know what it does not like. In the rare event that log is totally empty, then the next possibility is that the Suricata installation itself is corrupt or failed to complete. You can either try deleting the package and installing it again (you won't lose your current settings), or you can try this at a shell prompt to be sure Suricata can actually run: suricata -V That should print out some version information and exit. If it prints any error message, then you will know what's up. But run this command only after checking the suricata.log file that I mentioned previously.

Yes, that is the PoE injector, it passed data and adds power as you say. As an access point the UAP-AC-LR is better. It's a dedicated access point. Steve

https://forum.netgate.com/topic/144636/sg-1100-intermittent-reboots

@ahoeppner said in SG-1100 incorrect date and time: Guess my only option is to stick with the manually entered time for now. That was in idea to get you into the ballpark. Being too far off the pool time may result in a no-sync. You can try to use your local gov's NTP servers as well time-a-g.nist.gov 129.6.15.28 (Gaithersburg, Maryland) time-b-g.nist.gov 129.6.15.29 time-c-g.nist.gov 129.6.15.30 time-a-b.nist.gov 132.163.96.1 (Boulder, Colorado) time-b-b.nist.gov 132.163.96.2 time-c-b.nist.gov 132.163.96.3 AFAIK those are not pools so it makes more sense to use their IPs instead of the IPs of an ntp.org pool.

It's not full line rate unless that is small packets. Mb/sec is pretty meaningless without pps.

At this time we do not recommend using ZFS on eMMC. Though I have run at and had no issues there. Steve

@Michael-Samer said in SG-3100 openVPN Bridge Configuration: My ovpn (Server) setup is very straightforward, just as described in the netgate wiki entry Which page exactly? There are instructions for all the different setup types. Steve

You can't use the restore during install option in the same way on the ARM firewalls because the recovery image does not actually run an installer. It just copies the image bitwise. However you can have it recover the config on first boot using the ECL: https://docs.netgate.com/pfsense/en/latest/backup/automatically-restore-during-install.html#external-configuration-locator-ecl The fat partition on the recovery image allows you to do that with one USB stick. Steve

If you opened a ticket asking about switch docs for the 3100, then yeah pointing to the doc would be the correct answer ;) What part of the documentation are you not not getting and maybe we can solve your problem right here.. Other then maybe you clicking the actual pvid entry in the table vs say an edit button on the entry.. It really is no different than any other switch. You set the port vlan, and then on your uplink (port 5) you tag that vlan.. Once you understand that port 5 is the uplink to the soc, its pretty straight forward.

We are working/making a rackmount/din rail mount SG-1100 bracket.

Hi Steve Thanks for the feedback. Of course it turned out to be a simple thing: Had the rule to do tcp (?) Changed it to “any” and it worked. John

The SG-1100 is a powerful device, it's not able to fully route/firewall at 1gbps: https://www.netgate.com/blog/choosing-the-right-netgate-appliance.html

3 is the same as 2. You just make a gateway group with Tier 1, 2, and 3 gateways.