@Derelict Thank you, this module worked. While it still shows "Unknown" and doesn't show vendor/module information, the connection is up and working.

So your using 1 of the sftp interfaces as your wan? All of the non sfp interfaces are part a switch. Or your using eth1 as wan, and then eth2-8 are lan - which I believe is the default config. If you have a downstream switch and devices can all ping each other than has nothing to do with pfsense - so sure yeah you could unplug pfsense, turn it off and all your devices on your downstream switch could still talk to each other. If your not seeing any log entries - say your wan quality going wonking? - I would validate your uplink from your downstream switch to pfsense is good. Check the cable - you could also try changing ports both on your downstream switch and the switch port connected to pfsense. Since its un managed its impossible to check the switch for issues, like a interface reset (other than watching for lights) or errors on the connection, or a mac address flip or stuff like that. Duplex issues, there are lots of things that could happen but without a managed switch hard to look into those.. You would hope though that such things would be logged/viewable on the 7100... But not sure on the details for that model - don't have one to play with :( Since you say your using a dumb switch downs stream, I take your not doing any sort of lagg for your upload - and only have 1 port connected to the 7100 switch from your downstream switch. Are you sure its 10 or 15 minutes, this is repeating pattern, like every X minutes? If was say 20... this is the default arp cache of pfsense.. And maybe you have something odd going on with that.. But if is not repeating exactly X mins seems unlikely. Also we are talking IPv4 right - not ipv6.. Just for clarification. One test you might be able to do is get a sniff going on pfsense for pings from some device on your lan... Make sure you set it to store enough - it defaults to only 100 packets... Then get a running ping going from one of your lan clients to to the pfsense lan IP... Then after the issue, go back to pfsense and stop the capture and take a look see.. Was pfsense still getting the pings, and just didn't answer during the issue, or did you not see any ping requests during the issue. There are some ping tools you can use that allow for faster pings than the default normal 1 a second... So you could get say a clearer picture of the issue duration.. If it really only 1-3 seconds long when it happens. Oh btw how exactly are testing loss of internet, could it be say more just a delay in resolution when say unbound is restarting on a dhcp registration.. This can present symptoms like your seeing where internet doesn't work for second, then you refresh your browser and working.

The desktop or 1U variant? As far as I know they would both power on by default after losing power though. The power switch in the 1U is a physical switch in the PSU and that's what I use to power it on/off here. A power outage would do the same thing. It does that from standby also. The desktop has an external power brick so that would also power off entirely. Are you seeing something different? Steve

Hmm, yeah we've certainly tested those. Can you get any details from them in something else? Those I've seen showed as: vendor: Intel Corp PN: FTLX8571D3BCV-IT But I believe those can be programmed to match other vendors for compatibility perhaps those you are trying are flashed differently. Steve

No. Console option 4 is how that is done. If you want a complete factory default, reinstalling the recovery image is the way to accomplish that. https://docs.netgate.com/pfsense/en/latest/solutions/sg-3100/reinstall-pfsense.html

@provels I agree but I also need minimal downtime and maintenance down the road. That said, my J3355 has been rock solid but I have the luxury of being able to fiddle with it at home. I also need the small footprint of the purpose built units due to the current location of the router. I have never found a small router sized mini-ITX case to build with. To save $100 or less building my own is less appealing too.

I'm not aware of any plans to do so at this time. I'll ask. Steve

yes they are there as an example

You can open a ticket with us at https://go.netgate.com

Nice catch! Hard to imagine what the Anyconnect client needed that would be blocked by such a filter. If it was filtering as expected at least. Steve

Ticket opened, thank you.

@LamboJ said in Wifi on XG-7100 1U via add-on-card or USB adapater: But if that's not available, then I'll go with this. Thanks. No, they definitely ARE available, just not supported. I'm guessing that's what you probably meant... https://forum.netgate.com/topic/56196/can-i-use-a-wireless-usb-adapter-to-make-pfsense-a-access-point https://www.reddit.com/r/PFSENSE/comments/75zd8t/usb_wifi_card/ https://linustechtips.com/main/topic/48272-pfsense-wifi-usb/ https://homeservershow.com/forums/topic/6048-help-with-installing-a-usb-wireless-nic-on-a-pfsense-router/ Jeff

Please message our sales team: sales@netgate(dot)com

https://forum.netgate.com/topic/144636/sg-1100-intermittent-reboots

open a ticket with support

It's not like an uncommited change like you might find on a switch. If there is something set that's allowing it to function it would have to have been done manually from the CLI. There's no way for the config to know about that but it seems unlikely unless maybe there was a lot of trouble-shooting on that firewall at some point. Try running those two commands on the running firewall and compare the output with the non-running device. Did you open a ticket? Steve

Ah, nice! Glad you got it sorted. Steve

Unlikely. It's possible to break the ruleset entirely by having shaping that ends up invalid on the interface it's defined on but you would see problems all the time if that were the case. Steve

@richtemark "Parts left out cost nothing and create no service problems" ~ Bunkie Knudsen, Chevrolet General Manager - 1961

Try to start Suricata from the GUI. If it fails, then click on the LOGS VIEW tab and then select the suricata.log file in the drop-down for which log to view. Read through that log, or post its contents here for assistance. There should be an error in that log file describing the problem. Suricata is pretty good about letting you know what it does not like. In the rare event that log is totally empty, then the next possibility is that the Suricata installation itself is corrupt or failed to complete. You can either try deleting the package and installing it again (you won't lose your current settings), or you can try this at a shell prompt to be sure Suricata can actually run: suricata -V That should print out some version information and exit. If it prints any error message, then you will know what's up. But run this command only after checking the suricata.log file that I mentioned previously.