Derelict & Rico, You both called it. I feel dumb now. The netmask on the new interface wasn't set to /24, it was set to /32. Fixed that and of course it's working now. How I made the same mistake on two firewalls, I have no idea! I appreciate your help, and for telling me to actually check the mask. Thanks! -Tim

Looks like its dead. Ordered a new XG7100

I have updated to the latest version. Thank you very much.

I followed and liked this model for a long time.

Yup, Please open a ticket at https://go.netgate.com our team can look into this for you.

@stephenw10 @Rico thanks will check it out

Thanks for pointing that out. I don't think anything using the VGA memstick image needs the Coreboot updater. I'll see baout removing it. Steve

I have an XG-7100 connected to a PoE switch, a Brocade ICX-6450-24P. It has never toasted any of the ports and I would not expect it to but your millage may vary. That's the only thing I have tested personally. I certainly wouldn't ever connect it to something non-standard like some of those 24V devices. Steve

There is perhaps some other issue here. I have a customer with the SG-1100 and Xfinity/Comcast. I am using a Netgear C7100V in bridge mode. On pfsense I turned on WAN dhcpv6 debug mode, to find out what the system delegation prefix was. The log showed a /60 prefix. I do not think there is any other way in the pfsense ui to see the value of the system delegation prefix. On the LAN side of pfsense, I set ipv6 to "track interface", ID 0, selected WAN interface to track, left the prefix size at /64. ipv6 is working OK for all clients

For almost each Netgate hardware there is a tweaked Image you should/need to use. Which one exactly is in the device documentation. -Rico

For most installs you should just be able to hit return to agree to the default selections. If you have two available devices, SSD or eMMC here, you will have to select that. If you choose to use ZFS then you need to go through the installer steps more carefully there. Coreboot will, by default, boot the SSD in preference to the eMMC. So if you installed to eMMC and rebooted it will just boo the old install on the SSD. You would have to choose to boot eMMC at the console. The boot order can be changed there though. Steve

@STEAMENGINE said in SG-1100 restore does not succeed: This is where after a reboot pfsense always wants to know which is the WAN port. if it is a PPPoE service (most are in UK for domestic users). If you choose 'a' for automatic pfsense says that the link is down when you plug it in. Of course if you have not yet provided a USR and PWD to pfsense for the PPPoE WAN it does not hook up. Pfsense in SG-1100 seems not to recognize the port you plugged the WAN into if it is a PPPoE service. This is a deadly loop you can't escape from. I'm used PPPOE for years also. Good news : your wrong, it doesn't work like that. When pfSense boots, the WAN NIC is initialized - you can see for yourself : lights come up on both the pfSense WAN NIC, and the modem's NIC must also be up. This is the moment when you see a "Link UP" in the dmesg log for the WAN. The fact that PPPPoE isn't initialzied yet is not important. For pfSEnse, there is a WAN assigned interface, that's all that counts. Check out for yourself what PPPoE is : it's a (point to point) Protocol over Ethernet. When PPPoE is started, the Ethernet is and must be already up. So, for pfSense the WAN interface is UP. If pfSense stops at the end of the boot, to ask to you to assign a WAN, this means the other side isn't UP yet -> your modem ! Solution : boot modem first, have it stabilize, and start the pfSense. This is a know situation and has been seen before. Especially if you have a uncontrolled power down and power up situation. Normally, xDSL modmes are dumb devices, and start up pretty quickly, faster as pfSense. You could also have a bas cable : test with another cable. Again, see the dmesg log for whatever messages related to the WAN NIC driver. It should show "Link UP" for all NIC's connected at the end of the log. Btw : I always used and use today an AMD64 version - PPPoE isn't possible anymore for me.

For reference the 'fix' LED actually goes out entirely when a 3D fix is obtained. Might be better to have it stay on solidly instead. I think that default is done to save power in battery driven applications which doesn't apply here. A firmware update might be possible to change that. Steve

Not too many details on what is going on here. If you purchased support from Us, you can open a ticket. Email sales@netgate(dot)com if you would like to have our team investigate this customer facing issue. The forums are great, but if this is a company you should have support with SLA's tied to it. At minimum I would try a re-image and go from there, you can get that from https://go.netgate.com When we see 502 errors 99.999% of the time there is a configuration issue.

I wish I'd read this this morning before going on site with a virgin SG-1100. My VLANS are even 20, 30, and 31 :-) Thanks for taking the time.

Please open a support ticket at https://go.netgate.com/

Submitted ticket. Thanks.

Seems to be related to not finding a WAN link, working well now. D.

@BEB-Consulting said in Netgate SG-1100 - 2.4.4-RELEASE-p3 - Unbound Won't start: and 853 for SSL/TLS. More than likely this was the root of your problem... If your going to want unbound to listen on 853, then you have to take the time to make sure the cert its going to use is valid, etc. That is clearly not selected out of the box.. Why did you try and enable that? In what possible scenario would you want/need to serve local dns over tls? Do you have your unbound open to the public?