New SG-3100. Cannot access Setup Wizard/Web UI
-
I would reflash it. I don't think it will do an update on its own.
https://docs.netgate.com/pfsense/en/latest/solutions/sg-1100/reinstall-pfsense.html
Roy...
-
You don't need to reinstall. The problem is your Arris modem is handing out 192.168.1.x on the WAN side of the SG-3100 and the SG-3100 defaults to 192.168.1.x on the LAN side. You can't have it both places.
So you have three choices:
- Bridge the Arris modem so it stops handing out private addresses (ideal)
- Change the LAN subnet on the Arris modem to something else
- Change the LAN subnet on the SG-3100 console to something else (e.g. 192.168.2.x)
-
Thank you, @jimp! I took the 3rd option and voilá, I was able to access the web ui and perform the initial setup. The dashboard is a beautiful sight.
Do you know if it's still possible to obtain 2.4.4p3? I feel I should have that handy before attempting upgrade to 2.4.5.
-Alan
-
You can ask via https://go.netgate.com and the support team can see if they can get you the image. Since you are starting fresh that isn't likely to be a concern, though.
-
Got it. Thank you.
-
You really need to get your cable company to put you modem in Bridge Mode. That is the only way to get a public IP on your WAN. Without that you won't be able to forward any ports from the Internet to any of your LAN devices.
Roy...
-
Good call Jim! I didn't pick up on that.
Roy...
-
@rpsmith said in New SG-3100. Cannot access Setup Wizard/Web UI:
You really need to get your cable company to put you modem in Bridge Mode. That is the only way to get a public IP on your WAN. Without that you won't be able to forward any ports from the Internet to any of your LAN devices.
Roy...
Thanks for that tip. Gathering info on how to configure my gateway for IP Passthrough. That's the Arris/AT&T equivalent of bridge mode.
Currently, my SG is connected the gateway, but not to my home network while I get the firewall rules squared away.
-Alan
-
@ajtradtech said in New SG-3100. Cannot access Setup Wizard/Web UI:
but not to my home network while I get the firewall rules squared away.
If your home network, your LAN, only has devices you trust, you have nothing to do. The default WAN rules, that is no rules at all, and one default pass all rule on LAN, works well.
If you have devices that you don't trust, never forget the most logic action : remove the device from all known networks. Like this, the unknown issue bug will never bite you. This solution is fool proof for live and beyond.
If you have to accept this non trusted device on your network, put it on a dedicated, sedonc (third) network that can only communicate to the Internet, and you decide with rules, for this (these) devices(s) where to, with who, etc. When you make an error, you won't risk much. Never have these devices access your LAN based (trusted) devices.
Using internal networks like this is they way firewalls routers should be used. Always keep it simple (for yourself) and try to make firewall rules that you understand and are able to test. For that matter, don't even trust your own firewall : test what you want to achieve.No "help me" PM's please. Use the forum, the community will thank you.
Edit : and where are the logs ?? -
@ajtradtech
If you are using u-verse, good luck with getting IP Passthrough to work. Seems like every time I figure out how to enable it, they change the firmware and redo all the menus.Roy...
-
@Gertjan said in New SG-3100. Cannot access Setup Wizard/Web UI:
@ajtradtech said in New SG-3100. Cannot access Setup Wizard/Web UI:
but not to my home network while I get the firewall rules squared away.
If your home network, your LAN, only has devices you trust, you have nothing to do. The default WAN rules, that is no rules at all, and one default pass all rule on LAN, works well.
If you have devices that you don't trust, never forget the most logic action : remove the device from all known networks. Like this, the unknown issue bug will never bite you. This solution is fool proof for live and beyond.
If you have to accept this non trusted device on your network, put it on a dedicated, sedonc (third) network that can only communicate to the Internet, and you decide with rules, for this (these) devices(s) where to, with who, etc. When you make an error, you won't risk much. Never have these devices access your LAN based (trusted) devices.
Using internal networks like this is they way firewalls routers should be used. Always keep it simple (for yourself) and try to make firewall rules that you understand and are able to test. For that matter, don't even trust your own firewall : test what you want to achieve.Thanks for your advice. It mirrors what I'll be attempting- segregating some IoT devices. I'll start a separate thread for that, though. Looking forward to the community's input there. I've unlocked some interesting opportunities with this pfSense box!
