Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    1. Home
    2. Tags
    3. sg-1100
    Log in to post
    • All categories
    • N

      Procedure to offline update hot spare to latest revision?

      Installation and Upgrades
      • sg-1100 • • NGUSER6947
      10
      0
      Votes
      10
      Posts
      462
      Views

      K

      @nguser6947 said in Procedure to offline update hot spare to latest revision?:

      @keyser The only package I'm using is pgblockerng.

      That is the best package for pSense - period.
      But it is also the worst for what you are looking ti do. Because depending on your setup that will either autocreate and sort your firewall rules or create aliasset that cannot resolve when it’s not installed

    • M

      Unable to upgrade SG-1100 appliance to 23.01 - Kernel panic

      Installation and Upgrades
      • update 23.01 sg-1100 • • msoutullo
      11
      0
      Votes
      11
      Posts
      1402
      Views

      jimpJ

      @william-mandell said in Unable to upgrade SG-1100 appliance to 23.01 - Kernel panic:

      @jimp

      No Jim , sorry, but no. Not an older version of pfsense plus at all.

      I was on the Newest version of pfSense Plus+ that was the release #, 'freshly' and (*natively) installed before > and updated to 23.01 obviously after 23.01 came out, but before I saw that it was being 'blocked' because of some problems going on.

      Those statements are contradictory. Either you installed 23.01 directly or you were on 22.05 and upgraded to 23.01.

      That said, I checked around and apparently it's a known issue that the 1100 and 2100 recovery installers are using an older ZFS version in the disk images.

      While you could run zpool upgrade -a and let it upgrade that, if it didn't properly update the loader when you updated to 23.01 then it may not boot properly after. If you did reimage it with 23.01 and not an upgrade, then it's safe to run.

      How and why would I want to boot it to the older version(s) ZFS boot environment , its has ZFS now. The 'old' environment always said it has an 'error' and shouldnt even running, but TAC said y'all had a special version, so it's fine.

      If you upgraded from 22.05 to 23.01 and had a problem on 23.01, you could use the boot environment to boot back into 22.05 without reinstalling.

      Can I ask again, how EXACTLY do I run a program that uses your special Chip' on board to verify and authenticate that my system is running authentic pfSense+ software. Does it need to be 'on'? Not sure if it's the same chip but whichever one displays whether it is on or not has always been off. Thought that chip was for VPN? Anyway, the trademarked pc sense chip to verify and authenticate - the software running.

      The device that handles the authenticity part is used by the device when accessing the package repositories for packages and updates (all automatic). That is the "thoth" security chip.

      VPN acceleration on 1100/2100 is handled by a different function, the SafeXcel cryptographic accelerator, which is unrelated.

    • S

      SG-1100 users should use the update selection "SG-1100 update" in the selector above

      Official Netgate® Hardware
      • 22.01 21.05.2 sg-1100 • • SouthTech
      3
      0
      Votes
      3
      Posts
      422
      Views

      S

      @stephenw10 Awesome. Thanks.

    • L

      Unbound was killed: out of swap space

      Official Netgate® Hardware
      • unbound swap sg-1100 • • leonroy
      12
      0
      Votes
      12
      Posts
      3241
      Views

      GertjanG

      Log lines indicate the exact moment of the events :

      @leonroy said in Unbound was killed: out of swap space:

      Jan 11 13:01:33 unbound 63374 [63374:0] notice: Restart of unbound 1.12.0.

      and while it's starting - 15 seconds later :

      @leonroy said in Unbound was killed: out of swap space:

      Jan 11 13:01:48 unbound 63374 [63374:0] info: service stopped (unbound 1.12.0).

      and a small instance (< 1 second) :

      Jan 11 13:01:48 unbound 63374 [63374:0] notice: Restart of unbound 1.12.0.

      To make a long story, go to the Unbound / Resolver settings page and uncheck this :

      ffec4b58-bccf-4e36-8b6e-dc41c1cea202-image.png

      Stick a post-it on the pfSense box that says :
      "Check the resolver logs again after 48 hours and see how many stops/restarts happened the last 48 hours".
      If you find "a couple" or even less : issue solved.

    • T

      WAN configuration - DHCP on VLAN with additional options

      DHCP and DNS
      • sg-1100 wan on vlan configuration dhcp • • teunbruijnen
      3
      0
      Votes
      3
      Posts
      416
      Views

      T

      @kiokoman

      Thank you for your quick and clear reply!
      This helped me out a lot, I didn't realize we could add "Send options" in such a way!

      I haven't managed to get a public IP yet but am getting closer and closer :)

      Have a great day

    • C

      SG-1100 Failes to Boot; No Console Access

      Official Netgate® Hardware
      • sg-1100 • • curtisj
      6
      0
      Votes
      6
      Posts
      1033
      Views

      P

      @curtisj - does this help you at all - it worked for me (twice recently) https://docs.netgate.com/pfsense/en/latest/solutions/sg-1100/reinstall-pfsense.html

      I have around a dozen SG-1100 in production, they tend to arrive to me in two's or three's so I configure, and software upgrade them one after another, and ship them out. This gives me a some sort of impression of how consistently they behave. Anyway, the last three arrived with me just over a month ago, and I performed a vanilla out-of-the-box config on them, and then the upgrade to pFsense Plus. One decided to brick itself rather than take the upgrade (so I used the procedure above to recover it) and the other two took the upgrade just fine via the web ui. And now I'm thinking about it, there was one that I stuck a label-printed note onto the top that I was unable to serial console onto it.... Maybe I'll revisit that unit and use the warranty. As I'm supplying them to technically-capable users, but not neccessarily firewall technically familiar, I perform multiple reboots before shipping them out and always keep a copy of the final config. But again in this most recent batch one decided that it would be a brick after being DHL'd to the user. Used the procedure above, and blasted the config back onto it, and it's been fine since.

    • Z

      Sony Bravia Smart TV on pfSense SG1100

      General pfSense Questions
      • sg-1100 sony smart tv android • • zaca
      2
      0
      Votes
      2
      Posts
      298
      Views

      B

      @zacaustin

      I have a Sony Bravia and a sg3100, it’s on my guest vlan
      It works perfectly hardwired.. I have a Ubnt nano mounted directly above it which also works fine..

      It works on just the out of box dns resolver for me and also by setting it up with next dns google blocking... where it’s pushed dns servers by pfsense and it blocks google services

    • C

      SG-1100 Can’t access Web UI but can access serial inteface

      webGUI
      • sg-1100 • • curtisj
      6
      0
      Votes
      6
      Posts
      425
      Views

      C

      @johnpoz I tried accessing web UI from the LAN device to IP 192.168.1.1
      I also had tried from a device on the WAN accessing the router assigned IP of 192.168.1.30.

      Neither worked.

    • L

      Good experience with SG-1100 and Netgate support

      Official Netgate® Hardware
      • sg-1100 netgate support • • leonroy
      1
      6
      Votes
      1
      Posts
      251
      Views

      No one has replied

    • T

      Trouble accessing SG-1100 web UI via IPsec

      Official Netgate® Hardware
      • hangs ipsec sg-1100 slow speed web gui • • tumble
      16
      0
      Votes
      16
      Posts
      492
      Views

      stephenw10S

      Hard to see how that could be. The packet is arriving over the IPSec. TCP Syn packets are tiny anyway. But if you've seen something similar before I guess....

      But that pass rule should match and clearly isn't. IP Options on it or something odd?

      Steve

    • Z

      Setting up a pfsense to be a forwarder/proxy

      General pfSense Questions
      • pfsense networking sg-1100 setup • • zacclifton
      1
      0
      Votes
      1
      Posts
      166
      Views

      No one has replied

    • F

      Unplug WAN cable on primary and lose internet access

      HA/CARP/VIPs
      • lan failover routing wan sg-1100 • • frenzy_usa
      1
      0
      Votes
      1
      Posts
      223
      Views

      No one has replied

    • R

      Netgate SG-1100 (wired router) setup with phone hotspot

      Official Netgate® Hardware
      • netgate iphone sg-1100 hotspot • • rpwoods13
      5
      0
      Votes
      5
      Posts
      681
      Views

      stephenw10S

      Indeed, I've never tried it and only recently became aware you could connect directly like that. I could see how it might be possible though.

      Steve

    • S

      SG-1100 64 bit counters

      SNMP
      • sg-1100 montoring • • str8edgedave
      6
      0
      Votes
      6
      Posts
      495
      Views

      S

      Hey @jimp,
      For the SG-1100, I know its an Arm box, it one of the reasons I bought it. I said arm64, as that's what bsnmpd reported, instead of Aarch64.

      I had a chance to install Net-SNMP on the SG-1100 and it returns ifHCInOctets and ifHCOutOctets:
      $ snmpwalk -v2c -c <redacted> 192.168.1.254 | grep -i -e inoctets
      IF-MIB::ifInOctets.1 = Counter32: 1066212313
      IF-MIB::ifInOctets.6 = Counter32: 0
      IF-MIB::ifInOctets.7 = Counter32: 147998
      IF-MIB::ifInOctets.8 = Counter32: 0
      IF-MIB::ifInOctets.9 = Counter32: 0
      IF-MIB::ifInOctets.10 = Counter32: 339689700
      IF-MIB::ifInOctets.11 = Counter32: 549481782
      IF-MIB::ifInOctets.12 = Counter32: 121263171
      IF-MIB::ifHCInOctets.1 = Counter64: 1066384951
      IF-MIB::ifHCInOctets.6 = Counter64: 0
      IF-MIB::ifHCInOctets.7 = Counter64: 147998
      IF-MIB::ifHCInOctets.8 = Counter64: 0
      IF-MIB::ifHCInOctets.9 = Counter64: 0
      IF-MIB::ifHCInOctets.10 = Counter64: 339693366
      IF-MIB::ifHCInOctets.11 = Counter64: 549639578
      IF-MIB::ifHCInOctets.12 = Counter64: 121267407

      I'll have to keep playing to make sure there is no functionality loss (OIDs returned, etc), but right now I'm happy!

      Thanks!
      David

    • S

      Trouble setting up SG-1100 for Google Fiber

      General pfSense Questions
      • sg-1100 google fiber vlan • • shad0wca7
      4
      0
      Votes
      4
      Posts
      339
      Views

      stephenw10S

      No, no reboot required.

    • Z

      SG-1100 Restart Loop - No Access

      Official Netgate® Hardware
      • sg-1100 issue • • ztroop
      2
      0
      Votes
      2
      Posts
      537
      Views

      GrimsonG

      https://forum.netgate.com/topic/144636/sg-1100-intermittent-reboots

    • ?

      SG-1100 PPPoE Performance

      Official Netgate® Hardware
      • pppoe performance sg-1100 • • A Former User
      12
      0
      Votes
      12
      Posts
      1246
      Views

      A

      @muppet said in SG-1100 PPPoE Performance:

      @akuma1x Yes it's easy enough to buy some secondhand/commodity hardware.

      Anything you can find with enough network ports and an Atom C3XXX, or Intel i3/i5/i7 processors, or even some of the more recent fast Celeron and Xeon processors. Those are all good for a pfsense box. Try to stay away from the laptop-grade mobile processors, and the older Celeron J1900 stuff. Those are going to show their age and weaknesses quicker than the other ones.

      HP and Dell made/make some good small form factor stuff. Just make sure you can add at least 1 multi-port INTEL network card in there and you'll be all set with a nice pfsense firewall box.

      Jeff

    • J

      Netgate SG-1100 Continually reboots after restore

      Official Netgate® Hardware
      • sg-1100 • • jparker
      6
      0
      Votes
      6
      Posts
      799
      Views

      johnpozJ

      Chris already posted the link https://go.netgate.com/

    • DerelictD

      SG-1100 "Router on a Stick"

      Official Netgate® Hardware
      • sg-1100 switchports • • Derelict
      1
      3
      Votes
      1
      Posts
      832
      Views

      No one has replied

    • DerelictD

      SG-1100 configuring LAN and OPT to be on the same VLAN

      Official Netgate® Hardware
      • sg-1100 switchports • • Derelict
      5
      9
      Votes
      5
      Posts
      3672
      Views

      DerelictD

      Everything should be the same as any TAP bridge. You'll just have OPT and LAN on the same switch VLAN.

    • B

      SG-1100 Running Real VLANs

      Official Netgate® Hardware
      • sg-1100 switchports • • BSD29
      44
      1
      Votes
      44
      Posts
      11202
      Views

      stephenw10S

      If you need that to resolve to a private IP you would still need to add that. Or you could disable DNS rebinding protection globally but adding that one domain is preferable.

      Steve