XG-7100 Setup problems

  • Found some annoying problems setting up an XG-7100. For starters, is anyone experiencing an error with the initial setup wizard not completing? Don't remember the exact error message, it returns a bright red web page with the error and renders the web interface useless. The only way i got around it was to reset it to factory from the console, then log in to the web interface and immediately go to System / Advanced / Firewall & NAT and change the Firewall Maximum Table Entries from 200000 to 500000.

    Another strange problem i'm experiencing is that when changing the WAN interface from DHCP to Static IPv4 after the setup wizard or tuning on or off the Reserved Networks (Block Bogon or private networks) the LAN no longer passes data to the WAN. Currently setting the XG-7100 up on my local network 192.168.5.x/24, then plan on moving it to a public network. Have set up other PfSense security appliances like this before and never experienced such a strange problem. Putting the settings back does not help. Spent countless hours combing through settings to no avail. The only way to get Internet connectivity back is to do a factory reset and start over.

    Is anyone else experiencing this? Is this happening because i'm running the WAN port via a local network?

  • Netgate

    After you change to Static IPv4, is the address inside RFC1918 space?

    If yes, did you disable "Block private networks and loopback addresses" on the bottom of Interfaces > WAN?

    Missed that, if you run 'pfctl -d' from Option 8 in the shell, are you able to access the GUI then?

  • Did not try that. Don't recall the exact error. Resolved it by doing 4 - Reset to factory defaults and then before running the setup wizard, changed the Maximum Table Entries to 500000.

  • LAYER 8 Netgate

    Maximum table entries: That will be something that is not specific to the XG-7100.

    I run all of my lab gear on inside networks. DHCP, Static, IPv6, it all works (but no XG-7100s).

    The only way I can see that changing from DHCP to static would break connectivity is if the static configuration was incorrect.

    Spending countless hours going through the settings would probably not be as productive as spending a couple minutes taking and evaluating a packet capture to see what is really going on.

  • Thank you for replying. Was under allot of pressure to get this installed. Ended up resetting to factory, and setting up from scratch with local static IP which worked perfectly.
    Still had to increase the Maximum table entries. Agree that this should not be hardware specific. have an SG-4860 and others that are working perfectly with the set default of 2000000 Maximum table entries.
    The XG-7100 is now installed in its new home and so far working perfectly. Updated to the new 2.4.3-RELEASE P1 and so far so good.
    Thank you for the excellent work.

  • Rebel Alliance Moderator

    @atteast If you're running WAN with IPv6 and/or have Bogons enabled to block on WAN, the next Bogon List Update (bogonsv6) will probably too large and crash those 200.000 entries. For a clean reload of rules etc. the table needs a size of double the count of entries and with bogonsv6 we are already near/around 100k entries. So that's why you can see the GIT commit to change the default from 200k to 400k in future releases :) But yeah, that's not device specific, all our devices/customers ran into that issue in early May.

    edit: my bad, I read 200k, not 2M as you wrote. That of course is more then enough :)

Log in to reply