Issue with Basic LAN and WAN setup with XG-7100-1U router

dhiyogroup · Sep 3, 2018, 10:12 PM

Here is What I did:

ETH1 - WAN - IP - 192.168.40.20 - GW- 192.168.40.1
ETH2 - LAN - IP - 192.168.100.20

When I change default configuration with IP above, I am NOT able to ping/access to LAN/WAN.

But when I do pfctl -d from console then I can ping both IPs.

Is there any difference in configuring this model?

Can anyone help configuring basic LAN and WAN setup in XG-7100 firewall just for ETH1(WAN) and ETH2(LAN) with above IPs?

NOTE: We are not using SFP port. I just need this WAN and LAN setup in ETH - RJ-45.

Thank you!!

Derelict · Sep 4, 2018, 12:33 AM

Where are you pinging from? You realize you have to renumber the device you are pinging from to the new network scheme after you change that right?

Nothing special about the XG-7100 in this regard.

Edit the WAN interface. Renumber it
Edit the LAN interface. Renumber it
After you save, you will get a warning about the DHCP scope. Services > DHCP Server, LAN. Change the DHCP to the new numbering scheme.
Go back to Interfaces > LAN and apply.
Renumber your management device to the new scheme and connect to 192.168.100.20.

About the only way that would not work is if you have altered the firewall rules on LAN to allow traffic from a specific network instead of LAN net. The rules on LAN must pass traffic from 192.168.100.0/24 (netmask assumed as it was not specified.) Source LAN net will track the changes to the interface numbering and change accordingly.

Derelict · Sep 4, 2018, 4:20 PM

For a basic configuration change like that you can always just run through the setup wizard again, too. Then renumber your management workstation to the new LAN scheme and reconnect to the new webgui address on LAN.

System > Setup Wizard

dhiyogroup · Nov 22, 2018, 10:36 AM

@derelict said in Issue with Basic LAN and WAN setup with XG-7100-1U router:

About the only way that would not work is if you have altered the firewall rules on LAN to allow traffic from a specific network instead of LAN net. The rules on LAN must pass traffic from 192.168.100.0/24 (netmask assumed as it was not specified.) Source LAN net will track the changes to the interface numbering and change accordingly.

Hi,

After I renumber the interface, I can not connect to firewall. Could you please help me with the steps?

There was a production issue so I could not check on this earlier.

Thank you!

johnpoz · Nov 22, 2018, 10:47 AM

He did - 3 months ago!!

dhiyogroup · Nov 22, 2018, 10:53 AM

@dhiyogroup said in Issue with Basic LAN and WAN setup with XG-7100-1U router:

There was a production issue so I could not check on this earlier.

Yes, I did follow that steps but not able to connect after renumbering the interface. Am I missing anything or any documentation to follow?

johnpoz · Nov 22, 2018, 11:12 AM

Dude its not rocket science... Change the IP, change the IP of your device to be on that network - connect to it!! Did you actually change the mask correctly... Drop down defaults to /32 -- maybe you messed up the mask.

Without more details of the steps you did - its impossible to help you figure out what your doing wrong..

So lets say the IP was 192.168.0.1/24 on pfsense
You change it to 192.168.1.1/24

Now on your PC change it to 192.168.1.2/24 -- can you ping 192.168.1.1 ? Can you arp for it??

What are the rules pfsense - as derelict clearly stated 3 months ago if your not using the alias for the network, ie lan net and actually setup IP range - you need to make sure that rule reflects and allows what your new network is going to be.. If your on lan then the antilock out rules to should prevent you from not getting to the gui - did you happen to turn those off??

Here I just change my lan IP from 192.168.9.253 to 19.253

This is clickity clickity basic stuff here!!!!!

dhiyogroup · Nov 22, 2018, 1:16 PM

Yes, I did that and here is the screen shot of my configuration. With this configuration it takes 70 seconds to open the webgui.

Earlier there was intermittent connectivity issue. But after we updated pfsense I ping stats is normal but webgui takes very long time to load (60 to 70 sec)

johnpoz · Nov 22, 2018, 1:50 PM

Your wan is not even up - so yeah the gui can take a bit to load as it tries to check for updates and such but will fail and have to time out.

You are changing your lan from what to what? Where did you change your PC to this network, and did you try and ping - can you arp for the new IP... Where is that you hit apply, or did you change it from gui?

So that is you accessing the gui on the new IP?? Or before you change it?

dhiyogroup · Nov 22, 2018, 3:24 PM

How can I disable update check so that GUI loads faster within 1 or 2 seconds?

Yes, changed pfsense device IP from 192.168.0.1 to 192.168.1.1.
Client PC is from the same network IP and able to ping pfsense 192.168.1.1 and access webgui.

johnpoz · Nov 22, 2018, 3:31 PM

So you can access pfsense after a IP change..