3. Problems starting SG-1100 with autoconfigbackup from Gold Membership backup

Problems starting SG-1100 with autoconfigbackup from Gold Membership backup

  • O

    Hi,

    First time posting in the new forum, unfortunately couldn't retain my older login since I only had user/pass and not email noted.. :(

    I just bought the SG-1100 hw and having had the pfSense Gold Memberhip for some time and also having used the autoconfig backup that came with it, I naturally want to try to import the config from there so I don't have to build all config up from scratch.

    I don't have a massive bandwidth but have some 10 interfaces, most VLANs, 5-6 CAs, some 20 users and perhaps 40 different certs, quite a lot of FW rules and a lot of config like dyn DNS, captive portal and also both remote access VPNs and a smaller number of site-site VPNs. Not too interested in having to do all that from scratch..

    So I'll try and describe what I want and what I have done.

    What I want to have in the 1100 is:

    WAN - on a untagged sw port member with PVID to VLAN n
    LAN - on a untagged sw port member with PVID to VLAN nn
    OPT as parent interface for some 5-10 VLAN interfaces - TAGGED sw port

    And that is approx what I use in my old setup that needs replacing and it works perfectly.

    I have started the 1100, configured it so everything work and then did a local backup of config.

    Then I configured the autoconfigbackup, filling in the old 'legacy' settings and pulled down the old config to rewrite with.

    Upon doing the loading of the old config the unit was sitting blinking green for some time and I was too lazy setting the console access up so I let it sit throught the night.

    Day after I looked at it again, still blinking, accessed console which worked very nicely. I then see that it's sitting waiting for me to remap some interfaces which I do and shortly after I was sitting looking at what appears to be a normal console meny with WAN and LAN assigned.

    Checking interfaces in terminal I see a lot not valid but think maybe I can clean that up if I can just enter webgui.

    Now here I am getting sort of stuck.

    In console I see the normal page with commands and serial etc and my WAN and LAN like:

    WAN -> mvneta0.10 ->
    LAN -> mvneta0.20 -> v4: 10.20.30.1/24

    WAN is not connected at this time and if it was I don't think it would have worked, see below.

    I am having problems getting traffic to the fw and have still not been able to access gui.

    If I connect a cable to LAN I cannot ping FW.
    If I run tcpdump in 1100 I see the arp requests over the wire but there is no return sent from FW.

    I'm not sure how I should read the info, I see there are some discussions herein about these hw having a swith internally and that it works in special ways etc.

    Is it expecting only tagged traffic incoming to ports? I have tried different settings in the switch tagged/untagged etc but haven't been able to get it to work.

    For LAN should I use VLAN 20 (as per above) and tagged info? Have tried and for some reason it doesn't work. I realize there's some not applicable info in config but I hope to to able to clean that up once logged on to gui.

    Maybe someone here can help me in the right direction?

    TIA,

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy