basic netgate appliance configuration questions

  • I'm having some trouble setting up the DHCP address of my XG-7100-1U appliance, and I think I'm probably making some assumptions about how this works that's tripping me up.

    Broad description of the setup I'd like to have: I have my own network, let's call it It's a fully functional non-private IP space, with a working DHCP server, internet connection, and around 200 individual servers and such on it.

    I have a cluster of other servers that are essentially a black box unit to me (for testing purposes).

    I got the netgate to function as a firewall between this second testing cluster and my own regular cluster. The idea was that the netgate itself would get its functional IP address from my dhcp server (from which people managing the test cluster could ssh into the appliance to remotely/internally manage the test cluster without disturbing my own network.

    I got to the netgate's webgui interface on as described in the unit's Security Gateway Manual on p 25. I did a pretty barebones setup, mostly changing the admin password and configuring the hostname, domain name, and dns servers (section 3.4-3.7) and setting the WAN (3.11) to DHCP.

    On my own DNS server, I assigned an IP address to the MAC listed on the back of the unit. However, the DHCP will also assign dynamic IP addresses so even if I got the MAC wrong, my setup will still hand out an IP address. But it's not getting an IP address or showing up on arpwatch on my end.

    I connected the Netgate via a 10G DAC cable from netgate's IX0 sfp+ port to my own switch. On the dashboard, the Netgate indicates: OPT1 10Base_Twinax <full duplex, rxpause, txpause> and there's a light that goes on and off as I attach/detach the cable; on my switch the light is on and the switch shows, for that port:

    sw10#show interfaces Ethernet 4
    Ethernet4 is up, line protocol is up (connected)
    Hardware is Ethernet, address is 001c.7391.2695 (bia 001c.7391.2695)
    Ethernet MTU 9214 bytes , BW 10000000 kbit
    Full-duplex, 10Gb/s, auto negotiation: off, uni-link: unknown
    Up 1 hours, 26 minutes, 24 seconds
    9 link status changes since last clear
    Last clearing of "show interface" counters never
    5 minutes input rate 0 bps (0.0% with framing overhead), 0 packets/sec
    5 minutes output rate 12.9 kbps (0.0% with framing overhead), 16 packets/sec
    5 packets input, 506 bytes
    Received 0 broadcasts, 5 multicast
    3 runts, 0 giants
    3 input errors, 0 CRC, 0 alignment, 0 symbol, 0 input discards
    0 PAUSE input
    3239877 packets output, 341985157 bytes
    Sent 1898534 broadcasts, 528224 multicast
    0 output errors, 0 collisions
    0 late collision, 0 deferred, 0 output discards
    0 PAUSE output

    Am I missing something obvious? Or is the only way this connects to the outside world is via the eth1 port?

  • Netgate Administrator

    You would need to re-assign the WAN to ix0. By default it uses lagg0.4090 to connect to the Eth1 port via the internal switch.

    So Interfaces > Assign. Change the dropdown on WAN to ix0. Either remove OPT1 or assign that as some other port and save.


