Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    New SG-3100. Cannot access Setup Wizard/Web UI

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    12 Posts 4 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ajtradtechA
      ajtradtech
      last edited by

      Hello,

      I'm a noob to the Netgate/pfSense universe. I connected the 3100 per the gateway manual.

      Arris modem LAN port --> 3100 WAN port
      3100 LAN port --> my MBP laptop
      Powered up 3100
      Boot up complete indicated (slow blue flash)
      Update available indicated (slow orange flash)
      Arris assigned IP 192.168.1.103 to 3100

      When I attempt to access the Setup Wizard at 192.168.1.1 it keeps timing out. I'm using Chrome on my MBP. MBP is directly connected to the 3100. I tried pinging it from the MBP but it just times out as well.

      Is it updating itself and I need to wait for it to finish? The orange LED is still flashing and the unit has gotten quite warm.

      Thanks in advance for helping me get this unit going.

      1 Reply Last reply Reply Quote 0
      • R
        rpsmith
        last edited by

        I would reflash it. I don't think it will do an update on its own.

        https://docs.netgate.com/pfsense/en/latest/solutions/sg-1100/reinstall-pfsense.html

        Roy...

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          You don't need to reinstall. The problem is your Arris modem is handing out 192.168.1.x on the WAN side of the SG-3100 and the SG-3100 defaults to 192.168.1.x on the LAN side. You can't have it both places.

          So you have three choices:

          1. Bridge the Arris modem so it stops handing out private addresses (ideal)
          2. Change the LAN subnet on the Arris modem to something else
          3. Change the LAN subnet on the SG-3100 console to something else (e.g. 192.168.2.x)

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 2
          • ajtradtechA
            ajtradtech
            last edited by

            Thank you, @jimp! I took the 3rd option and voilá, I was able to access the web ui and perform the initial setup. The dashboard is a beautiful sight.

            Do you know if it's still possible to obtain 2.4.4p3? I feel I should have that handy before attempting upgrade to 2.4.5.

            -Alan

            1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              You can ask via https://go.netgate.com and the support team can see if they can get you the image. Since you are starting fresh that isn't likely to be a concern, though.

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              R 1 Reply Last reply Reply Quote 0
              • ajtradtechA
                ajtradtech
                last edited by

                Got it. Thank you.

                1 Reply Last reply Reply Quote 0
                • R
                  rpsmith
                  last edited by

                  You really need to get your cable company to put you modem in Bridge Mode. That is the only way to get a public IP on your WAN. Without that you won't be able to forward any ports from the Internet to any of your LAN devices.

                  Roy...

                  ajtradtechA 1 Reply Last reply Reply Quote 0
                  • R
                    rpsmith @jimp
                    last edited by rpsmith

                    Good call Jim! I didn't pick up on that.

                    Roy...

                    1 Reply Last reply Reply Quote 0
                    • ajtradtechA
                      ajtradtech @rpsmith
                      last edited by

                      @rpsmith said in New SG-3100. Cannot access Setup Wizard/Web UI:

                      You really need to get your cable company to put you modem in Bridge Mode. That is the only way to get a public IP on your WAN. Without that you won't be able to forward any ports from the Internet to any of your LAN devices.

                      Roy...

                      Thanks for that tip. Gathering info on how to configure my gateway for IP Passthrough. That's the Arris/AT&T equivalent of bridge mode.

                      Currently, my SG is connected the gateway, but not to my home network while I get the firewall rules squared away.

                      -Alan

                      GertjanG R 2 Replies Last reply Reply Quote 0
                      • GertjanG
                        Gertjan @ajtradtech
                        last edited by Gertjan

                        @ajtradtech said in New SG-3100. Cannot access Setup Wizard/Web UI:

                        but not to my home network while I get the firewall rules squared away.

                        If your home network, your LAN, only has devices you trust, you have nothing to do. The default WAN rules, that is no rules at all, and one default pass all rule on LAN, works well.

                        If you have devices that you don't trust, never forget the most logic action : remove the device from all known networks. Like this, the unknown issue bug will never bite you. This solution is fool proof for live and beyond.
                        If you have to accept this non trusted device on your network, put it on a dedicated, sedonc (third) network that can only communicate to the Internet, and you decide with rules, for this (these) devices(s) where to, with who, etc. When you make an error, you won't risk much. Never have these devices access your LAN based (trusted) devices.
                        Using internal networks like this is they way firewalls routers should be used. Always keep it simple (for yourself) and try to make firewall rules that you understand and are able to test. For that matter, don't even trust your own firewall : test what you want to achieve.

                        No "help me" PM's please. Use the forum, the community will thank you.
                        Edit : and where are the logs ??

                        ajtradtechA 1 Reply Last reply Reply Quote 0
                        • R
                          rpsmith @ajtradtech
                          last edited by rpsmith

                          @ajtradtech
                          If you are using u-verse, good luck with getting IP Passthrough to work. Seems like every time I figure out how to enable it, they change the firmware and redo all the menus.

                          Roy...

                          1 Reply Last reply Reply Quote 0
                          • ajtradtechA
                            ajtradtech @Gertjan
                            last edited by

                            @Gertjan said in New SG-3100. Cannot access Setup Wizard/Web UI:

                            @ajtradtech said in New SG-3100. Cannot access Setup Wizard/Web UI:

                            but not to my home network while I get the firewall rules squared away.

                            If your home network, your LAN, only has devices you trust, you have nothing to do. The default WAN rules, that is no rules at all, and one default pass all rule on LAN, works well.

                            If you have devices that you don't trust, never forget the most logic action : remove the device from all known networks. Like this, the unknown issue bug will never bite you. This solution is fool proof for live and beyond.
                            If you have to accept this non trusted device on your network, put it on a dedicated, sedonc (third) network that can only communicate to the Internet, and you decide with rules, for this (these) devices(s) where to, with who, etc. When you make an error, you won't risk much. Never have these devices access your LAN based (trusted) devices.
                            Using internal networks like this is they way firewalls routers should be used. Always keep it simple (for yourself) and try to make firewall rules that you understand and are able to test. For that matter, don't even trust your own firewall : test what you want to achieve.

                            Thanks for your advice. It mirrors what I'll be attempting- segregating some IoT devices. I'll start a separate thread for that, though. Looking forward to the community's input there. I've unlocked some interesting opportunities with this pfSense box!

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.