SG3100 limitations
-
I am not sure where a i read it, but it was mentioned the code for pfSense is 64bit and running it on a 32bit CPU like the SG3100 has inside it has been 'challenging'. I have since moved away from my SG3100 in favor of a device that is more robust. Not saying I dont have any issues, but I have fewer issues running it now on the new hardware.
-
@burner27 I intend to switch to the SG5100 in the future
-
@luketa I didnt go that route.
-
for knowledge, i updated SG 3100 to version 21.05, updated successfully, no errors, but snort does not start.
-
If you are running pfBlocker, Snort or Suricata in 21.05 you will be hitting this bug on the 3100:
https://redmine.pfsense.org/issues/11466You should apply the patch listed there:
https://redmine.pfsense.org/attachments/download/3707/patch-disable-pcrejit-arm.diffI would also recommend running Suricata instead of Snort right now. I'm running that here without issue.
Steve
-
@stephenw10 I applied the patch, I have 2 WAN.
WAN2 started the snort service,
WAN1 is processing and does not start.
Would you have something to do to normalize?I would like to continue with snort.
thanks
-
Check the Snort logs for ruleset errors.
Usually (on other platforms!) if it doesn't start like that it's because you are loading signatures for a pre-processor that isn't enabled. The logs are pretty clear when that happens.
Steve
-
@stephenw10
tried everything to work snort, it really won't.I installed Suricata and it's running 100% on version 21.05
thank you all.
-
Yeah, I would use Suricata at least until this is resolved.
I opened a separate bug for the Snort issue as people were confusing it with the PHP issue and it's not the same problem at all: https://redmine.pfsense.org/issues/12157
Steve
-
@luketa said in SG3100 limitations:
@stephenw10
tried everything to work snort, it really won't.I installed Suricata and it's running 100% on version 21.05
thank you all.
Glad Suricata is working well for you. The Snort problem is a tough one to solve. Understanding the root cause of the error requires being skilled in the art of assembly language level programming in the ARM CPUs. It has to do with the specific CPU opcodes the compiler chooses to employ when converting certain memory operations coded in C into the binary CPU opcode equivalents.