Very unreliable SG-4860; weird behaviour and interfaces



  • I have been trying to setup a SG-4860 appliance with seemingly problem after problem even though I start from scratch each time.

    The problem seems to be I'll get to the point where interfaces are configured and I have put in firewall rules that are completely permissive. No firewall issues at all.

    Suddenly the LAN interface loses its static IP and the WAN interface becomes inaccessible.

    Attempting to access the webconfig via WAN leads to an empty page - and any of the php URLs gives an nginx 404 error.

    The box is accessible via ssh and I can go in and see that the LAN IP is lost or something else strange has happened.

    The WEIRDEST thing is that even when I have EVERY FIREWALL RULE set to permissive: permitted traffic is BLOCKED!

    Apr 30 06:40:39  ► WAN      10.57.0.2:7512     208.123.73.85:80 TCP:FA

    This might be the state expiring etc but I have it on conservative and I don't have any lag issues at all on my network. This means the web interface has very laggy times when a reload etc doesn't happen or it hangs. It really is very frustrating.

    The weird thing is that the hardware is setup as such after a FACTORY RESET:

    WAN
    igb1 (00:08:xx:xx:96:b8)

    LAN
    igb0 (00:08:xx:xx:96:b7)

    OPT1
    igb2 (00:08:xx:xx:96:b3)

    OPT2
    igb3 (00:08:xx:xx:96:b4)

    OPT3
    igb4 (00:08:xx:xx:96:b5)

    OPT4
    igb5 (00:08:xx:xx:96:b6)

    Are the interface igbX and the MAC addresses consistent with a factory setup?

    I have reset to factory setting many times.

    Only one issue is that my first attempt to setup was from a backup from a 2.3 install of COMMUNITY edition.

    I realised that this had messed things up and I factory restored.

    The whole thing is erratic and I really wouldn't rely on this at all as it is acting like a total POS.

    If anyone could help I'd appreciate it otherwise this thing is going back.

    NB: I have used 2.3 successfully as a Hyper-V machine for weeks so I am aware of how to setup etc. The SG-4860 seems to be a POS - or at least this one is.



  • Are the interface igbX and the MAC addresses consistent with a factory setup?

    They are matching and fitting like you were configuring them.

    I have reset to factory setting many times

    And why? if the newer version 2.3 is not really matching or buggy or something else the SG-4860
    unit it self is not be able to be guilty or am I wrong.

    Only one issue is that my first attempt to setup was from a backup from a 2.3 install of COMMUNITY edition.

    This might be not really the problem at all! Only the pre-tunings are interesting in that edition in my
    eyes if not correct me please, well to know that too. Again, take the SG-4860 unit and do a fresh install
    on the EMMC or mSATA or SSD or what ever you are using as the storage inside of that unit, and please
    take the ADI version 64Bit 2.2.6. If this is running then fine you should be waiting until the 2.3 or 2.3.1
    is running fine without any reported back issues and/or failures and then upgrade to the 2.3.x

    I realised that this had messed things up and I factory restored.

    But please the using the ADI 64Bit image!

    The whole thing is erratic and I really wouldn't rely on this at all as it is acting like a total POS.

    What exactly was changed in hardware on the SG-4860 side? Nothing in my eyes, but the pfSense version 2.3
    was pretty new on this or? And so the unit can not be the failing one in my eyes.

    If anyone could help I'd appreciate it otherwise this thing is going back.

    Pressing peoples will having now effect here and crying likes a tiny school kid is also not really useful
    in such a case! If you can get the ADI 64Bit version 2.2.6 get it and install it, fresh and full!
    Wait until the next release is stable and/or reported as running fine.

    What do you are saying to Microsoft if the last Update is killing your PC? Nothing, you play back to
    the last returning point in you MS Windows installation and wait until the behavior is solved out.

    And why you can´t do this here together with pfSense too?

    NB: I have used 2.3 successfully as a Hyper-V machine for weeks so I am aware of how to setup etc. The SG-4860 seems to be a POS - or at least this one is.

    Hyper-V is not the SG-4860 and not the XG-1500 and not another hardware, this is likes comparing eggs
    and pigs against each of the other, based on the circumstance that both words containing a "g" inside of
    the word or their name.

    And if there will be something wrong pending on a hardware failure or software issues that you not have to
    point on your side or to your person, I am pretty well thinking that the support@pfSense .org is more then
    happy to help you out of your situation, with a workaround or other things, and yes they will not count that
    as an support call from your both calls you get on top of this units! This here is a user to user forum,
    moderated but a user forum and not the support agency from pfSense. Please understand this.


  • Rebel Alliance

    Is the console still working when LAN/WAN-connections are lost?

    If yes: Are there any "timeout" messages when you type "dmesg" in the shell or in "clog /var/log/system.log" ?



  • On my fifth go I am getting progress in stability. I decided to start completely fresh and not restore anything including certs etc.

    I also decided to just use HTTP and not go HTTPS as its not public facing at all. That was causing alot of extra grief.

    I still have the issue of the interfaces being numbered out of order.

    I'm certain this caused me to lose my second attempt. The first was the accidental Community Edition logo that came up after a config restore.

    The second I did by hand and chose igb0 for WAN and igb1 for LAN expecting the 0 and 1 to correspond to the first and second physical ports! Plugged in after wizard was done and got nowhere and reset.

    Is the numbering on these machines always like this??

    igb1 is first port and igb0 is second port? igb2 is third etc… Why??

    Now I am working it as a router on a stick with only a WAN port operational serving only DNS and VPN both client and server and it is stable with HTTP web config.

    The WAN is on a /30 network with my main Mikrotik router and it all seems good now.

    But the port numbering really messed me up for a bit.

    I want to get the serial console working too for future - can I do it just using a USB cable and linux? I use Archlinux on a laptop. I think gnu screen will work but I don't know which device to connect to ie. /dev/.... but am guessing "lsusb" might reveal it if I plug in the router on a USB cable? Yes?



  • https://www.netgate.com/docs/rcc-dff-2220/freebsd.html

    confirms the quirky port numbering. Would have been nice to know in advance.

    https://www.netgate.com/docs/reference/rcc-ve-serial-console.html

    How to connect to serial console.

    i ran into all sorts of issues where the router became unreachable. On one early attempt just deleting completely unrelated test vlans not in use made the router unreachable. I hit some undocumented bugs for sure but we'll see how it goes.



  • @oben:

    confirms the quirky port numbering. Would have been nice to know in advance.

    You're provided a Quick Start Guide, which includes that on the very first page. Not sure how you expected to be informed of that if you didn't even look at the first page of the quick start guide.

    @oben:

    i ran into all sorts of issues where the router became unreachable. On one early attempt just deleting completely unrelated test vlans not in use made the router unreachable. I hit some undocumented bugs for sure but we'll see how it goes.

    Anything you're encountering there isn't specific to a 4860 or any particular hardware. I add and remove VLANs on live systems all the time and haven't broken anything, but there are always possibilities for edge case issues. If you have a replicable "do this and it breaks", I definitely want to know.



  • After getting the interface numbering right and starting completely fresh I'm finally at a point where I have gradually started migrating my VLANs over and its going well.

    I think I might have got a different start guide for the smaller devices which give the numbering in the ordinal way.

    And how it seems Ok.



  • How do I get my "free" copy of the book as a hardware purchaser?

    Or is it just extra?





  • I mean the pfsense Book.

    Not the hardware installation guide.



  • How do I get my "free" copy of the book as a hardware purchaser?

    Create an account at pfSense.org (pfSense shop) and then register your unit (the SG-4860)
    and then you will be able to download this book as I am right informed, please correct me if not.



  • BlueKobold's method worked for me. Try here for the HTML version: https://portal.pfsense.org/docs/book/

    If you aren't logged into the pfsense support portal you'll get a login screen asking for the user/pass for your pfSense store account.


Log in to reply