background image

Security Gateway Manual

XG-7100-1U

Terminal Settings

The settings to use within the terminal program are:

Speed

115200 baud, the speed of the BIOS

Data bits

8

Parity

none

Stop bits

1

Flow Control Off

or

XON/OFF

. Hardware flow control (RTS/CTS) must be

disabled

.

2.2.5 Troubleshooting

No Serial Output

If there is no output at all, check the following items:

• Ensure the cable is correctly attached and fully inserted

• Ensure the terminal program is using the correct port

• Ensure the terminal program is configured for the correct speed. The default BIOS speed is

115200

, and many

other modern operating systems use that speed as well. Some older operating systems or custom configurations
may use slower speeds such as

9600

or

38400

.

• Ensure the operating system is configured for the proper console (e.g.

ttyS1

in Linux). Consult the various

operating install guides on this site for further information.

PuTTY has issues with line drawing

PuTTY generally handles most cases OK but can have issues with line drawing characters on certain platforms.

These settings seem to work best (tested on Windows):

Window Columns x Rows

=

80x24

Window > Appearance Font

=

Courier New 10pt

or

Consolas 10pt

Window > Translation Remote Character Set

=

Use font encoding

or

UTF-8

Window > Translation Handling of line drawing characters

=

Use font in both ANSI and OEM modes

or

Use Unicode line drawing code points

Window > Colours Indicate bolded text by changing

= The colour

Garbled Serial Output

If the serial output appears to be garbled, binary, or random characters check the following items:

• Ensure the terminal program is configured for the correct speed. (See

No Serial Output

)

• Ensure the terminal program is configured for the proper character encoding, such as

UTF-8

or

Latin-1

, de-

pending on the operating system. (See

GNU Screen

)

© Copyright 2020 Rubicon Communications LLC

50

Summary of Contents for XG-7100-1U

Page 1: ...Security Gateway Manual XG 7100 1U Copyright 2020 Rubicon Communications LLC Aug 21 2020 ...

Page 2: ...CONTENTS 1 Out of the Box 2 2 How To Guides 31 3 References 76 i ...

Page 3: ...00 1U Firewall Appliance and will provide the information needed to keep the appliance up and running Tip Before getting started we recommend downloading the PDF version of the Product Manual as well as the PDF version of the pfSense Book in the event that you get knocked offline Copyright 2020 Rubicon Communications LLC 1 ...

Page 4: ...umbered For the purpose of this installation please select port 1 The next step is to connect the LAN port shown in the Input and Output Ports section of the Netgate appliance to the computer which will be used to access the firewall console Connect one end of the second Ethernet cable to the LAN port shown in the Input and Output Ports section of the Netgate appliance Connect the other end to the...

Page 5: ...ser may respond with a message indicating a problem with website security Below is a typical example in Google Chrome If this message or similar message is encountered it is safe to proceed At the login page enter the default pfSense password and username Username admin Password pfsense Click Login to continue Copyright 2020 Rubicon Communications LLC 3 ...

Page 6: ...e pfsense for the hostname The default hostname pfsense may be left un changed Once saved in the configuration the GUI may be accessed by entering http pfsense as well as http 192 168 1 1 1 1 6 Domain If an existing DNS domain is in use within the local network such as a Microsoft Active Directory domain use that domain here This is the domain suffix assigned to DHCP clients which should match the...

Page 7: ...er using Google public DNS servers 8 8 8 8 8 8 4 4 Google DNS servers are used for the purpose of this tutorial Click Next after filling in the fields as appropriate 1 1 8 Time Server Configuration 1 1 9 Time Server Synchronization Setting time server synchronization is quite simple We recommend using the default pfSense time server address which will randomly select an NTP server from a pool 1 1 ...

Page 8: ...f the old firewall may be entered here if it can be determined This can help avoid issues involved in switching out firewalls such as ARP caches ISPs locking to single MAC addresses etc If the MAC address of the old firewall cannot be located the impact is most likely insignificant Power cycle the ISP router and modem and the new MAC address will usually be able to get online For some ISPs it may ...

Page 9: ...fically require a DHCP Hostname entry Unless the ISP requires the setting leave it blank 1 1 15 Configuring PPPoE and PPTP Interfaces Information added in these sections is assigned by the ISP Configure these settings as directed by the ISP Copyright 2020 Rubicon Communications LLC 7 ...

Page 10: ...he following inbound address Ranges are blocked by this firewall rule 10 0 0 1 to 10 255 255 255 172 16 0 1 to 172 31 255 254 192 168 0 1 to 192 168 255 254 127 0 0 0 8 100 64 0 0 10 fc00 7 Bogons are public IP addresses that have not yet been allocated so they may typically also be safely blocked as they should not be in active use Check Block RFC1918 Private Networks and Block Bogon Networks Cli...

Page 11: ...12 RFC1918 private address block are the least frequently used We recommend selecting a block of addresses between 172 16 x x and 172 31 x x for least likelihood of having VPN connectivity difficulties An example of a conflict would be If the local LAN is set to 192 168 1 x and a remote user is connected to a wireless hotspot using 192 168 1 x very common the remote client won t be able to communi...

Page 12: ... as highlighted The Dashboard display will follow 1 1 21 Backing Up and Restoring At this point basic LAN and WAN interface configuration is complete Before proceeding backup the firewall con figuration From the menu at the top of the page browse to Diagnostics Backup Restore Copyright 2020 Rubicon Communications LLC 10 ...

Page 13: ...1U Click Download Configuration and save a copy of the firewall configuration This configuration can be restored from the same screen by choosing the backup file under Restore configuration Copyright 2020 Rubicon Communications LLC 11 ...

Page 14: ...If your DSL or Cable Modem has a default IP Address of 192 168 1 1 please disconnect the Ethernet cable from the ETH1 port on your XG 7100 1U Netgate Security Gateway before proceeding You will need to change the default IP Address of the device during a later step in the configuration 1 From the computer log into the Web Interface Open a web browser Google Chrome in this example and type in 192 1...

Page 15: ...e pfsense is used Domain The default localdomain is used for the purposes of this tutorial DNS Servers For purposes of this setup guide use the Google public DNS servers 8 8 8 8 and 8 8 4 4 4 Use the following information for the Time Server Information page Time Server Hostname Use the default pfSense time server address Timezone Select the time zone for the location of the firewall For this guid...

Page 16: ...Security Gateway Manual XG 7100 1U Fig 3 Click Next Fig 4 Type in the DNS Server information and Click Next Copyright 2020 Rubicon Communications LLC 14 ...

Page 17: ...Security Gateway Manual XG 7100 1U Fig 5 Change the Timezone and Click Next Fig 6 Default Settings Should be Acceptable Click Next Copyright 2020 Rubicon Communications LLC 15 ...

Page 18: ...e the Admin Password Enter the same password in both fields 8 Click Reload to save the configuration 9 After a few seconds a message will indicate the Setup Wizard has completed To proceed to the pfSense dashboard click Finish 10 A final notification screen will appear stating that NO COMMERCIAL DISTRIBUTION Click Accept to continue to the pfSense dashboard Fig 7 Read and Click Accept If you unplu...

Page 19: ...through the dashboard This orientation will help to navigate and further configure the firewall Fig 8 The pfSense Dashboard Section 1 shows important system information such as the model Serial Number and Netgate Device ID for this Netgate firewall Section 2 identifies what version of pfSense software is installed and if an update is available Section 3 describes Netgate Service and Support Sectio...

Page 20: ...to updating or making any configuration changes From the menu at the top of the page browse to Diagnostics Backup Restore Fig 10 Backup Restore Click Download configuration as XML and save a copy of the firewall configuration to the computer con nected to the Netgate firewall This backup or any backup can be restored from the same screen by choosing the backed up file under Restore Configuration C...

Page 21: ...he Auto Config Backup page for more information Connecting to the Console There are times when accessing the console is required Perhaps GUI console access has been locked out or the password has been lost or forgotten See also Connecting to the Console Port Connect to the console Cable is required Tip To learn more about getting the most out of your Netgate appliance sign up for a pfSense Trainin...

Page 22: ... Interface Card for the High Availability HA connections WAN LAN and Sync on this product for complete failover and redundancy For more information review the High Availability section of the XG 7100 Switch Overview page Warning LAGG has limited support currently on the ethernet switchports Load Balance mode only For more information review the Switch LAGG section of the XG 7100 Switch Overview pa...

Page 23: ...ink speed no 1G support SFP AoCs Active optical Cables Note Limited to 10G link speed no 1G support Third party SFP SR LR dual speed 1G 10G optical modules SFP active copper cables 1000BASE SX 1000BASE LX optical modules Specific known working modules include Model Part Number Description Finisar FTLF1318P3BTL 1000BASE LX and 1G Fibre Channel 1GFC 10km Industrial Temperature Gen 3 SFP Optical Tran...

Page 24: ...ense software Recessed Reset Button performs a hard reset immediately turning the system off 1x USB 3 0 Status LED Power PWR LED green when powered on red after a graceful shutdown Console Mini USB 2x USB 2 0 Note When a graceful shutdown is performed the XG 7100 Power PWR LED will turn red but will stay lit The Ethernet activity LEDs will turn off The power supply fan will continue to run Turning...

Page 25: ...e to the equipment or pose a fire hazard if the limitations are not followed 2 There are no operator serviceable parts inside this equipment Service should be provided only by a qualified service technician 3 This equipment is provided with a detachable power cord which has an integral safety ground wire intended for connection to a grounded safety outlet a Do not substitute the power cord with on...

Page 26: ...l numérique de la classe B est conforme à la norme NMB 3 B Canada 1 5 5 Australia and New Zealand This is a AMC Compliance level 2 product This product is suitable for domestic environments 1 5 6 CE Marking CE marking on this product represents the product is in compliance with all directives that are applicable to it 1 5 7 RoHS WEEE Compliance Statement English European Directive 2002 96 EC requi...

Page 27: ... eliminación de residuos de su zona o pregunte en la tienda donde adquirió el producto Français La directive européenne 2002 96 CE exige que l équipement sur lequel est apposé ce symbole sur le produit et ou son emballage ne soit pas jeté avec les autres ordures ménagères Ce symbole indique que le produit doit être éliminé dans un circuit distinct de celui pour les déchets des ménages Il est de vo...

Page 28: ...declares that this NETGATE device is in compliance with the essential requirements and other relevant provisions of Directive 1999 5 EC Eesti Estonian Käesolevaga kinnitab NETGATE seadme NETGATE device vastavust direktiivi 1999 5 EÜ põhinõuetele ja nimetatud direktiivist tulenevatele teistele asjakohastele sätetele Suomi Finnish NETGATE vakuuttaa täten että NETGATE device tyyppinen laite on direkt...

Page 29: ...TGATE device è conforme ai requisiti essenziali ed alle altre disposizioni pertinenti stabilite dalla direttiva 1999 5 CE Latviski Latvian Ar o NETGATE deklar ka NETGATE device atbilst Direkt vas 1999 5 EK b tiskaj m pras b m un citiem ar to saist tajiem noteikumiem Lietuviškai Lithuanian NETGATE deklaruoja kad šis NETGATE ı renginys atitinka esminius reikalavimus ir kitas 1999 5 EB Direktyvos nuo...

Page 30: ...omâna Romanian Prin prezenta NETGATE declara ca acest dispozitiv NETGATE este în conformitate cu cerint ele esent iale s i alte prevederi relevante ale Directivei 1999 5 CE 1 5 9 Disputes ANY DISPUTE OR CLAIM RELATING IN ANY WAY TO YOUR USE OF ANY PRODUCTS SERVICES OR TO ANY PRODUCTS OR SERVICES SOLD OR DISTRIBUTED BY RCL OR ESF WILL BE RESOLVED BY BINDING ARBITRATION IN AUSTIN TEXAS RATHER THAN I...

Page 31: ...orced by the courts located in Austin Texas or any other court having jurisdiction over you 1 5 11 Site Policies Modification and Severability Please review our other policies such as our pricing policy posted on our websites These policies also govern your use of Products Services We reserve the right to make changes to our site policies service terms and these terms and conditions of use at any ...

Page 32: ...ND FITNESS FOR A PAR TICULAR PURPOSE RCL AND ESF DO NOT WARRANT THAT THE PRODUCTS SERVICES INFORMA TION CONTENT MATERIALS PRODUCTS INCLUDING SOFTWARE OR OTHER SERVICES INCLUDED ON OR OTHERWISE MADE AVAILABLE TO YOU THROUGH THE PRODUCTS SERVICES RCL S OR ESF S SERVERS OR ELECTRONIC COMMUNICATIONS SENT FROM RCL OR ESF ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS RCL AND ESF WILL NOT BE LIABLE FOR...

Page 33: ...rts are set up see Switch Ports Overview 2 1 1 Switch Section From the pfSense webGUI there is a menu option called Switches under the Interfaces drop down This section contains switch specific configuration options Selecting Switches from the drop down will bring up the Switch page with four sections 31 ...

Page 34: ...ed this section can also be used to specify the native VLAN ID for each port The Port VID defined will be used to tag inbound untagged traffic VLANs Enable Disable 802 1q VLAN mode Configure VLAN access trunk interfaces with 802 1q or configure port groups with Port VLAN Mode 2 1 2 Interfaces Section There is also relevant configurations under Interfaces Assignments Copyright 2020 Rubicon Communic...

Page 35: ...Security Gateway Manual XG 7100 1U Fig 3 802 1q enabled default Fig 4 Port VLAN Mode Copyright 2020 Rubicon Communications LLC 33 ...

Page 36: ...Security Gateway Manual XG 7100 1U Fig 5 802 1q enabled default Fig 6 Port VLAN Mode Copyright 2020 Rubicon Communications LLC 34 ...

Page 37: ...nstead VLANs Under VLANs the default WAN and LAN VLAN can be seen Additional VLAN networks that will be used by the switch should be defined here with lagg0 as the parent interface Any additional VLAN interface added to the switch should also be added enabled and configured under Interface Assignments Firewall rules will also be needed for new interfaces added LAGGs Under LAGGs the default lagg0 c...

Page 38: ...erform the WAN interface reassignment over console Re assigning the WAN can be done from the webGUI as well This is what the default interface assignments look like on a XG 7100 without an addon NIC In this example ix0 will be WAN so select option 1 to re assign WAN from lagg0 4090 to ix0 No additional VLANs are needed for this so enter n to continue Input ix0 as the new WAN interface name Copyrig...

Page 39: ... 1U Input the same default LAN interface of lagg0 4091 for the LAN interface name and press Enter to complete the interface reassignment The interface assignments should show like this now Copyright 2020 Rubicon Communications LLC 37 ...

Page 40: ...updated so that ETH1 previously WAN acts the same as ETH2 8 This will be done from the webGUI From the webGUI pull up the Switch VLAN configuration under Interfaces Switches VLANs VLAN 4090 is no longer needed since WAN is dedicated to ix0 now You can either select on the row containing 4090 to delete this entry or click to remove port 1 as a member Copyright 2020 Rubicon Communications LLC 38 ...

Page 41: ...he switch with Now edit the VLAN 4091 entry to include Member 1 as shown below Next update the PVID for ETH1 so that it uses VLAN 4091 rather than the old VLAN 4090 To do this click on the Ports tab and click on the 4090 Port VID to modify it Copyright 2020 Rubicon Communications LLC 39 ...

Page 42: ...ll act as a single LAN switch One final step that should be performed is to remove the old VLAN 4090 from pfSense So far VLAN 4090 was only removed from the switch To remove the old VLAN go to Interfaces Assignments VLANs and use on the 4090 row to remove this VLAN interface Copyright 2020 Rubicon Communications LLC 40 ...

Page 43: ...e first Similar to the existing LAN interface another VLAN interface should be used so the switch can segment traffic appropriately Create a new VLAN with lagg0 as the parent under Interfaces Assignments VLANs Once the VLAN has been created it should look something like this Add enable and configure the VLAN interface under Interfaces Assignments Copyright 2020 Rubicon Communications LLC 41 ...

Page 44: ...onfigure the switch so that ETH1 4 use the new network To do this go to Interfaces Switches VLANs and click the Add Tag button Input the VLAN tag for the new network same as the VLAN ID configured in the previous steps and add ETH1 4 and PORT9 10 uplinks as members Be sure 9 and 10 are marked as tagged Copyright 2020 Rubicon Communications LLC 42 ...

Page 45: ...lete the untagged members 1 2 3 4 from VLAN group 2 and click the Save button The final result should look like this Lastly update the Port VIDs to use the new 4081 VLAN rather than 4091 on ETH1 4 and click Save Copyright 2020 Rubicon Communications LLC 43 ...

Page 46: ...rior to hitting pfSense Devices on this VLAN may come through on ETH8 but there may also be untagged client traffic First create the management VLAN of 4000 in pfSense using the same steps in the previous example up to the switch configuration part Next add the VLAN to the switch under Interfaces Switches VLANs ETH8 and PORT9 10 should be added as members and all three will be marked as tagged Onc...

Page 47: ...river A Silicon Labs CP210x USB to UART Bridge driver is used to provide access to the console which is exposed via the USB Mini b 5 pin port on the appliance If needed install an appropriate Silicon Labs CP210x USB to UART Bridge driver on the workstation used to connect with the system Windows There are drivers available for Windows available for download Mac OSX There are drivers available for ...

Page 48: ...re will be a tangible click snap or similar indication when the cable is fully engaged 2 2 3 Locate the Console Port Device The appropriate console port device that the workstation assigned as the serial port must be located before attempting to connect to the console Note Even if the serial port was assigned in the BIOS the workstation s OS may remap it to a different COM Port Windows To locate t...

Page 49: ...ges about the device attaching in the system log files or by running dmesg Note If the device does not appear in dev see the note above in the driver section about manually loading the Linux driver and then try again FreeBSD The device associated with the system console is likely to show up as dev cuaU0 Look for messages about the device attaching in the system log files or by running dmesg Copyri...

Page 50: ...ent Specific Examples PuTTY Open PuTTY and select Session under Category on the left hand side Next set the Connection type to Serial Then set Serial line to the console port that was located above in Locate the Console Port Device and the Speed to 115200 bits per second Click the Open button and the console screen will be displayed GNU screen In many cases screen may be invoked simply by using th...

Page 51: ...Security Gateway Manual XG 7100 1U Fig 7 An example of using PuTTY in Windows Copyright 2020 Rubicon Communications LLC 49 ...

Page 52: ...t the various operating install guides on this site for further information PuTTY has issues with line drawing PuTTY generally handles most cases OK but can have issues with line drawing characters on certain platforms These settings seem to work best tested on Windows Window Columns x Rows 80x24 Window Appearance Font Courier New 10pt or Consolas 10pt Window Translation Remote Character Set Use f...

Page 53: ... 4 5 p1 RELEASE amd64 img gz Note The pfSense factory version is the version that is preinstalled on units purchased from Netgate The factory image is optimally tuned for our hardware and contains some features that cannot be found elsewhere such as the AWS VPN Wizard 2 Write the image to a USB memstick Locating the image and writing it to a USB memstick is covered in detail under Writing Flash Dr...

Page 54: ...t Reboot and press Enter The system will shutdown and reboot Dec 21 22 41 37 Waiting max 60 seconds for system process vnlru to stop d one Waiting max 60 seconds for system process syncer to stop Waiting max 60 seconds for system process bufdaemon to stop done All buffers synced Uptime 5m43s umass0 detached 11 Remove the USB drive from the USB port pfSense will restart automatically If the USB dri...

Page 55: ...oughout this procedure 4 Any hardware damage incurred during this procedure is not covered by the hardware warranty Note By default the M 2 SATA drive will be the first drive recognized by the Netgate device pfSense must be reinstalled on the M 2 SATA drive Note The XG 7100 1U does not support NVMe drives The M 2 SATA slot is located underneath the XG 7100 system board so the entire board must be ...

Page 56: ...ng Be sure to pull from the connectors not the wires 4 Remove the four 4 system board screws and gently slide system board away from the front faceplate until the board is free 5 Turn the board over and locate the M 2 SATA slot 6 Insert the gold leads of the M 2 SATA drive into the slot at the angle shown Note Be sure the drive label is facing up and can be seen The drive slot is keyed and the dri...

Page 57: ...Security Gateway Manual XG 7100 1U Fig 10 Fan Connector Locations Copyright 2020 Rubicon Communications LLC 55 ...

Page 58: ...Security Gateway Manual XG 7100 1U Fig 11 Board Screw Locations Copyright 2020 Rubicon Communications LLC 56 ...

Page 59: ...Security Gateway Manual XG 7100 1U Fig 12 M 2 SATA Slot Location Copyright 2020 Rubicon Communications LLC 57 ...

Page 60: ...Security Gateway Manual XG 7100 1U Fig 13 M 2 SATA Drive Properly Inserted into the Slot Copyright 2020 Rubicon Communications LLC 58 ...

Page 61: ...Replace the lid and lid screws Be sure the L Bracket is not pinched by the lid 11 Reinstall the pfSense software on the new M 2 SATA drive 12 Restore your configuration backup if you have one 2 5 Expansion Card Installation The XG 7100 1U has a x4 PCIe expansion bus By default the expansion card riser and extender are not installed unless purchased separately with an expansion card Note Although t...

Page 62: ...Security Gateway Manual XG 7100 1U Fig 15 M 2 SATA Drive Installed Copyright 2020 Rubicon Communications LLC 60 ...

Page 63: ...Security Gateway Manual XG 7100 1U Fig 16 Proper Placement of the Lid and L Bracket Copyright 2020 Rubicon Communications LLC 61 ...

Page 64: ...extender using the riser mounting bracket The instructions below are for installing an X710 expansion card but other expansion cards are installed the same way 1 Remove the seven 7 lid screws and remove the lid Note Some systems may only have six 6 lid screws 2 Remove the faceplate by unscrewing the 4 black faceplate screws 3 Remove the L Bracket behind the faceplate blank by unscrewing 1U Lid scr...

Page 65: ...Security Gateway Manual XG 7100 1U Fig 18 Lid Screws Fig 19 Remove the Faceplate Copyright 2020 Rubicon Communications LLC 63 ...

Page 66: ...Security Gateway Manual XG 7100 1U Fig 20 The L Bracket and Screw Copyright 2020 Rubicon Communications LLC 64 ...

Page 67: ...Security Gateway Manual XG 7100 1U Fig 21 Remove the L Bracket and Screw Copyright 2020 Rubicon Communications LLC 65 ...

Page 68: ...t the Expansion Card fully into the extender 11 Place the L Bracket behind the expansion card and screw into place using a Lid Screw 12 Reattach the faceplate with 4 black faceplate screws 13 Replace the lid 2 6 BIOS Flash Procedure 2 6 1 Update via the GUI Warning This only works with Netgate systems running pfSense version 2 3 or greater 1 To install the package navigate to System Package Manage...

Page 69: ...Security Gateway Manual XG 7100 1U Fig 23 Attach Riser to Bracket Copyright 2020 Rubicon Communications LLC 67 ...

Page 70: ...Security Gateway Manual XG 7100 1U Fig 24 Align the Riser to the Connector and Insert Copyright 2020 Rubicon Communications LLC 68 ...

Page 71: ...Security Gateway Manual XG 7100 1U Fig 25 Attach the Bracket to the Chassis Copyright 2020 Rubicon Communications LLC 69 ...

Page 72: ...Security Gateway Manual XG 7100 1U Fig 26 Line up the Extender with the Riser as shown Copyright 2020 Rubicon Communications LLC 70 ...

Page 73: ...Security Gateway Manual XG 7100 1U Fig 27 Extender seated into the Riser Copyright 2020 Rubicon Communications LLC 71 ...

Page 74: ...Security Gateway Manual XG 7100 1U Fig 28 Align Expansion Card with Extender Copyright 2020 Rubicon Communications LLC 72 ...

Page 75: ...Security Gateway Manual XG 7100 1U Fig 29 Insert Expansion Card Copyright 2020 Rubicon Communications LLC 73 ...

Page 76: ...Security Gateway Manual XG 7100 1U Fig 30 Secure the Expansion Card with the L Bracket Copyright 2020 Rubicon Communications LLC 74 ...

Page 77: ...alled navigate to System Netgate Coreboot Upgrade 6 This page will show you the latest version of Coreboot available and the current version that is running on the system If you happen to be on an older version of Coreboot then an Update button will be available to click Important Pay close attention to any disclaimers presented Some devices require a physical reboot or some step unique to that de...

Page 78: ...e interfaces are referred to as ETH1 ETH8 In addition to those 8 ports there are also three additional ports that operate behind the scenes PORT 0 PORT 9 ix2 and PORT 10 ix3 ETH1 ETH8 are gigabit switchports PORT 9 10 are 2 5 Gbps uplink switchports These two ports connect the ethernet switch to a Denverton SoC The SFP interfaces ix0 and ix1 also connect to this SoC The diagram below demonstrates ...

Page 79: ...etect this properly so the PRIMARY will remain PRIMARY on any switch interfaces that drop link The SECONDARY will also consider itself PRIMARY of the network associated to the switch link that dropped In this situation LAN clients will likely go through the SECONDARY but will not be able to get online if NAT is utilized with a WAN CARP IP It s possible to NAT to the WAN interface IP to get around ...

Page 80: ...igured as a WAN interface and ETH2 8 are configured as the LAN interface These eight switchports are customizable and each can be configured to act as an independent interface For example all of these configurations are possible ETH1 8 dedicated as a LAN switch ETH1 4 configured as a switch for LAN network A and ETH5 8 configured as a switch for LAN network B ETH1 8 configured as individual networ...

Page 81: ... completely transparent to clients It s used solely for segmenting switch traffic internally Aside from being able to specify whether a switchport should act as an access or trunk port it s also possible to disable 802 1q VLAN mode When this is done a third mode called Port VLAN Mode is enabled In this mode any and all VLAN tags are allowed on all ports No VLAN tags are added or removed Think of i...

Page 82: ...e This can be useful if you want a device other than pfSense to act as the primary uplink for those connected clients Since WAN and LAN are assigned to lagg0 4090 and lagg0 4091 if Port VLAN Mode is enabled be sure to update the LAN and WAN interface assignment to reference the appropriate VLAN Also remember to create the new VLANs with lagg0 as the parent interface If Port VLAN Mode is being used...

Page 83: ... and can be purchased and scheduled accordingly https www netgate com our services professional services html 3 2 4 Community Options If you elected not to get a paid support plan you can find help from the active and knowledgeable pfSense community on our forums https forum netgate com 3 3 Warranty and Support One year manufacturer s warranty Please contact Netgate for warranty information or vie...

Reviews: