Home
/
Rubicon
/
netgate XG-7100
/
Manual

Rubicon netgate XG-7100, Manual, Page: 54 / 57

Share

39 pages before
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57

Page: 54 / 57

Rubicon netgate XG-7100 Manual Download Page 54

Security Gateway Manual

XG-7100

When data is received on ETH1-8, the switch is capable of utilizing LAGG to determine whether that data should be
sent out of PORT 9 or PORT 10. That data then passes over one of two 2.5Gbps switch links (PORT 9/10) to the SoC.
Data coming from PORT 9 has a direct line to ix2 and data from PORT 10 has a direct line to ix3.

pfSense LAGG will then take in traffic from both

ix2

and

ix3

as though it came in on a single interface,

lagg0

. The

same concept applies to traffic sourcing from the pfSense LAGG to the switch LAGG.

3.1.3 Switch VLANs

By default, ETH1 on the the switch is configured as a WAN interface and ETH2-8 are configured as the LAN interface.
These eight switchports are customizable and each can be configured to act as an independent interface. For example,
all of these configurations are possible:

• ETH1-8 dedicated as a LAN switch

• ETH1-4 configured as a switch for LAN network A and ETH5-8 configured as a switch for LAN network B

• ETH1-8 configured as individual network interfaces

• ETH1 configured for WAN A, ETH2 configured for WAN B, ETH3 configured for LAN network A, ETH4-6

configured as a switch for LAN network B, and ETH8 configured as a H/A sync port.

These scenarios are possible by utilizing VLANs. Each of the switchports (ETH1-8 and PORT9-10) are VLAN aware
interfaces. They are capable of functioning like a standard access or trunk port:

Access Port:

Adds a VLAN tag to inbound untagged traffic

Trunk Port:

Allows tagged traffic containing specified VLAN IDs

In the default configuration, two VLANs are used to create the ETH1 WAN interface and ETH2-8 LAN interface:

WAN

VLAN 4090

LAN

VLAN 4091

ETH1-8 are configured to act as

Access

ports.

© Copyright 2020 Rubicon Communications LLC

52

«
...
52
53
54
55
56
...
»

Summary of Contents for netgate XG-7100

Page 1: ...Security Gateway Manual XG 7100 Copyright 2020 Rubicon Communications LLC Apr 16 2020 ...

Page 2: ...CONTENTS 1 Out of the Box 2 2 How To Guides 19 3 References 50 i ...

Page 3: ...is Quick Start Guide covers the first time connection procedures for the Netgate XG 7100 Desktop Firewall Appliance and will provide the information needed to keep the appliance up and running Copyright 2020 Rubicon Communications LLC 1 ...

Page 4: ...le to the WAN port shown in the Input and Output Ports section of the pfSense appliance The other end of the same cable should be inserted into a port of the Cable or DSL modem The modem provided by the ISP should have multiple LAN ports Any port should work Next connect one end of a second Ethernet cable to the LAN port shown in the Input and Output Ports section of the pfSense appliance Connect ...

Page 5: ...put and Output Ports section to turn on the pfSense Firewall Allow 4 or 5 minutes to boot up completely 1 From the computer log into the Web Interface Open a web browser Google Chrome in this example and type in 192 168 1 1 on the address bar Press Enter Fig 1 Enter the Default LAN IP Address 2 A warning message may appear If this message or similar message is encountered it is safe to proceed Cli...

Page 6: ...me pfsense is used Domain The default localdomain is used for the purposes of this tutorial DNS Servers For purposes of this setup guide use the Google public DNS servers 8 8 8 8 and 8 8 4 4 4 Use the following information for the Time Server Information page Time Server Hostname Use the default pfSense time server address Timezone Select the time zone for the location of the firewall For this gui...

Page 7: ...Security Gateway Manual XG 7100 Fig 4 Type in the DNS Server information and Click Next Fig 5 Change the Timezone and Click Next Copyright 2020 Rubicon Communications LLC 5 ...

Page 8: ...Sense dashboard This completes the basic configuration for the pfSense firewall 1 3 pfSense Overview This page provides an overview of the pfSense dashboard and navigation It also provides information on how to perform frequent tasks such as backing up the pfSense software and connecting to the pfSense firewall console 1 3 1 The Dashboard pfSense software is highly configurable all of which can be...

Page 9: ...Security Gateway Manual XG 7100 Fig 7 Read and Click Accept Fig 8 The pfSense Dashboard Copyright 2020 Rubicon Communications LLC 7 ...

Page 10: ...ck Download configuration as XML and save a copy of the firewall configuration to the computer con nected to the pfSense firewall This backup or any backup can be restored from the same screen by choosing the backed up file under Restore Configuration Note Auto Config Backup is a built in service located at Services Auto Config Backup This service will save up to 100 encrypted backup files automat...

Page 11: ...Security Gateway Manual XG 7100 Fig 10 Backup Restore Fig 11 Click Download configuration as XML Copyright 2020 Rubicon Communications LLC 9 ...

Page 12: ...rt currently on the ethernet switchports Load Balance mode only For more information review the Switch LAGG section of the XG 7100 Switch Overview page SFP Ethernet Ports IX0 IX1 IX0 IX1 are discrete ports each with dedicated 10 Gbps back to the Intel SoC Below are some general guidelines for compatible SFP SFP modules Intel branded SFP SR LR Dual Speed 1G 10G optical modules Intel branded SFP DA ...

Page 13: ...mperature SFP Optical Transceiver Note Links at 1G 2G is not supported Warning The ix 4 driver used for ports IX0 IX1 does not support ALTQ traffic shaping directly Limiters or tagged VLAN interfaces may be used for ALTQ traffic shaping Warning There is an Intel supplied driver issue for the C3000 preventing 1Gbps and 10Gbps copper modules from being recognized on the SFP ports Copper modules are ...

Page 14: ...cy and current requirements indicated on the manu facturer s label Connection to a different power source than those specified may result in improper operation damage to the equipment or pose a fire hazard if the limitations are not followed 2 There are no operator serviceable parts inside this equipment Service should be provided only by a qualified service technician 3 This equipment is provided...

Page 15: ...rectives that are applicable to it 1 5 7 RoHS WEEE Compliance Statement English European Directive 2002 96 EC requires that the equipment bearing this symbol on the product and or its packaging must not be disposed of with unsorted municipal waste The symbol indicates that this product should be disposed of separately from regular household waste streams It is your responsibility to dispose of thi...

Page 16: ...utre matériel électrique ou électronique par les moyens de collecte indiqués par le gouvernement et les pouvoirs publics des collectivités territoriales L élimination et le recyclage en bonne et due forme ont pour but de lutter contre l impact néfaste potentiel de ce type de produits sur l environnement et la santé publique Pour plus d informations sur le mode d élimination de votre ancien équipem...

Page 17: ...s French Par la présente NETGATE déclare que l appareil Netgate device est conforme aux exigences essentielles et aux autres dispositions pertinentes de la directive 1999 5 CE Deutsch German Hiermit erklärt Netgate dass sich diese NETGATE device in Übereinstimmung mit den grundlegenden Anforderun gen und den anderen relevanten Vorschriften der Richtlinie 1999 5 EG befindet BMWi ΕλληνικH Greek ΜΕ Τ...

Page 18: ... NETGATE t mto vyhlasuje e NETGATE device sp a základné po iadavky a v etky príslu né ustanovenia Smernice 1999 5 ES Svenska Swedish Härmed intygar NETGATE att denna NETGATE device står I överensstämmelse med de väsentliga egenskapskrav och övriga relevanta bestämmelser som framgår av direktiv 1999 5 EG Español Spanish Por medio de la presente NETGATE declara que el NETGATE device cumple con los r...

Page 19: ... by the AAA s rules We each agree that any dispute resolution proceedings will be conducted only on an individual basis and not in a class consolidated or representative action We also both agree that you or we may bring suit in court to enjoin infringement or other misuse of intellectual property rights 1 5 10 Applicable Law By using any Products Services you agree that the Federal Arbitration Ac...

Page 20: ...F ANY KIND EXPRESS OR IMPLIED AS TO THE OPERATION OF THE PRODUCTS SERVICES OR THE INFORMATION CONTENT MATERIALS PRODUCTS INCLUDING SOFTWARE OR OTHER SERVICES INCLUDED ON OR OTHERWISE MADE AVAILABLE TO YOU THROUGH THE PRODUCTS SERVICES UN LESS OTHERWISE SPECIFIED IN WRITING YOU EXPRESSLY AGREE THAT YOUR USE OF THE PROD UCTS SERVICES IS AT YOUR SOLE RISK TO THE FULL EXTENT PERMISSIBLE BY APPLICABLE ...

Page 21: ...rts are set up see Switch Ports Overview 2 1 1 Switch Section From the pfSense webGUI there is a menu option called Switches under the Interfaces drop down This section contains switch specific configuration options Selecting Switches from the drop down will bring up the Switch page with four sections 19 ...

Page 22: ...s Enable Disable 802 1q VLAN mode Configure VLAN access trunk interfaces with 802 1q or configure port groups with Port VLAN Mode 2 1 2 Interfaces Section There is also relevant configurations under Interfaces Assignments Interface Assignments Under Interface Assignments notice LAGG0 UPLINK is displayed as an available port but is not enabled in the list of interfaces This is because the default c...

Page 23: ...Security Gateway Manual XG 7100 Fig 3 802 1q enabled default Fig 4 Port VLAN Mode Copyright 2020 Rubicon Communications LLC 21 ...

Page 24: ...Security Gateway Manual XG 7100 Fig 5 802 1q enabled default Fig 6 Port VLAN Mode Copyright 2020 Rubicon Communications LLC 22 ...

Page 25: ...hould also be added enabled and configured under Interface Assignments Firewall rules will also be needed for new interfaces added LAGGs Under LAGGs the default lagg0 containing ix2 and ix3 can be seen The lagg0 interface should not be modified 2 1 3 Switch Configuration Examples Dedicated LAN switch In this scenario SFP port ix0 will be configured as the WAN interface ETH1 8 will be configured as...

Page 26: ...om the webGUI as well This is what the default interface assignments look like on a XG 7100 without an addon NIC In this example ix0 will be WAN so select option 1 to re assign WAN from lagg0 4090 to ix0 No additional VLANs are needed for this so enter n to continue Input ix0 as the new WAN interface name Copyright 2020 Rubicon Communications LLC 24 ...

Page 27: ...0 Input the same default LAN interface of lagg0 4091 for the LAN interface name and press Enter to complete the interface reassignment The interface assignments should show like this now Copyright 2020 Rubicon Communications LLC 25 ...

Page 28: ...pdated so that ETH1 previously WAN acts the same as ETH2 8 This will be done from the webGUI From the webGUI pull up the Switch VLAN configuration under Interfaces Switches VLANs VLAN 4090 is no longer needed since WAN is dedicated to ix0 now You can either select on the row containing 4090 to delete this entry or click to remove port 1 as a member Copyright 2020 Rubicon Communications LLC 26 ...

Page 29: ... switch with Now edit the VLAN 4091 entry to include Member 1 as shown below Next update the PVID for ETH1 so that it uses VLAN 4091 rather than the old VLAN 4090 To do this click on the Ports tab and click on the 4090 Port VID to modify it Copyright 2020 Rubicon Communications LLC 27 ...

Page 30: ...N go to Interfaces Assignments VLANs and use on the 4090 row to remove this VLAN interface Two LAN switches In this scenario the LAN switch from the previous example will be split into two LAN switches A new LAN network should be created in pfSense first Similar to the existing LAN interface another VLAN interface should be used so the switch can segment traffic appropriately Create a new VLAN wit...

Page 31: ...y Gateway Manual XG 7100 Once the VLAN has been created it should look something like this Add enable and configure the VLAN interface under Interfaces Assignments Copyright 2020 Rubicon Communications LLC 29 ...

Page 32: ...figure the switch so that ETH1 4 use the new network To do this go to Interfaces Switches VLANs and click the Add Tag button Input the VLAN tag for the new network same as the VLAN ID configured in the previous steps and add ETH1 4 and PORT9 10 uplinks as members Be sure 9 and 10 are marked as tagged Copyright 2020 Rubicon Communications LLC 30 ...

Page 33: ...ete the untagged members 1 2 3 4 from VLAN group 2 and click the Save button The final result should look like this Lastly update the Port VIDs to use the new 4081 VLAN rather than 4091 on ETH1 4 and click Save Copyright 2020 Rubicon Communications LLC 31 ...

Page 34: ...ior to hitting pfSense Devices on this VLAN may come through on ETH8 but there may also be untagged client traffic First create the management VLAN of 4000 in pfSense using the same steps in the previous example up to the switch configuration part Next add the VLAN to the switch under Interfaces Switches VLANs ETH8 and PORT9 10 should be added as members and all three will be marked as tagged Once...

Page 35: ...b 5 pin port on the appliance If needed install an appropriate Silicon Labs CP210x USB to UART Bridge driver on the workstation used to connect with the system Windows There are drivers available for Windows available for download Mac OSX There are drivers available for Mac OSX available for download For Mac choose the Macintosh OSX download Linux There are drivers available for Linux available fo...

Page 36: ...priate console port device that the workstation assigned as the serial port must be located before attempting to connect to the console Note Even if the serial port was assigned in the BIOS the workstation s OS may remap it to a different COM Port Windows To locate the device name on Windows open Device Manager and expand the section for Ports COM LPT Look for an entry with a title such as Silicon...

Page 37: ...ended to run PuTTY or SecureCRT An example of how to configure Putty is below Warning Do not use Hyperterminal Mac OSX For Mac OSX it is recommended to run screen or cu An example of how to configure screen is below Linux For Linux it is recommended to run screen PuTTY minicom or dterm An example of how to configure Putty and screen is below FreeBSD For FreeBSD it is recommended to run screen or c...

Page 38: ...Security Gateway Manual XG 7100 Fig 7 An example of using PuTTY in Windows Copyright 2020 Rubicon Communications LLC 36 ...

Page 39: ...erminal program is configured for the correct speed The default BIOS speed is 115200 and many other modern operating systems use that speed as well Some older operating systems or custom configurations may use slower speeds such as 9600 or 38400 Ensure the operating system is configured for the proper console e g ttyS1 in Linux Consult the various operating install guides on this site for further ...

Page 40: ...re Access as the General Problem and then select Netgate XG 7100 Desktop for the platform Make sure to include the serial number in the ticket to expedite access Once the ticket is processed the latest stable version of the firmware will be attached to the ticket with a name such as pfSense netgate memstick XG 7100 2 4 5 RELEASE amd64 img gz Note The pfSense factory version is the version that is ...

Page 41: ...the installer is finished choose No and press Enter to skip going to a shell 10 The installer will then prompt to Reboot the system Select Reboot and press Enter The system will shutdown and reboot Dec 21 22 41 37 Waiting max 60 seconds for system process vnlru to stop d one Waiting max 60 seconds for system process syncer to stop Waiting max 60 seconds for system process bufdaemon to stop done Al...

Page 42: ...from the system board being careful not to flex the board 3 Unplug the power supply connector and the fan connector from the system board being careful not to flex the board Warning Be sure to pull from the connector not the wires 4 Remove the four 4 system board screws and gently slide system board away from the front faceplate until the board is free 5 Turn the board over and locate the M 2 SATA...

Page 43: ...Security Gateway Manual XG 7100 Fig 8 Case Screws Copyright 2020 Rubicon Communications LLC 41 ...

Page 44: ...Security Gateway Manual XG 7100 Fig 9 Slide the Base of the System Away From the Lid Copyright 2020 Rubicon Communications LLC 42 ...

Page 45: ...Security Gateway Manual XG 7100 Fig 10 Power Supply Connector and Fan Connector Location Copyright 2020 Rubicon Communications LLC 43 ...

Page 46: ...Security Gateway Manual XG 7100 Fig 11 Board Screw Locations Copyright 2020 Rubicon Communications LLC 44 ...

Page 47: ...Security Gateway Manual XG 7100 Fig 12 M 2 SATA Slot Location Copyright 2020 Rubicon Communications LLC 45 ...

Page 48: ...Security Gateway Manual XG 7100 Fig 13 M 2 SATA Drive Properly Inserted into the Slot Copyright 2020 Rubicon Communications LLC 46 ...

Page 49: ...Security Gateway Manual XG 7100 Fig 14 Secure the M 2 SATA Drive Copyright 2020 Rubicon Communications LLC 47 ...

Page 50: ...Security Gateway Manual XG 7100 Fig 15 M 2 SATA Drive Installed Copyright 2020 Rubicon Communications LLC 48 ...

Page 51: ...4 When the installation is complete a message will appear saying pfSense pkg Netgate_Coreboot_Upgrade installation successfully completed 5 Now that the package is installed navigate to System Netgate Coreboot Upgrade 6 This page will show you the latest version of Coreboot available and the current version that is running on the system If you happen to be on an older version of Coreboot then an U...

Page 52: ...e interfaces are referred to as ETH1 ETH8 In addition to those 8 ports there are also three additional ports that operate behind the scenes PORT 0 PORT 9 ix2 and PORT 10 ix3 ETH1 ETH8 are gigabit switchports PORT 9 10 are 2 5 Gbps uplink switchports These two ports connect the ethernet switch to a Denverton SoC The SFP interfaces ix0 and ix1 also connect to this SoC The diagram below demonstrates ...

Page 53: ...500 Base KX switch link to SoC CPU ix3 2 5 Gbps 2500 Base KX switch link to SoC CPU 3 1 2 Switch LAGG ix2 and ix3 switch uplink ports 9 and 10 are configured as a load balanced LAGG This provides an aggregate uplink capable of 5Gbps for ethernet switchports ETH1 8 This is further demonstrated in the diagram below Copyright 2020 Rubicon Communications LLC 51 ...

Page 54: ... independent interface For example all of these configurations are possible ETH1 8 dedicated as a LAN switch ETH1 4 configured as a switch for LAN network A and ETH5 8 configured as a switch for LAN network B ETH1 8 configured as individual network interfaces ETH1 configured for WAN A ETH2 configured for WAN B ETH3 configured for LAN network A ETH4 6 configured as a switch for LAN network B and ET...

Page 55: ...ther a switchport should act as an access or trunk port it s also possible to disable 802 1q VLAN mode When this is done a third mode called Port VLAN Mode is enabled In this mode any and all VLAN tags are allowed on all ports No VLAN tags are added or removed Think of it as a dummy switch that retains VLAN tags on frames if present This mode is useful when you have numerous VLANs on your network ...

Page 56: ...sure to update the LAN and WAN interface assignment to reference the appropriate VLAN Also remember to create the new VLANs with lagg0 as the parent interface If Port VLAN Mode is being used to handle untagged traffic the LAGG0 interface should be added enabled and configured under Interface Assignments See also For more information on how to configure the switch ports see Configuring the Switch P...

Page 57: ...ervices html 3 2 4 Community Options If you elected not to get a paid support plan you can find help from the active and knowledgeable pfSense community on our forums https forum netgate com 3 3 Warranty and Support One year manufacturer s warranty Please contact Netgate for warranty information or view our Product Lifecycle page All Specifications subject to change without notice For support info...

Reviews:

No comments