Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - detox

Pages: [1] 2 3 4

After quite a bit of Googling, I was able to find the solution.

I now have a fully functional SG-4860 again!

Once I was able to put the pieces together, the process was simple and painless.

Installation and Upgrades / Re: Upgraded to 2.4.2_1 But still shows 2.4.2
« on: February 17, 2018, 06:43:03 pm »
I am having a similar issue.  I did an upgrade from 2.3 via service console

dashboard states:
2.4.2-RELEASE (amd64)
built on Tue Dec 12 13:45:26 CST 2017
FreeBSD 11.1-RELEASE-p6

Widget Netgate services and support continues to spin stating "Retrieving support information"

I also tried pfSense-upgrade -d, and it stalls at " Updating repositories metadata.

Now, I think I broke it by deleting some *.conf file on the initial upgrade as the installed recommended removing it.  I do not remember what it was.

So on the assumption I 'bricked' it, how can I reimage it?  It was purchased from Netgate ( Netgate SG-4860)
Netgate device ID: 67f61d3cb8fa0b145112

Found reference in manual to got netgate portal (I have gold membership) to DL the image.  I cannot find a link for downloading an image.

The pfSense site has a select for Netgate ADI under architecture, but I don't know if this is it or not.

Thanks for any help!


Hardware / Re: Advise for storage on sg-4860
« on: February 15, 2018, 04:35:06 pm »
Thanks to all who helped with this!  Once I get it into production I'll watch the logs.  If they start getting too huge I'll re-address the quesiton


No offense taken by your asking if I actually tried to read something besides a cereal box.  I get calls frequently reporting something does not work, or "I can't figure this out"..........
Each time I start with some standard inquiries.  Folks get hot when asked if their printer is on when they complain it does not work.... and,,, oh my,,,,, who turned it off?  I didn't do that..........

Thanks again for your assistance!

Hardware / Re: Advise for storage on sg-4860
« on: February 15, 2018, 08:36:36 am »

I honestly do not know,  I read that logs, especially pfblockerng and squidguard really build in size quickly.

According to my dashboard, on my fresh install, it shows storage as 7% of 20 Gib UFS

Once I start using these different packages for an office of 6-10 folks, I would imagine the logs would choke the drive?

Hardware / Advise for storage on sg-4860
« on: February 15, 2018, 08:20:09 am »
Can someone recommend storage size for my sg-4860?  it currently has a 32 Gig eMMC.
The main functions this appliance will serve are (packages installed):
mail report
ntopng (for monitoring activity / identifying bandwidth hogs)
squidguard (for web filtering)

I may experiment with others, but these are the main ones.

What kind of storage should I get? "Best" size?

Thanks for any input

Official pfSense Hardware / Re: subscription pfsense
« on: February 14, 2018, 09:18:53 pm »
I can attest the value of the Gold subscription.  It has been worth every cent.

Official pfSense Hardware / Using external USB drive for log storage
« on: February 14, 2018, 09:17:10 pm »
Hello All

I have a SG-4860 that has 2 USB ports.  Could I attach an external hard drive to one of the USB ports and direct all logs to write to it?

My thought would be it would be kinder to the SSD card internally, and provide much more area for logs.

If this is realistic, can someone point me to a tutorial on how to do this?



Yes I followed the instructions.  The problem was the usb cord was not recognized by windows 10 and I could not find a driver.

I finally found the location, downloaded and installed.  Then I could connect via maintenance port fine.  The issue was windows 10 did not recognize the usb - mini-b patch cable.

I was very worried I would not be able to recover the unit as the reset button did not work and I could not connect via cat5 due to a failed upgrade.

Thank you for the recommendation and link, even though I had used it previously, it was very thoughtful of you.

Hello All!

I have 3 SG-4860's and am very happy with them.  Saying that, I goobered an upgrade and now cannot access via console port.  I cannot reset using the reset button (fails to work)

When I purchased them, I received a Silicon Labs CP210x USB-to-UART bridge cable.  Now that I have Win 10, I cannot find any driver to make it work.  After a boatload of looking,,,, I finally found the drivers:

The download will be :

This started as a plea for help, but since I found the answer I thought someone else could benefit from the info


Installation and Upgrades / SG-2400 crashed manual update has more issues
« on: February 10, 2018, 02:20:48 pm »
hello all....
My Netgate SG2400 crashed during upgrade from 2.3 to 2.4
Found a 'work around' command of: 
pkg static update -f
pkg static upgrade -f via ssh
This upgraded to 2.4.2-RELEASE-p1

But now I cannot install any packages with error of " WARNING: Current pkg repository has a new OS major version. pfSense should be upgraded before doing any other operation Failed"

Can anyone help?


UPDATE:     After talking with Mr Google again, I found a reference to a previous post on this forum ( )

It suggested using this command from terminal :   pfSense-upgrade -d

I did so, rebooted and now I can install packages

I shall not ask fro the technical reasons on why it failed, or how my manual attempt to fix a crashed appliance possibly contributed.

However, if someone would be willing to provide speculation on the why's, I would be quite appreciative

-- detox

Thanks for a great solution!  My next step is to read all I can on whitelisting

I am experimenting with the Ubiquiti Edgerouter X and Lite as well as PfSense.  I want to provide the best protection without handicapping use of staff in a number of offices ranging from 1 staff on site to 12-20 on site.

Once I get enough "live" use from each, I  can present to the management and recommend how to proceed.  It appears I may use both depending on the amount of staff at the location.

I ordered 3 SG2440 appliances, and have built another 6 pfsense boxes out of Dell Optiplex 390/990/9020 computers.  They all work great.

The ubiquiti routers are real work horses.  So after I can see which is easier to manage at really remote locations, I can dump the crappy  belkin/dlink WalMart routers that are in place now

Again, thanks for the response.  It will help me tremendously

you're talking generally about white listing your LAN.

The advantage is you have more control over traffic leaving your LAN.

If you are using an allow any any any... rule on LAN then obviously anything on your LAN that wants to get out can go anywhere it wants.

If you have no rules on LAN then no traffic is getting out.

If you remove the allow any any any... rule then you can write rules and aliases to specify exactly what gets out of your LAN.

I happen to whitelist my LAN, but I personally did it as an educational exercise to learn wtf firewall rules are and how they work.

While whitelisting your LAN theoretically (and to some extent really does) lock down your network, it is just one more measure towards security and won't make you safe by itself. I would expect a real threat or malware to be able to exit a network on common ports, but maybe not.

With that being said, I still recommend it! It's really not difficult to set up, and just by setting it up you understand exactly what is exiting your LAN.

You will need more than 80/443 though (probably). You likely also want some ports for email, SSH, DHCP, DNS, NTP, and the high ports.
A few aliases, some quick googling and anyone can set up whitelisting.

Firewalling / Suggest a good basic setting for firewall?
« on: April 01, 2017, 08:52:02 pm »
Hello all!
I was just watching a video on youtube about allowing / preventing port 80 / 443 as examples of WAN_IN rules

So I began tho think, should I set rules to allow ONLY port 80 / 443/ and my ssh?

Would that reduce intrusions and flyby malware / etc attacks?
Or, would it just be good business to only allow ports 80 / 443 / for folks who are average web surfers?

Thanks for providing any comments

General Questions / Re: Help with a simple (really simple) VLAN
« on: October 22, 2016, 08:29:41 pm »
Thanks for all of your patience regarding my ignorance of this topic.  I have finished watching a really great series on VLAN's on YouTube, and I am getting a better understanding.
I will watch them one more time, and taking your responses and assistance as tools, I  will attempt to build the VLANs I have used as examples in previous posts.

I'll post either a success story or durges of a flame-out when the experiment is finished.  Thanks again to all of you!

General Questions / Re: Help with a simple (really simple) VLAN
« on: October 20, 2016, 07:26:36 pm »

So, I create three VLANS in PfSense (VLAN10;VLAN20; VLAN30) assigning them to LAN (em0)
I create and structure the VLAN's on the router?  PfSense will not care what port on the switch they are, not will it care what it is called, as long as the titles match correct?

Or saying this another way, I create the VLANS and port assignments on the managed switch, making sure all works as it should, then, on the PfSense box, create VLANS on em0 to match what is on the switch.

Then all devices will pass traffic from/to the web.

Did I understand this correctly?

Pages: [1] 2 3 4