Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - yellowbrick

Pages: [1]
...and the drive tools in Diagnostics don't work either. Of course, smartctl does not work in the command line either.

Is there another command to try or is SMART status in the SG-3100?

(the ssd I manually installed does support smart and it is enabled as shown in camcontrol)

Code: [Select]
camcontrol identify ada0

pass0: <TS32GMTS800 P1225CE> ACS-2 ATA SATA 3.x device
pass0: 600.000MB/s transfers (SATA 3.x, UDMA6, PIO 1024bytes)

protocol              ATA/ATAPI-9 SATA 3.x
device model          TS32GMTS800
firmware revision     P1225CE
serial number         E0XXXXXXXX
cylinders             16383
heads                 16
sectors/track         63
sector size           logical 512, physical 512, offset 0
LBA supported         62533296 sectors
LBA48 supported       62533296 sectors
PIO supported         PIO4
DMA supported         WDMA2 UDMA6
media RPM             non-rotating

Feature                      Support  Enabled   Value           Vendor
read ahead                     yes yes
write cache                    yes yes
flush cache                    yes yes
overlap                        no
Tagged Command Queuing (TCQ)   no no
Native Command Queuing (NCQ)   yes 32 tags
NCQ Queue Management           no
NCQ Streaming                  no
Receive & Send FPDMA Queued    no
SMART                          yes yes
microcode download             yes yes
security                       yes no
power management               yes yes
advanced power management      no no
automatic acoustic management  yes no 0/0x00 0/0x00
media status notification      no no
power-up in Standby            no no
write-read-verify              no no
unload                         no no
general purpose logging        yes yes
free-fall                      no no
Data Set Management (DSM/TRIM) yes
DSM - max 512byte blocks       yes              8
DSM - deterministic read       yes              zeroed
Host Protected Area (HPA)      yes      no      62533296/62533296
HPA - Security                 no

Official pfSense Hardware / SG-2440 random shutdown
« on: January 18, 2018, 03:54:47 pm »

Over the last 2-3 months my SG-2440 has been shutting down randomly with increasing frequency to where it now happens approx once a week. Here are the symptoms:

-no lights on the SG2440 whatsoever
-power cables still plugged in
-no power loss
-no other equipment on the UPS having any issues (have moved to another port on the UPS already)
-need to remove power cable and re-insert to reboot the unit
- **the time on the unit is > months old at startup, syncs after the device boots each time **
-i have also replaced the power brick with another unit and still see the same symptoms

What else can I check? Any ideas to proceed?


Official pfSense Hardware / ZFS on SG-3100 (internal M.2 SSD)
« on: January 14, 2018, 11:15:33 am »

I bought my SG-3100 when Netgate did not offer an SSD option, but I was able to add a M.2 2280 32GB SSD and re-install pfSense 2.4.2_p1 to it.

However, I never got an option to choose the filesystem, like the amd64 installer offers. Once I enter
Code: [Select]
run recovery
the only option I can recall is whether to install to mmcsd0 (the inbuilt eMMC) or the ada0 drive I added.

Is it possible and advisable to install pfSense using ZFS? How do I go about doing it?

Many Thanks!


I am considering getting the new SG-3100, but since it is currently not being offered with a SATA, I will look to add one myself and install the factory image onto it.

Question, which width (or length) is supported in the SG-3100? I didn't see it listed in the specs.

Thank you.


I am getting an error with the acme package and Cloudflare dns validation. The validation is able to create the correct TXT record, but the certificate is not generated as it fails with the above error. Details of the error are:

Code: [Select]
[path] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
[PATH] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
[CF_Key] => [ … ]
[CF_Email] => [ … ]
[Thu May 11 21:36:03 BST 2017] Registering account
[Thu May 11 21:36:06 BST 2017] Already registered
[Thu May 11 21:36:08 BST 2017] Update success.
[Thu May 11 21:36:08 BST 2017] ACCOUNT_THUMBPRINT=‘…’
[Thu May 11 21:36:08 BST 2017] Single domain=‘'
[Thu May 11 21:36:08 BST 2017] Getting domain auth token for each domain
[Thu May 11 21:36:08 BST 2017] Getting webroot for domain=‘'
[Thu May 11 21:36:08 BST 2017] Getting new-authz for domain=‘'
[Thu May 11 21:36:10 BST 2017] The new-authz request is ok.
[Thu May 11 21:36:10 BST 2017] Found domain api file: /usr/local/pkg/acme/dnsapi/
[Thu May 11 21:36:14 BST 2017] Adding record
[Thu May 11 21:36:14 BST 2017] Added, OK
[Thu May 11 21:36:14 BST 2017] Sleep 120 seconds for the txt records to take effect
[Thu May 11 21:36:44 BST 2017]
[Thu May 11 21:36:48 BST 2017] Success
[Thu May 11 21:36:48 BST 2017] Found domain http api file: /usr/local/pkg/acme/dnsapi/
[Thu May 11 21:36:50 BST 2017] Don't need to remove.
[Thu May 11 21:36:53 BST 2017] Verify finished, start to sign.
[Thu May 11 21:36:54 BST 2017] Sign failed: "detail":"Invalid key in certificate request :: ECDSA curve P-521 not allowed"
[Thu May 11 21:36:54 BST 2017] Please check log file for more details: /tmp/acme/
Actual host/domain name changed above.

This occurs no matter what certificate type I choose (RSA 2048, 4096, p-256), etc.

I am running 2.3.4 on a SG-2440.

What is causing this?



after upgrading to 2.2.2 on my SG2440, I get the following error when trying to open the admin interface with Google Chrome on OSX:

This webpage is not available


A secure connection cannot be established because this site uses an unsupported protocol.

Not sure where to look to fix...any help appreciated. (I can login using Safari)


General Questions / Import existing CA from OSX OpenDirectory
« on: April 05, 2015, 07:22:45 am »
I am trying to import an existing Intermediate CA from an OSX OpenDirectory OR create a CSR in pfsense and sign it using an existing OpenDirectory IntermediateCA. This is needed as our devices have existing trust profiles for the OSX certs. I keep getting invalid certificate data regardless of whether I try to import an existing CA or paste in the signed certificate.

For the signed cert case, I did ensure tha the following lines existed in the cert being pasted in

Any ideas? Thank you!

General Questions / Apple Airport Guest wifi very slow with SG2440
« on: April 05, 2015, 07:20:49 am »
Hello, really scratching my head here…not sure if this is a VLAN, Firewall, or other issue

I have the following setup

 (LAN port)
PFSENSE SG2440 (2.2.1)
 (WAN port)

I have both the main wireless network and the guest mode enabled on both Airports. Both wireless networks have been working perfectly before.

After adding pfsense to the mix, I changed AIRPORT1 to be in bridge mode (rather than DHCP and NAT) and now I am seeing some weird behavior.

The main wifi network works fine at full speed (100Mbps down, 35Mbps up) but the guest network only works at <1Mbps down but FULL speed up (35Mbps)!?!? (yes, I have removed pfsense to test; both wifi networks are back to full speed with sg2440 removed)

On the SG2440, I added the guest wifi network as VLAN and added a DHCP server to that interface. The auto NAT rules are on…what gives?


Pages: [1]