Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - detox

Pages: [1] 2
Hardware / Advise for storage on sg-4860
« on: February 15, 2018, 08:20:09 am »
Can someone recommend storage size for my sg-4860?  it currently has a 32 Gig eMMC.
The main functions this appliance will serve are (packages installed):
mail report
ntopng (for monitoring activity / identifying bandwidth hogs)
squidguard (for web filtering)

I may experiment with others, but these are the main ones.

What kind of storage should I get? "Best" size?

Thanks for any input

Official pfSense Hardware / Using external USB drive for log storage
« on: February 14, 2018, 09:17:10 pm »
Hello All

I have a SG-4860 that has 2 USB ports.  Could I attach an external hard drive to one of the USB ports and direct all logs to write to it?

My thought would be it would be kinder to the SSD card internally, and provide much more area for logs.

If this is realistic, can someone point me to a tutorial on how to do this?


Hello All!

I have 3 SG-4860's and am very happy with them.  Saying that, I goobered an upgrade and now cannot access via console port.  I cannot reset using the reset button (fails to work)

When I purchased them, I received a Silicon Labs CP210x USB-to-UART bridge cable.  Now that I have Win 10, I cannot find any driver to make it work.  After a boatload of looking,,,, I finally found the drivers:

The download will be :

This started as a plea for help, but since I found the answer I thought someone else could benefit from the info


Installation and Upgrades / SG-2400 crashed manual update has more issues
« on: February 10, 2018, 02:20:48 pm »
hello all....
My Netgate SG2400 crashed during upgrade from 2.3 to 2.4
Found a 'work around' command of: 
pkg static update -f
pkg static upgrade -f via ssh
This upgraded to 2.4.2-RELEASE-p1

But now I cannot install any packages with error of " WARNING: Current pkg repository has a new OS major version. pfSense should be upgraded before doing any other operation Failed"

Can anyone help?


UPDATE:     After talking with Mr Google again, I found a reference to a previous post on this forum ( )

It suggested using this command from terminal :   pfSense-upgrade -d

I did so, rebooted and now I can install packages

I shall not ask fro the technical reasons on why it failed, or how my manual attempt to fix a crashed appliance possibly contributed.

However, if someone would be willing to provide speculation on the why's, I would be quite appreciative

-- detox

Firewalling / Suggest a good basic setting for firewall?
« on: April 01, 2017, 08:52:02 pm »
Hello all!
I was just watching a video on youtube about allowing / preventing port 80 / 443 as examples of WAN_IN rules

So I began tho think, should I set rules to allow ONLY port 80 / 443/ and my ssh?

Would that reduce intrusions and flyby malware / etc attacks?
Or, would it just be good business to only allow ports 80 / 443 / for folks who are average web surfers?

Thanks for providing any comments

General Questions / Help with a simple (really simple) VLAN
« on: October 19, 2016, 11:00:31 pm »
I'm new to PfSense as well as VLANS and could use some help.  My needs are very simple.  I have a managed switch (Ubuquiti edgeswitch lite 24 port).
It will be connected to PfSense, and the PfSense will go to the web.

All I need is to segregate blocks of switch ports to keep several departments separate, and all share the printer.

My thought is:  PfSense LAN is  DHCP 192.168.10 - 192.168.200  The only static IP's would be for file server and shared printer

The switch will plug into PfSense em0 ( LAN )

So, on the switch, I would have VLAN1 (default), port 24 will be used as the trunk port
                                VLAN10 (Printer, File server) ports 1-4
            VLAN20 (clinical staff) ports 5-15
            VLAN30 (case management) ports 16-20
            Ports 21, 22, 23 not assigned yet
All need internet access.

So if I assign VLANS all on the same network, but assign specific ports to VLANS, How does that work when I configure PfSense VLANS?
Or do I mess with VLANS on PfSense at all?

Thanks for any assistance

Feedback / How to Close topic
« on: October 19, 2016, 02:12:29 pm »
Can anyone tell me how to mark a thread as "solved", " closed", etc?

Cache/Proxy / Settings in SquidGuard
« on: October 15, 2016, 10:57:17 pm »
Hello All!

Just a comment to post here after a frustrating evening undoing a setting in SquarGuard:
On the Common ACL tab, there is a great feature called "Do not allow IP-Addresses in URL "
When you check that, you cannot go to any web address by it's IP address.

I did find that this does not block an :8080 / :443 / or any other port that is not 80.  So If I go to, I'm blocked
If I try, I'm blocked.  If I go to or I have access.

If anyone can tell me how to add these ports ONLY with the activation of the "Do not allow IP-Addresses in URL " switch, I'd appreciate it.

The other this is, the only way I can truly "uncheck" this feature is not just to save the setting, but I have to reboot PfSense.  Once it physically reboots, then the setting for this sticks.

I'm not complaining about the reboot, I'm just reporting I did not see this step in any docs.  Would have saved me several hours if I had seen it somewhere.

General Questions / Using Growl?
« on: October 15, 2016, 07:21:12 pm »
Hello all!

Since I cannot get the smtp notifications to work, I thought I'd try Growl.  According to a video on youtube, I have to install a plugin for it to work.  I do not see any plugins for PfSense.

Is anyone currently using Growl on Windows 10 PC?

If so, how do you set it up?


Hardware / configuring sg-2440 opt sockets
« on: October 14, 2016, 10:15:49 am »
Hello All!

I have purchased a sg-2440 appliance and would like to use 3 of the OPT ports in addition to the LAN port, on the same network.

I have the LAN Port set as  with DHCP active.  So, If I attach a switch behind this port, all PC's pull IP's and I have internet for all.
I'd like for OPT 1,2 to join in.  I have read what I can find but cannot see any help in this.
Can someone explain how to include multiple ports with 1 network?


General Questions / AUTH mechanism PLAIN not available --UPDATED Post
« on: October 14, 2016, 08:52:26 am »
Hello All!

UPDATE---  I have tried all 3 of my email accounts (gmail is one of them)  and I receive the same error regardless of which one I use.

I can use sendmail from my centos servers and use blat from windows pc's but cannot use the email notifications from within this version of pfsense.

Is there something that had been removed?  Is there a patch I need to install?

I have PfSense v 2.3.2 -p1

I am attempting to configure system notifications and get this error: Could not send the message to <my email>  ERROR 504.5.3.3 AUTH mecanism PLAIN not available

I have Growl disabled.  My email settings are the same in outlook, thunderbird, and joomla all work fine.  Some Google search stated it is a FreeBSD issue missing components.

Can someone help?

configuration  of email in thunderbird/outlook are:

Account type POP3

incoming / outgoing server =

login = email account + pw

smtp port = 587

no encryption

Any assistance would be appreciated

Hello All!

I bought 4 Intel PRO/1000 MT Dual Port Server Adapter (PCI / PCI-X) to put in some PfSense boxes.
I am using Dell optiplex 740 / 390 / 7020 for my pfsense boxes.  They have one PCI slot

Only one port on any of he nic cards  works.  I can manually set an IP for the second port ( ex:"").  The PC connected picks up an IP (  but cannot ping to, nor gain access to web.  The first of the dual port was set as 192.
168.10.1 and works flawlessly.
I have opened all 4 nic cards and tried them all on 3 PfSense boxes.

I installed all (one at a time) on windows 10 pc's.  Each is recognized in Device Manager and both ports work fine.

I found a comment via google suggesting editing the loader.conf file to include:

This has no impact.

Any suggestions would be appreciated.

Does anyone have any suggestions?

Feedback / How to search for all my posts
« on: July 02, 2016, 08:54:47 pm »
I have read what I could find about searching for posts by author, can cannot find anything.
Is there a way I can search for all the posts I  have created?


General Questions / VLAN clarification please
« on: July 02, 2016, 07:01:43 pm »
Hello All!

OK, I've been reading on how to use VLANS with pfsense and need clarification for my puny brain housing group to assimilate the docs.
What I am reading (I think), is pfsense does not govern or set up VLAN's.  A managed switch does that, and, pfsense just accepts what the managed switch has configured?
Or am I reading this wrong?
I have several small departments in one office that need to share the internet ( 1 connection DSL) and I need to keep all of them separate, but allow the printer to be shared across all 3 departments.
So, I'd have VLAN 100 for dept 1; VLAN 200 for dept 2; and VLAN 300 for dept 3.  VLAN 1 (main trunk) would be where the printer is.

Does that sound right?  Once all of this is working correctly, I can configure my pfsense box (1 LAN, 1 WAN) to accept the VLANS from my managed switch?

Thanks so much for any help on this

pfBlockerNG / lists for pfblockerNG
« on: July 01, 2016, 10:36:06 am »

Hello All!

I was looking at: 
and saw these  under the "Available Lists" section.  My question is, are these the best ones to subscribe to?  I looked quite closely at the site.  If it is good resource, $10 / yr is a small price for security.

Can anyone comment on this?

Spamhaus DROP and EDROP

DShield Most Active Attacking IPs

-> -> -> has a number of lists available. (looks like a great resource)

Pages: [1] 2