Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - SR190

Pages: [1]
Official pfSense Hardware / XG-2758 1U re-install problems
« on: March 01, 2018, 05:59:00 pm »
I received a brand new XG-2758 from Netgate several months ago. I finally got around to turning it on and setting it up. When I went to upgrade the unit which was shipped with 2.3.4 to 2.4.2, the installer failed. From reading posts on this forum, it was suggested to try re-installing pfSense using the ADI image.

With the USB plugged into one of the USB ports on the XG-2758, and connected via console port, the unit immediately boots into the "ADI Engineering Rangely Managemnt Console". I am not given the option to boot from USB. In the ADI console, there is an update menu with the following option (send update.dat using Kermit protocol). Selecting this seems to do nothing - left running over night.

Can anyone help me boot from the USB?

General Questions / Modem address unreachable
« on: October 16, 2017, 08:59:17 pm »
I have DHCP cable with a modem ( in front of my pfSense. Since changing the TCP port for the webConfigurator, I am unable to resolve the address. I get a redirect to[the new webConfigurator port number].

Any thoughts?

I have at least 6 VLANs that I will be assigning to a single interface (trunk) on my netgate pfSense box. Traffic in these VLANs will include cam system, domain usage of a dozen or so users, 2 WLANs and some low bandwidth networks.

Should I be concerned about trunking everything through one firewall interface to a switch? Could there be bottlenecks?

Firewalling / Interface feature for blocking RFC1918 or custom rule?
« on: September 26, 2017, 06:13:54 pm »
To maintain segmentation between interfaces (both physical and VLANs) on my pfSense, I have created a block rule for each interface that has the respective interface as the source and RFC 1918 nets defined as the destination. I noticed on the interface pages a feature called 'block private networks and loopback addresses'. The feature adds a block rule for the interface, however it defines the source as RFC 1918 and 'any' as the destination. I am trying to discern if there is any benefit to my custom rule vs this feature, and if I should just use the interface feature to isolate my subnets?

OpenVPN / OpenVPN activity monitoring
« on: September 17, 2017, 07:36:43 pm »
Is there any way that I can easily monitor OpenVPN successful client connections? I am seeing alot of attempts from the system logs but I just want an abbreviated list of those that have connected.

On hardening the openvpn1 interface,  is it worthwhile a block list of illegitimate hosts that have attempted to connect?


OpenVPN / Inline Client export for Android stuck in 'queued'
« on: September 14, 2017, 07:21:25 pm »
Whenever I go to download any of the client exports on my android  for my openvpn implementation, the download screen sees the download as 'queued'. I wait a minute or so and it says that the download failed. This is likely a device issue, just wondered if anyone had any thoughts?

General Questions / pfSense host and domain (FQDN) signifigance
« on: August 19, 2017, 09:40:29 am »
Does the FQDN for a pfSense firewall have any real consequence, or is it just a name? Does it play any role in DNS?

Current situation. My pfSense firewall will be the central routing device for a number of subnets, one of which is an AD domain. Half a dozen other subnets defined on the firewall are not joined to that subnet/domain.

Can the firewall have the same FQDN domain name, as that of the AD controller domain name without creating namespace conflicts, or breaking with best-practice?

firewall FQDN: 'FW-1.ACME.local'
AD controller domain name: 'ACME.local'

General Questions / Rule ordering on mobile device
« on: August 12, 2017, 10:48:56 pm »
I can't seem to drag and re-oder rules in the webConfigurator while accessing it from a mobile device. Has anyone else had luck? It's not the ideal management host, but from time to time I need access while away from the desktop.

General Questions / webConfigurator, SSH
« on: August 09, 2017, 09:00:51 pm »
Is it a correct assumption that someone accessing the webConfigurator via http assumes that their internal network is secure?

Also, if you choose to enable the SSH server for internal network use only, is it best practice to move it to a non-standard port?


I have three sites that will soon be using pfSense firewalls. I plan to create a management VLAN for each site that provides administrative access to the web configurators for each managed device (ie. Switches, AP's etc).

My question relates to best practices for creating a single, secure, administrative host that can access the three management VLANs (one per site). I will likely have a hub and spoke VPN with head office serving as the NOC.

Any suggestions for this configuration, and a secure administrative host would be greatly appreciated. Thanks.

General Questions / pfSense untagged VLAN for Unifi UAP management
« on: July 17, 2017, 08:37:50 pm »
I have some questions surrounding UAP AC Lite integration with my pfSense firewall.

According to the below link, the "UniFi APs are only managed via an untagged VLAN."

I have assigned two interfaces on my pfSense box to two VLANs on igb2 (the parent interface). These virtual interfaces correspond to two SSIDs on my UAP. To manage the UAP I have assigned a 'MGMT' interface on my pfSense box to the igb2 port itself (no VLAN).

Is this the only approach that will work? Is it smart/secure to have this MGMT interface assigned to the igb2 port, while the VLANs are treating it as the parent ID? How else would one create an 'untagged VLAN' on a pfSense box?


OpenVPN / VPN for multiple sites and subnets
« on: April 08, 2017, 01:07:35 pm »
I am trying to determine if pfSense is a viable firewall solution for the company that I work for.

We have a head office with two branch offices. We have at least two subnets that need to be tunneled from head office to each branch office. The first subnet is dedicated to a POS network, and the second subnet is dedicated to a Windows domain, with the PDC residing at head office.

Supposing that pfsense is installed at each location, how would one implement the site to site VPNs? Would there be any benefits of using OpenVPN over IPSec?

Firewalling / WLAN web management from LAN single host
« on: March 31, 2017, 10:59:09 pm »
I have setup both the LAN ( and WLAN ( interfaces on my PCEngines build. I am trying to setup firewall rules so that a single host on my .1 subnet can access the WiFi router web management on my .2 subnet. Specifically, the web management is for my D-Link Wireless AC750 (DIR-816L) WiFi router.

The WiFi Router setup:
- uplinks to the .WLAN interface via a LAN port on the router (not the WAN port)
- only has the ability to define a gateway on the WAN port (unused)
- has a LAN IP of (to access web management)
- has DHCP disabled.

I have set the WLAN interface rules to pass DNS. From the WLAN, I can browse Internet and access the WiFi router web management.

I have tried various rules that don't seem to have any affect. For instance:
pass on the LAN interface TCP from source to destination
pass on the WLAN interface TCP from source to destination

Any thoughts?

Pages: [1]