Many times when I have attempted to upgrade a 1100, 3100, or 4100 router, they get bricked and must then have their firmware rewritten via USB stick using the SSH console. The failure rate is unacceptable, so the question is whether Netgate even tests the upgrades before releasing them? Is it just expected at this point that the upgrades will fail and will require manual intervention to get the network running again? It's very frustrating when a planned 20 minute outage turns into what could be 2 or more hours...

Hey guys -- I keep seeing the ISC DHCP end-of-life notifications on my pfSense+ dashboard.

Question is, can I just switch from ISC to Kea without any issues? Will it break any of my settings, rules or static mappings?

Any help is appreciated.

I wanted to get your opinion of this breakdown of pfSense Plus software’s security capabilities. Which features in this list are most useful to you?

1. Intrusion Detection/Prevention

• Snort and Suricata integration
• Custom rules support
• Emerging threats database
• Real-time packet analysis
• Low false positive rates with tunable thresholds

2. Authentication Framework

• Multi-factor authentication
• RADIUS/LDAP integration
• Certificate-based auth
• User/group-based access control
• Session management

3. VPN Infrastructure

• Hardware-accelerated encryption (AES-NI)
• Multiple protocol support:
  • IPsec with IKEv2
  • OpenVPN (TCP/UDP)
  • Wireguard
• Split DNS configuration
• NAT mapping
• Mobile device support

4. Monitoring & Analysis

• Real-time traffic analysis
• Detailed logging with remote syslog
• SNMP v3 support
• NetFlow data export
• Custom alert configurations

5. Active Protection

• pfBlockerNG integration
• Geographic IP blocking
• DNS blacklisting
• Port scan detection
• DDoS mitigation

What security features do you find most valuable in your deployment? Any specific configurations that have worked particularly well?

More info: https://www.netgate.com/pfsense-features

There's a growing trend of devices running pfSense with eMMC-based storage dying in 2-3 years, and in some cases, failing in less than 1 year. eMMC storage is found in all Netgate devices other than the "MAX" versions, and also in many popular small-form-factor appliances. Typical eMMC sizes are 8-32GB and it is usually soldered to the board and can't be replaced.

Often, users are unaware that enabling additional logging or that many of the popular packages for pfSense, combined with these small storage sizes and technical limitations of eMMC, will result in accelerated wear out and sudden death of the storage. This can happen with SATA and NVMe drives, so it's a good idea to check them too.

When the eMMC storage is fully worn out, pfSense may continue partially working for a short while, unknown to the user, and then will become completely non-responsive , usually when a critical process needs to access the storage, or when the device is rebooted.

To check the health of your storage device from within pfSense, navigate to Diagnostics > Command Prompt and run these commands:

pkg install -y mmc-utils;

mmc extcsd read /dev/mmcsd0rpmb | egrep 'LIFE|EOL'

The Type A and Type B wear are hex values that you multiply by 10 to get a percentage. For example, 0x05 is 50%, 0x0a is 100%, and 0x0b is 110% wear.

https://docs.netgate.com/pfsense/en/latest/troubleshooting/disk-lifetime.html

For more information, check out this thread on the Netgate forums:

https://forum.netgate.com/topic/195990/another-netgate-with-storage-failure-6-in-total-so-far

Hi everyone! I am looking for a DAC cable and a SFP transceiver RJ45 1G that is compatible with my Netgate 7100. The DAC cable would connect to my Cisco switch. Any suggestions?

My internet went down recently. My isp node showed data transfer so I unplugged my 4100 and plugged it back in. Now the light is solid orange. I tried the factory reset procedure but it’s not responding. Also removed the battery. No results as well. Just stuck on orange. Out of warranty. Stuck on what to do

I wanted to share a case study about how Chitale Dairy, one of India's largest dairy processors, solved their networking challenges using TNSR software.

The Challenge: Chitale Dairy needed to manage millions of routes, numerous ISPs, and an internet exchange for multihoming. Traditional solutions cost $40,000+.

The Solution: After evaluating Sophos and Cisco, they implemented Netgate's TNSR software on Dell VP 460 and Netgate 8300 hardware.

The Results:

• Successfully manages millions of BGP routes
• Handles hundreds of Gbps of traffic
• Maintains low latency
• Provides full control through CLI, RESTCONF API, and GUI
• Achieved at roughly 10% of traditional solution costs

For network engineers dealing with similar challenges, what aspects of this implementation interest you most?

Learn More: https://www.netgate.com/customer-stories/chitale-dairy

I'm in a sticky situation where I need to put a fan on my netgate4200. I noticed the motherboard has 3-pins at J49 next to to the USB port. Is this for a fan? has anyone tested this before?

Or are they of separate VLAN?

As a network security solution, pfSense Plus has become increasingly popular among businesses, and there are some compelling technical reasons why. Let me break down the key factors that make it stand out for business deployments:

Technical Advantages:

• Full-featured routing with BGP, OSPF support
• Hardware-accelerated AES-NI/QAT for VPN performance
• Zero-compromise IDS/IPS with Snort/Suricata integration
• Advanced high availability with CARP
• Multi-WAN load balancing and failover
• Native support for both IPv4 and IPv6

Business Benefits:

• No artificial throughput limits or licensing tiers
• Significantly lower TCO compared to traditional vendors
• Business-grade TAC assistance included
• Regular security updates and lifetime upgrades
• Flexible deployment options (bare metal, VM, cloud)

Real Performance Numbers (8300 MAX):

• Up to 28.6 Gbps firewall throughput 
• Up to 14.6 Gbps IPsec VPN (with AES-GCM-128)
• Handles 10k+ firewall rules without performance degradation

What really sets it apart is the combination of business features without the typical business cost structure. You get everything you need without paying for features you don't use.

What's your experience with pfSense Plus in business environments? What made you choose it over “traditional” vendors?

Learn More: https://www.netgate.com/pfsense-plus-software

I want to buy a 4200, but is the extra storage memory useful?

I did search I swear :) Just a couple of questions I want clarity on as the answers were not particularly clear.

1. Do I understand it correctly that the only difference between base and max is the inclusion of the SSD - the weird one with b+m key and if I buy one off of amazon for like 30-40 bucks, open up the box and install it I will basically have a functioning MAX box?

2. Since it only has 2 10Gbps ports - I presume I can have a wan coming in to one and then another connecting to my 10Gbps switch that would serve the local LAN and 10Gbps capable devices on it - is that correct?

Thank you!

I got a Netgate 2100 earlier this year and it's been working great, except for one recent detail: When it reboots it pulls a very old config, rather than the most recent currently applied config. I can restore the recent config either from AutoBackup or from a file, and that seemed to work, but as soon as I reboot it it reverts to the old config.

I can't say how long this has been going on, as I just don't really reboot it very often. I only realized yesterday when I had a power outage and observed the behavior.

One thing of note: I did recently switch from the legacy DHCP server to the new one. I think, but I'm not sure, that this required a reboot which also pulled the old config. I do know I had to go in and re-apply all my static mappings that had changed. So it might've been going on at least since then.

One final point - when I restore the new config (but don't reboot it) I noticed that the DHCP server has to be re-started manually. For some reason after I restore the new config, the DHCP server is stopped.

Any ideas much appreciated!

I've just tried to update my SG2100 from 24.03 to 24.11, but got an error indicating a failed update due to lack of disk space:

https://preview.redd.it/4bu860o0tg7e1.png?width=922&format=png&auto=webp&s=ddbe47fed13ca429d0ea3a26a2f57faa83ed6804

https://preview.redd.it/adfbnzxusg7e1.png?width=952&format=png&auto=webp&s=6fe4a7e2850eaa5a9ace98e82496b5c83cddbd9d

Is the next step to get Netgate support involved or can I fix this some other way?

I've also taken a backup of the update log.

I have a friend with a small ISP and have been asked to help upgrade the infrastructure. They need to replace several BGP route-reflectors and edge routers. I was looking at the 8300 MAX router, and wondering if anyone had any experience running this is a live BGP environments with full Internet route tables (ie. 1M+ routes in the table and 3M+ entries in the FIB). My friend is looking to upgrade the backbone to 10g+, so the 8300 MAX seems like a good fit, but I've been burned before trying to get lower costs solutions to work in BGP deployments, so I was hoping to see if anyone has actual production experience. Thanks Much.

Everytime I try to post asking for help configuring ExpressVPN on pfsense my post gets removed??

https://preview.redd.it/o2kj20su2n4e1.jpg?width=1162&format=pjpg&auto=webp&s=366bda6aa5884a44732a9b19ed38604ee777e477

What is the answer to the Anti-Spam??

previous thread

Unable to see the Prolific PL2303 when I connect my Win10 laptop to the SG-1100. I have tried this having removed the board from its casing as to enable my micro USB cable to be inserted fully into the port. At this stage my laptop does not respond in any way when I connect it.

What are my next troubleshooting steps...solder a new micro USB port to the board?

Set up my first 4200 today. Replaced an old 3100 (which was working fine after 6+ years btw...)

LUCKILY I was able to figure out a way to get the config upgraded and interfaces reassigned using trial and error, Wireshark, and a bit of luck. The unit is running great on 24.11 + Kea DHCP.

BUT what should have been a 30 minute task ended up being close to 2 hours because I just couldn't get the damn console port to work. It would just display a blinking cursor, no output or apparent input happening. COMx port was fully detected in Device Manager and/or macOS /dev/cu.usbserial-xxx as well.

I read https://docs.netgate.com/pfsense/en/latest/solutions/netgate-4200/connect-to-console.html and have done this many times before with similar units, never had any issue! So I don't think it was a PEBCAK or ID10T error. I (re)installed the CP2104 VCP drivers, played around with different terminals, factory reset the unit, played around with baudrates 9600-115200, even tried 2 different laptops (1 Mac and 1 Windows)...

Is there something special or different about the port on the 4200 that requires some voodoo?

Did I receive a faulty unit? A bad USB-serial cable?

This release brings several major features that our users have requested, along with over 70 other improvements and bug fixes. Major features include:

• Kea DHCP Enhancements, including support for High Availability, as well as increased integration into Unbound. Among other things, this allows for DHCP client registration in the Unbound DNS Resolver and smoother updating of Unbound.
• Multi-instance Management Early Look
• System Aliases in Custom Rules
• NTP Authentication

Blog Post: https://www.netgate.com/blog/netgate-releases-pfsense-plus-software-version-2411-0
Release Notes: https://docs.netgate.com/pfsense/en/latest/releases/24-11.html

Purchased on Facebook Marketplace 11 days ago / delivered last week. Purchased power adapter off Netgate Store last week / arrived yesterday.

On Web GUI, default credentials (admin / pfsense) do not work. Do not have existing password. Contacted FBM seller for password / has not responded.

Tried using multiple USB A-to-micro cables with / ports on my Linux laptop / unable to see /dev/ttyUSB0, even when SG-1100 is powered on.

Tried using multiple USB ports on my Win10 laptop / connecting SG-1100 w/ power on shows no change in Device Manager. Tried installing PL2303 drivers on Win10 laptop / no change.

The pursuit and stand-up of Netgate hardware has been an aggravating waste of time and money. I'm about to just give up and assemble a spare PC for pfSense instead.

Hello!

Thank you in advance for any guidance.

I have a 4100 on version 24.03 connected to a ATT router to a ADSL network. I also connect to the office VPN.

I've encountered a strange scrolling issue on my computers. I can be scrolling thru email, or a long web page and suddenly it will jump to the top of the page. It happens on a windows 10 pc, an macbook and a dell laptop on windows 11.

The ATT router is not in bridge mode so I'm double nat'ing.

Other than the weird scrolling thing, and slow provider, all else seems to work fine.

Thoughts or advice? I've done some IT work and never seen anything like this before.

thank you!

_john

Will there any Black Friday Sales for Netgate product this year? Online or Retail. Thanks!

We're growing and Netgate is looking for a few Production Support Analysts to join our team as a member of TAC (Technical Assistance Center). Join our team of customer-facing support engineers helping our fantastic customers around the world.

• Our team works 12-hour shifts (4 days one week, 3 days the next week, rotating) so you get 7 days off every two weeks.
• Constant exposure to different issues to sharpen your analytical and critical thinking skills.
• TAC can be a stepping stone to other roles in the company. This is part of the reason we're growing right now.
• This role can be performed remotely, offering flexibility in work location.
• You will be a member of a close-knit team that makes it their mission to solve problems and create happy customers.
• Most members of this team have been with Netgate for years.

If this interests you and you are a high-performing team player, drop us a line. The full job description and instructions can be found at https://www.netgate.com/jobs/production-support-analyst

Principals only.

My hardware is connected per the Netgate getting started instructions per below

Frontier ONT>Cat 6>4200 Port 1 PC>Cat 6>4200 Port 2

When I power up the 4200 with it connected per above I can’t access the web interface via 192.168.1.1.m, site not found

I disconnect the Ethernet cable from port 1, restart the 4200, and I can access the 4200 on 192.168.1.1. is this normal behavior?

If called Frontier thinking that maybe the Frontier ONT had to be placed into bridge mode but was told the ONT does not have a bridge mode. It just passes data though and does not assign IP addresses.

Do I just finish configuring the 4200 then plug the 4200 back into the ONT to be able to access the web?

Thanks for any help.

Hi,

I'm trying to install pfsense+ on a dedicated server via IPMI and I'm getting two issues.

First the boot fails with error 19 when it can't find the image on /dev/iso9660/PFSENSE

https://preview.redd.it/tuszavop0q1e1.png?width=1048&format=png&auto=webp&s=c8f55707dcd97aa35af7adee1934fd69d9e7ea7b

But if you typecd9660:/dev/cd0 it boots the installer. After loading everything, it doesn't start the installer with the error "Cannot connect to the installer daemon", as showed below. Retrying doesn't help.

https://preview.redd.it/s6lr5u6y0q1e1.png?width=658&format=png&auto=webp&s=27f5d75d26afcb28e30e79306bf6e622b7b56734

And the content of /var/log/daemon.log

system_get_rootfs_mount: invalid rootfs label: /dev/cd0

cannot get the rootfs mount info

failed to load the system settings

https://preview.redd.it/231xojdf1q1e1.png?width=654&format=png&auto=webp&s=fb9a05dfffdc3ec289af787b9b38b0cf97fccf58

And I can't get past this. Please, someone knows how to fix this and start the netgate installer?

Thanks.

Hi, i read that some netgates emmc fails due to logging over the time. I ordered a 6100 max with builtin SSD. Am i fine or will the SSD die in a short amount of time, too? I won't use external packages, Just 2 wan loadbalancing and Routing for 4 vlans with around 1k clients. Once Setup successfully i think about deactivating Firewall logging and only activate IT in Case of Problem Analysis. Any thoughts? Thanks

This release brings several major features that our users have requested, along with over 70 other improvements and bug fixes. As we prepare for the GA release, we invite you to try out the Release Candidate and share your feedback with us. 

Learn More: https://www.netgate.com/blog/netgate-releases-rc-of-pfsense-plus-software-version-2411

TNSR 24.10 is now available! New features include VPF for NAT and Filters, DHCP relay support, and core performance updates. 

Netgate TNSR is a high-speed (exceeding 100 Gbps) virtual router and VPN aggregator. TNSR is the answer for businesses, governments, and xSPs looking for scalable routing without the six-figure price tag.

Learn More: https://www.netgate.com/blog/netgate-releases-tnsr-software-version-2410

#TNSR #Netgate #router #vpn

This release brings several major features that our users have requested, along with over 70 other improvements and bug fixes. Major features include: 

• Kea DHCP Enhancements, including support for High Availability, as well as increased integration into Unbound. Among other things, this allows for DHCP client registration in the Unbound DNS Resolver and smoother updating of Unbound.  
• Multi-instance Management Early Look
• System Aliases in Custom Rules
• NTP Authentication

Learn More: https://www.netgate.com/blog/netgate-releases-beta-of-pfsense-plus-software-version-24-11