Netgate SG-3100 Manual
  1. Manuals
  2. Brands
  3. Netgate Manuals
  4. Gateway
  5. SG-3100
  6. Manual

Netgate SG-3100 Manual

Security gateway
Hide thumbs Also See for SG-3100:
Table of Contents

Advertisement

Quick Links

Security Gateway Manual
SG-3100
Netgate
Feb 19, 2019

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the SG-3100 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Netgate SG-3100

Summary of Contents for Netgate SG-3100

  • Page 1 Security Gateway Manual SG-3100 Netgate Feb 19, 2019...

  • Page 2: Table Of Contents

    CONTENTS 1 I/O Ports 2 SG-3100 Switch Overview 3 Getting Started 4 Connecting to Console Port 5 Additional Resources 6 Warranty and Support Information 7 Safety and Legal 8 Reinstalling pfSense 9 Optional M.2 SATA Installation...
  • Page 3 Security Gateway ManualSG-3100 Thank you for your purchase of the pfSense® SG-3100 System. This hardware platform provides a powerful, reliable, cost-effective solution. Quick Start Guide The Quick Start Guide covers the first time connection procedures and will provide you with the information you need to get your appliance up and running.

  • Page 4: I/O Ports

    CHAPTER I/O PORTS 1.1 Rear Side Ports are assigned as pictured. 1.1.1 Routed Ethernet Interface Name Port Name mvneta2 OPT1 mvneta0 LED Pattern Description Left LED only green Flashes with 1Gb traffic, solid with link. Both LEDs green Both flash with 100Mb traffic, solid with link. Right LED only green Flashes with 10Mb traffic, solid with link.
  • Page 5 Left Flashes with 10Mb traffic, solid with link. Note: Prior to pfSense software version 2.4.3, the switched Ethernet ports on the SG-3100 did not support auto MDI-X and required crossover cable unless the client-side connection supported auto MDI-X. This was resolved with 2.4.3 and later versions and a crossover cable is no longer required.
  • Page 6 Security Gateway ManualSG-3100 1.2 Front Side LED Pattern Description Boot Process The sequence, circle -> square -> diamond, quickly flashes blue. Boot Completed The diamond slowly flashes blue. Update is Available The square slowly flashes orange. 1.2. Front Side...

  • Page 7: Sg-3100 Switch Overview

    The following attributes are used in this configuration guide but can be changed to suit your particular requirements: SG-3100 Ethernet Port: LAN4 IP Address Assignment: 192.168.100.1/24 VLAN Tag: 4084 (VLAN tags should be 4081-4084 for LAN Ports 1-4) 2.1 Configuring the Switch...
  • Page 8 Security Gateway ManualSG-3100 4. In the lower right-hand corner of the screen, click + Add. 5. Choose mvneta1 (MAC Address) - lan from the Parent Interface drop-down menu. 6. Set the VLAN Tag to 4084. Type Lan port 4 as the Description. Click Save. Note: 4084 in is used as an example in this guide.
  • Page 9 Security Gateway ManualSG-3100 7. Go to the Interface Assignments sub-menu. 8. Ensure Available network ports: is correct. It is VLAN 4084 on mvneta1 - lan (Lan port 4) in this example. Click on + Add. 9. Click on OPT2. This is the Interface that matches the new VLAN being created. 10.
  • Page 10 Security Gateway ManualSG-3100 12. Scroll down and make the IPv4 Address 192.168.100.1/24 (in this example). 13. Click Save. 14. Click Apply Changes. 15. Go to Interfaces -> Switches. 16. Go to the VLANs sub-menu. Click in the Enable 802.1q VLAN mode check-box and click Save. 17.
  • Page 11 Security Gateway ManualSG-3100 18. Type 4084 for the VLAN Tag and 4 for Member(s). This represents LAN4 (port 4) and tagged should be unchecked. 19. Click + Add Member to add the LAN Uplink, 5. This member should be tagged as shown. 20.
  • Page 12 25. Click on Port VID 1 beside LAN4. Backspace through 1 and insert 4084, the new VLAN ID. 26. Click Save. This completes the configuration of a discrete port on the SG-3100. because by default, all traffic is blocked. Go to Firewall > Rules You will need to create the appropriate firewall rules...

  • Page 13: Getting Started

    CHAPTER THREE GETTING STARTED The basic firewall configuration begins with connecting the pfSense appliance to the Internet. Neither the modem nor the pfSense appliance should be powered on at this time. Establishing a connection to an Internet Service Provider (ISP) starts with connecting one end of an Ethernet cable to the WAN port (shown in the I/O Ports section) of the pfSense appliance.
  • Page 14 Security Gateway ManualSG-3100 At the login page enter the default pfSense password and username: Username admin Password pfsense Click Login to continue 3.3 Wizard Upon successful login, the following is displayed. 3.3. Wizard...

  • Page 15: Dns Servers

    Security Gateway ManualSG-3100 3.4 Configuring Hostname, Domain Name and DNS Servers 3.5 Hostname For Hostname, any desired name can be entered as it does not affect functionality of the firewall. Assigning a hostname to the firewall will allow the GUI to be accessed by hostname as well as IP address. For the purposes of this guide, use pfsense for the hostname.

  • Page 16: Time Server Synchronization

    Security Gateway ManualSG-3100 connections and the ISP automatically assigns DNS server IP addresses. When using a static IP on WAN, DNS server IP addresses must be entered here for name resolution to function if the default DNS Resolver settings are not used. DNS servers can be specified here even if they differ from the servers assigned by the ISP.

  • Page 17: Mac Address

    Security Gateway ManualSG-3100 This depicts the four possible WAN interface types. Static, DHCP, PPPoE and PPTP. One must be selected from the drop-down list. Further information from the ISP is required to proceed when selecting Static, PPPoE and PPTP such as login name and password or as with static addresses, an IP address, subnet mask and gateway address.
  • Page 18 Security Gateway ManualSG-3100 3.14 Configuring DHCP Hostname Some ISPs specifically require a DHCP Hostname entry. Unless the ISP requires the setting, leave it blank. 3.15 Configuring PPPoE and PPTP Interfaces Information added in these sections is assigned by the ISP. Configure these settings as directed by the ISP 3.14.
  • Page 19 Security Gateway ManualSG-3100 3.16 Block Private Networks and Bogons When enabled, all private network traffic originating on the internet is blocked. Private addresses are reserved for use on internal LANs and blocked from outside traffic so these address ranges may be reused by all private networks.
  • Page 20 Security Gateway ManualSG-3100 3.17 Configuring LAN IP Address & Subnet Mask A static IP address of 192.168.1.1 and a subnet mask (CIDR) of 24 was chosen for this installation. If there are no plans to connect this network to any other network via VPN, the 192.168.1.x default is sufficient. Click Next to continue.

  • Page 21: Save Changes

    Security Gateway ManualSG-3100 3.19 Save Changes Click Reload to save configuration. 3.20 Basic Firewall Configured To proceed to the webConfigurator, make the selection as highlighted. The Dashboard display will follow. 3.21 Backing Up and Restoring At this point, basic LAN and WAN interface configuration is complete. Before proceeding, backup the firewall con- figuration.
  • Page 22 Security Gateway ManualSG-3100 Click Download Configuration and save a copy of the firewall configuration. This configuration can be restored from the same screen by choosing the backup file under Restore configuration. 3.21. Backing Up and Restoring...

  • Page 23: Connecting To Console Port

    Security Gateway ManualSG-3100 3.22 Connecting to the Console There are times when accessing the console is required. Perhaps GUI console access has been locked out, or the password has been lost or forgotten. See also: Connecting to Console Port Connect to the console. Cable is required. Tip: To learn more about how to use your pfSense appliances and for other helpful resources, make sure to browse Resource Library.
  • Page 24 CHAPTER FOUR CONNECTING TO CONSOLE PORT 4.1 Simple Configuration Below are the simple instructions for connecting to the console port with Microsoft Windows. If these steps do not work for you or if you’re an operating system other than Windows, then please skip forward to Advanced Configura- tion.
  • Page 25 Security Gateway ManualSG-3100 Open PuTTY and locate the Session display as shown below. For the Connection type, select Serial. Set Serial line to the COM Port that is displayed in Windows Device Manager, COM3 for this example, and the Speed to 115200 bits per second, the speed of the BIOS in this case.
  • Page 26 Security Gateway ManualSG-3100 Select Open and the console screen will be displayed. 4.2 Advanced Configuration A Silicon Labs CP210x USB-to-UART bridge is used to provide access to the serial port that acts as a system console. This is exposed via a Mini-USB port on the front of the case. There are several steps required to access the system console via this port.
  • Page 27 Security Gateway ManualSG-3100 Warning: Do not download the SDK, only download the driver. Note: Recent versions of FreeBSD and many Linux distributions include this driver and will not require manual installation. Loading the Linux Driver If the device does not appear automatically, the CP210x driver module may need to be loaded manually, especially if the version of Linux being run is not recent.
  • Page 28 Security Gateway ManualSG-3100 Linux The device associated with the system console is likely to show up as /dev/ttyUSB0. Look for messages about the device attaching in the system log files or by running dmesg. Note: If the device does not appear in /dev/, see the note above in the driver section about manually loading the Linux driver and then try again.

  • Page 29: Troubleshooting

    Security Gateway ManualSG-3100 • Linux Example: PuTTY generally handles most cases OK but can have issues with line drawing characters on certain platforms. These settings seem to work best (tested on Windows): Window Columns x Rows = 80x24 Window > Appearance Font = Courier New 10pt or Consolas 10pt Window >...
  • Page 30 Security Gateway ManualSG-3100 • Ensure the terminal program is configured for the correct speed. The default BIOS speed is 115200, and many other modern operating systems use that speed as well. Some older operating systems or custom configurations may use slower speeds such as 9600 or 38400. •...

  • Page 31: Additional Resources

    5.2 Netgate Training Netgate training offers training courses for increasing your knowledge of pfSense products and services. Whether you need to maintain or improve the security skills of your staff or offer highly specialized support and improve your customer satisfaction; Netgate training has got you covered.

  • Page 32: Warranty And Support Information

    CHAPTER WARRANTY AND SUPPORT INFORMATION • One year manufacturer’s warranty. • Please contact Netgate for warranty information or view our Product Lifecycle page. • All Specifications subject to change without notice For support information, view our support plans.

  • Page 33: Safety Notices

    CHAPTER SEVEN SAFETY AND LEGAL Contents • Safety and Legal – Safety Notices – Electrical Safety Information – FCC Compliance – Industry Canada – Australia and New Zealand – CE Marking – RoHS/WEEE Compliance Statement – Declaration of Conformity – Disputes –...

  • Page 34: Fcc Compliance

    Security Gateway ManualSG-3100 7.2 Electrical Safety Information 1. Compliance is required with respect to voltage, frequency, and current requirements indicated on the manu- facturer’s label. Connection to a different power source than those specified may result in improper operation, damage to the equipment or pose a fire hazard if the limitations are not followed. 2.
  • Page 35 Security Gateway ManualSG-3100 7.6 CE Marking CE marking on this product represents the product is in compliance with all directives that are applicable to it. 7.7 RoHS/WEEE Compliance Statement 7.7.1 English European Directive 2002/96/EC requires that the equipment bearing this symbol on the product and/or its packaging must not be disposed of with unsorted municipal waste.

  • Page 36: Declaration Of Conformity

    7.8 Declaration of Conformity 7.8.1 ˇ Cesky[Czech] NETGATE tímto prohla uje, e tento NETGATE device, je ve shod se základními po adavky a dal ími p íslu n mi ustanoveními sm rnice 1999/5/ES. 7.8.2 Dansk [Danish] Undertegnede NETGATE erklærer herved, at følgende udstyr NETGATE device, overholder de væsentlige krav og...
  • Page 37 Alulírott, NETGATE nyilatkozom, hogy a NETGATE device, megfelel a vonatkozó alapvetõ követelményeknek és az 1999/5/EC irányelv egyéb elõírásainak. 7.8.10 Íslenska [Icelandic] Hér me l sir NETGATE yfir ví a NETGATE device, er í samræmi vi grunnkröfur og a rar kröfur, sem ger ar eru í tilskipun 1999/5/EC. 7.8.11 Italiano [Italian] Con la presente NETGATE dichiara che questo NETGATE device, è...
  • Page 38 Security Gateway ManualSG-3100 7.8.16 Slovensky [Slovak] NETGATE t mto vyhlasuje, e NETGATE device, sp a základné po iadavky a v etky príslu né ustanovenia Smernice 1999/5/ES. 7.8.17 Svenska [Swedish] Härmed intygar NETGATE att denna NETGATE device, står I överensstämmelse med de väsentliga egenskapskrav och övriga relevanta bestämmelser som framgår av direktiv 1999/5/EG.

  • Page 39: Limited Warranty

    4616 West Howard Lane, Suite 900 Austin, Texas 78728 legal@netgate.com The arbitration will be conducted by the American Arbitration Association (AAA) under its rules. The AAA’s rules are available at www.adr.org. Payment of all filing, administration and arbitrator fees will be governed by the AAA’s rules.

  • Page 40: Reinstalling Pfsense

    Security Gateway ManualSG-3100 THE PRODUCTS/SERVICES AND ALL INFORMATION, CONTENT, MATERIALS, PRODUCTS (INCLUD- ING SOFTWARE) AND OTHER SERVICES INCLUDED ON OR OTHERWISE MADE AVAILABLE TO YOU THROUGH THE PRODUCTS/SERVICES ARE PROVIDED BY US ON AN “AS IS” AND “AS AVAILABLE” BA- SIS, UNLESS OTHERWISE SPECIFIED IN WRITING.
  • Page 41 Note: The pfSense factory version is the version that is preinstalled on units purchased from Netgate. The factory image is optimally tuned for our hardware and contains some features that cannot be found elsewhere, such as the AWS VPN Wizard.
  • Page 42 Security Gateway ManualSG-3100...
  • Page 43 Security Gateway ManualSG-3100...

  • Page 44: Optional M.2 Sata Installation

    OPTIONAL M.2 SATA INSTALLATION The SG-3100 has built-in onboard eMMC storage. Optionally, a M.2 SATA drive could be installed as an upgrade or to bypass the onboard eMMC flash memory. The SG-3100 has two slots capable of installing M.2 SATA drives, J10 and J11.
  • Page 45 Security Gateway ManualSG-3100 Fig. 1: SG-3100 M.2 SATA Locations...
  • Page 46 Security Gateway ManualSG-3100 Fig. 2: Removing the SG-3100 Case Screws 5. Place the cover back on and turn the SG-3100 over. Replace the four T10 Torx case screws. Be careful not to crossthread the screws. 6. Reinstall the pfSense software on the new M.2 SATA drive.
  • Page 47 Security Gateway ManualSG-3100 Fig. 3: M.2 SATA Location and Screw Fig. 4: M.2 SATA Location and Screw Close-up...
  • Page 48 Security Gateway ManualSG-3100 Fig. 5: Insert the M.2 SATA Drive at about a 30° Angle Fig. 6: The M.2 SATA Drive Installed...

Table of Contents