Download
Share
Print this page
Netgate SG-5100 Product Manual
  1. Manuals
  2. Brands
  3. Netgate Manuals
  4. Firewall
  5. SG-5100
  6. Product manual

Netgate SG-5100 Product Manual

Hide thumbs Also See for SG-5100:

Advertisement

Quick Links

Download this manual
Product Manual
SG-5100
Netgate
Sep 21, 2018

Advertisement

loading
Need help?

Need help?

Do you have a question about the SG-5100 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Netgate SG-5100

Summary of Contents for Netgate SG-5100

  • Page 1 Product Manual SG-5100 Netgate Sep 21, 2018...

  • Page 2: Table Of Contents

    CONTENTS 1 I/O Ports 2 Getting Started 3 Connecting to Console Port 4 Additional Resources 5 Warranty and Support Information 6 Safety and Legal 7 Reinstalling pfSense...
  • Page 3 Product ManualSG-5100 Thank you for your purchase of the pfSense® SG-5100 Firewall Appliance. This appliance provides a powerful, reliable, cost-effective solution. Quick Start Guide The Quick Start Guide covers the first time connection procedures and will provide you with the information you need to get your appliance up and running.

  • Page 4: O Ports

    CHAPTER I/O PORTS 1.1 Rear Side 1.2 Ethernet Ports Interface Name Port Name Port Type Port Speed IGB0 RJ-45 1 Gbps IGB1 RJ-45 1 Gbps OPT1 RJ-45 1 Gbps OPT2 RJ-45 1 Gbps OPT3 RJ-45 1 Gbps OPT4 RJ-45 1 Gbps Note: All Ethernet ports of the pfSense appliance support auto-MDIX and are capable of utilizing either straight- through or crossover ethernet cables.
  • Page 5 Product ManualSG-5100 1.3 Other Ports and Indicators • Console (Mini-USB) • Status LEDs • 2x USB 3.0 Status LED Description Top LED Add-on storage activity (does not show eMMC activity) Middle LED Activity Bottom LED Power 1.4 Front Side 1. Receessed Reset Button 2.

  • Page 6: Getting Started

    Tip: Before configuring the pfSense appliance it is best to activate it by following the instructions at https://www. netgate.com/register/. The basic firewall configuration begins with connecting the pfSense appliance to the Internet. Neither the modem nor the pfSense appliance should be powered up at this time.
  • Page 7 Product ManualSG-5100 2.2 Logging Into the Web Interface Browse to https://192.168.1.1 to access the web interface. In some instances, the browser may respond with a message indicating a problem with website security. Below is a typical example in Google Chrome. If this message or similar message is encountered, it is safe to proceed.
  • Page 8 Product ManualSG-5100 2.4 Configuring Hostname, Domain Name and DNS Servers 2.5 Hostname For Hostname, any desired name can be entered as it does not affect functionality of the firewall. Assigning a hostname to the firewall will allow the GUI to be accessed by hostname as well as IP address. For the purposes of this guide, use pfsense for the hostname.
  • Page 9 Product ManualSG-5100 connections and the ISP automatically assigns DNS server IP addresses. When using a static IP on WAN, DNS server IP addresses must be entered here for name resolution to function if the default DNS Resolver settings are not used. DNS servers can be specified here even if they differ from the servers assigned by the ISP.
  • Page 10 Product ManualSG-5100 This depicts the four possible WAN interface types. Static, DHCP, PPPoE and PPTP. One must be selected from the drop-down list. Further information from the ISP is required to proceed when selecting Static, PPPoE and PPTP such as login name and password or as with static addresses, an IP address, subnet mask and gateway address.
  • Page 11 Product ManualSG-5100 2.14 Configuring DHCP Hostname Some ISPs specifically require a DHCP Hostname entry. Unless the ISP requires the setting, leave it blank. 2.15 Configuring PPPoE and PPTP Interfaces Information added in these sections is assigned by the ISP. Configure these settings as directed by the ISP 2.14.
  • Page 12 Product ManualSG-5100 2.16 Block Private Networks and Bogons When enabled, all private network traffic originating on the internet is blocked. Private addresses are reserved for use on internal LANs and blocked from outside traffic so these address ranges may be reused by all private networks. The following inbound address Ranges are blocked by this firewall rule: •...
  • Page 13 Product ManualSG-5100 2.17 Configuring LAN IP Address & Subnet Mask A static IP address of 192.168.1.1 and a subnet mask (CIDR) of 24 was chosen for this installation. If there are no plans to connect this network to any other network via VPN, the 192.168.1.x default is sufficient. Click Next to continue.
  • Page 14 Product ManualSG-5100 2.19 Save Changes Click Reload to save configuration. 2.20 Basic Firewall Configured To proceed to the webConfigurator, make the selection as highlighted. The Dashboard display will follow. 2.21 Backing Up and Restoring At this point, basic LAN and WAN interface configuration is complete. Before proceeding, backup the firewall con- figuration.
  • Page 15 Product ManualSG-5100 Click Download Configuration and save a copy of the firewall configuration. This configuration can be restored from the same screen by choosing the backup file under Restore configuration. 2.21. Backing Up and Restoring...
  • Page 16 Product ManualSG-5100 2.22 Connecting to the Console There are times when accessing the console is required. Perhaps GUI console access has been locked out, or the password has been lost or forgotten. See also: Connecting to Console Port Connect to the console. Cable is required. 2.22.

  • Page 17: Connecting To Console Port

    CHAPTER THREE CONNECTING TO CONSOLE PORT 3.1 Simple Configuration Below are the simple instructions for connecting to the console port with Microsoft Windows. If these steps do not work for you or if you’re an operating system other than Windows, then please skip forward to Advanced Configura- tion.
  • Page 18 Product ManualSG-5100 Note: The first time you connect your computer to the SG-5100, it may take up to 3 minutes for the driver to install. It should install automatically for Windows 7 and above. Open PuTTY and locate the Session display as shown below. For the Connection type, select Serial. Set Serial line to the COM Port that is displayed in Windows Device Manager, COM3 for this example, and the Speed to 115200 bits per second, the speed of the BIOS in this case.
  • Page 19 Product ManualSG-5100 Select Open and the console screen will be displayed. 3.2 Advanced Configuration A Prolific PL2303 USB-to-UART bridge is used to provide access to the serial port that acts as a system console. This is exposed via a USB Mini-b (5-pin) port on the front of the case. There are several steps required to access the system console via this port.
  • Page 20 Product ManualSG-5100 Note: Recent versions of FreeBSD and many Linux distributions include this driver and will not require manual installation. 3.2.2 Connect a USB Cable Next, locate an appropriate USB cable. The type of cable required for the serial console has a USB Mini-b (5-pin) connector on one end and a regular USB (Type A) plug on the other end.
  • Page 21 Product ManualSG-5100 FreeBSD The device associated with the system console is likely to show up as /dev/cuaU0. Look for messages about the device attaching in the system log files or by running dmesg. 3.2.4 Launch a Terminal Program Use a terminal program to connect to the system console port. PuTTY is a popular terminal program that is available on various operating systems.
  • Page 22 Product ManualSG-5100 PuTTY generally handles most cases OK but can have issues with line drawing characters on certain platforms. These settings seem to work best (tested on Windows): Window Columns x Rows = 80x24 Window > Appearance Font = Courier New 10pt or Consolas 10pt Window >...
  • Page 23 Product ManualSG-5100 • Ensure the terminal program is configured for the proper character encoding, such as UTF-8 or Latin-1, depend- ing on the operating system. (See the previous entry under “GNU screen”) Serial Output Stops After the BIOS If serial output is shown for the BIOS but stops afterward, check the following items: •...

  • Page 24: Additional Resources

    4.2 Netgate Training Netgate training offers training courses for increasing your knowledge of pfSense products and services. Whether you need to maintain or improve the security skills of your staff or offer highly specialized support and improve your customer satisfaction;...

  • Page 25: Warranty And Support Information

    CHAPTER FIVE WARRANTY AND SUPPORT INFORMATION • One year manufacturer’s warranty. • Please contact Netgate for warranty information or view our Product Lifecycle page. • All Specifications subject to change without notice For support information, view our support plans.

  • Page 26: Safety And Legal

    CHAPTER SAFETY AND LEGAL Contents • Safety and Legal – Safety Notices – Electrical Safety Information – FCC Compliance – Industry Canada – Australia and New Zealand – CE Marking – RoHS/WEEE Compliance Statement – Declaration of Conformity – Disputes –...
  • Page 27 Product ManualSG-5100 6.2 Electrical Safety Information 1. Compliance is required with respect to voltage, frequency, and current requirements indicated on the manu- facturer’s label. Connection to a different power source than those specified may result in improper operation, damage to the equipment or pose a fire hazard if the limitations are not followed. 2.
  • Page 28 Product ManualSG-5100 6.6 CE Marking CE marking on this product represents the product is in compliance with all directives that are applicable to it. 6.7 RoHS/WEEE Compliance Statement 6.7.1 English European Directive 2002/96/EC requires that the equipment bearing this symbol on the product and/or its packaging must not be disposed of with unsorted municipal waste.
  • Page 29 6.8 Declaration of Conformity 6.8.1 ˇ Cesky[Czech] NETGATE tímto prohla uje, e tento NETGATE device, je ve shod se základními po adavky a dal ími p íslu n mi ustanoveními sm rnice 1999/5/ES. 6.8.2 Dansk [Danish] Undertegnede NETGATE erklærer herved, at følgende udstyr NETGATE device, overholder de væsentlige krav og...
  • Page 30 Alulírott, NETGATE nyilatkozom, hogy a NETGATE device, megfelel a vonatkozó alapvetõ követelményeknek és az 1999/5/EC irányelv egyéb elõírásainak. 6.8.10 Íslenska [Icelandic] Hér me l sir NETGATE yfir ví a NETGATE device, er í samræmi vi grunnkröfur og a rar kröfur, sem ger ar eru í tilskipun 1999/5/EC. 6.8.11 Italiano [Italian] Con la presente NETGATE dichiara che questo NETGATE device, è...
  • Page 31 Product ManualSG-5100 6.8.16 Slovensky [Slovak] NETGATE t mto vyhlasuje, e NETGATE device, sp a základné po iadavky a v etky príslu né ustanovenia Smernice 1999/5/ES. 6.8.17 Svenska [Swedish] Härmed intygar NETGATE att denna NETGATE device, står I överensstämmelse med de väsentliga egenskapskrav och övriga relevanta bestämmelser som framgår av direktiv 1999/5/EG.
  • Page 32 4616 West Howard Lane, Suite 900 Austin, Texas 78728 legal@netgate.com The arbitration will be conducted by the American Arbitration Association (AAA) under its rules. The AAA’s rules are available at www.adr.org. Payment of all filing, administration and arbitrator fees will be governed by the AAA’s rules.
  • Page 33 Product ManualSG-5100 THE PRODUCTS/SERVICES AND ALL INFORMATION, CONTENT, MATERIALS, PRODUCTS (INCLUD- ING SOFTWARE) AND OTHER SERVICES INCLUDED ON OR OTHERWISE MADE AVAILABLE TO YOU THROUGH THE PRODUCTS/SERVICES ARE PROVIDED BY US ON AN “AS IS” AND “AS AVAILABLE” BA- SIS, UNLESS OTHERWISE SPECIFIED IN WRITING. WE MAKE NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, AS TO THE OPERATION OF THE PRODUCTS/SERVICES, OR THE INFORMATION, CONTENT, MATERIALS, PRODUCTS (INCLUDING SOFTWARE) OR OTHER SERVICES INCLUDED ON OR OTHERWISE MADE AVAILABLE TO YOU THROUGH THE PRODUCTS/SERVICES, UN-...

  • Page 34: Reinstalling Pfsense

    Note: The pfSense factory version is the version that is preinstalled on units purchased from Netgate. The factory image is optimally tuned for our hardware and contains some features that cannot be found elsewhere, such as the AWS VPN Wizard.
  • Page 35 Product ManualSG-5100...