Download
Share
Print this page
Rubicon Netgate-4200 Manual
  1. Manuals
  2. Brands
  3. Rubicon Manuals
  4. Gateway
  5. Netgate-4200
  6. Manual

Rubicon Netgate-4200 Manual

Security gateway
Hide thumbs

Advertisement

Quick Links

Download this manual
Security Gateway Manual
Netgate-4200
© Copyright 2024 Rubicon Communications LLC
Jan 08, 2024

Advertisement

loading
Need help?

Need help?

Do you have a question about the Netgate-4200 and is the answer not in the manual?

Questions and answers

Related Manuals for Rubicon Netgate-4200

Summary of Contents for Rubicon Netgate-4200

  • Page 1 Security Gateway Manual Netgate-4200 © Copyright 2024 Rubicon Communications LLC Jan 08, 2024...
  • Page 2 CONTENTS 1 Out of the Box 2 How-To Guides 3 References...
  • Page 3 Tip: Before getting started, a good practice is to download the PDF version of the Product Manual and the version of the pfSense Documentation in case Internet access is not available during setup. © Copyright 2024 Rubicon Communications LLC...
  • Page 4 CHAPTER OUT OF THE BOX 1.1 Getting Started The basic firewall configuration begins with connecting the Netgate® appliance to the Internet. The Netgate appliance should be unplugged at this time. Connect one end of an Ethernet cable to the WAN port (shown in the Input and Output Ports section) of the Netgate appliance.
  • Page 5 Advanced Button and then click Proceed to 192.168.1.1 (unsafe) to continue. ® 3. At the Sign In page, enter the default pfSense Plus username and password and click Next. • Default Username: admin • Default Password: pfsense © Copyright 2024 Rubicon Communications LLC...
  • Page 6 Security Gateway Manual Netgate-4200 Fig. 2: Example certificate warning message © Copyright 2024 Rubicon Communications LLC...
  • Page 7 Hostname Any desired hostname name can be entered to identify the firewall. For the purposes of this guide, the default hostname pfsense is used. Domain The domain name under which the firewall operates. The default home.arpa is used for the purposes of this tutorial. © Copyright 2024 Rubicon Communications LLC...
  • Page 8 DHCP is the default and is the most common type of WAN interface for home fiber and cable modems. Default settings for the other items on this page should be acceptable for normal home users. Default settings should be acceptable. Click Next. © Copyright 2024 Rubicon Communications LLC...
  • Page 9 Security Gateway Manual Netgate-4200 Fig. 5: Time Server Information page in the Setup Wizard Fig. 6: Configure WAN Interface page in the Setup Wizard © Copyright 2024 Rubicon Communications LLC...
  • Page 10 Plus software is installed, and if an update is available. Section 3 Describes Netgate Service and Support. Section 4 Shows the various menu headings. Each menu heading has drop-down options for a wide range of config- uration choices. © Copyright 2024 Rubicon Communications LLC...
  • Page 11 Security Gateway Manual Netgate-4200 Fig. 7: Copyright and Trademark Notices © Copyright 2024 Rubicon Communications LLC...
  • Page 12 Note: Auto Config Backup is a built-in service located at Services > Auto Config Backup. This service will save up to 100 encrypted backup files automatically, any time a change to the configuration has been made. Visit the Auto Config Backup page for more information. © Copyright 2024 Rubicon Communications LLC...
  • Page 13 System Information dashboard widget. Users can peform a manual check as well by visiting System > Update. Users can initiate an upgrade from the System > Update page as needed. For more information, see the Upgrade Guide. © Copyright 2024 Rubicon Communications LLC...
  • Page 14 Security Gateway Manual Netgate-4200 Fig. 10: Backup & Restore Fig. 11: Click Download configuration as XML © Copyright 2024 Rubicon Communications LLC...
  • Page 15 USB serial adapter or client hardware port. Note: Only one type of console connection will work at a time and the RJ45 console connection has priority. If both ports are connected only the RJ45 console port will function. © Copyright 2024 Rubicon Communications LLC...
  • Page 16 1.4.2 Front Side The front of the device has Status LEDs as well as an access panel for future expansion uses. Fig. 13: Front view of the Netgate 4200 Firewall Appliance © Copyright 2024 Rubicon Communications LLC...
  • Page 17 Diamond solid blue Upgrade Available Square solid purple Upgrade in Progress All rapidly flash green Triggering Reset Circle, Square, then Diamond solid red (Factory Reset Procedure) Reset In Progress All rapidly flash red (Factory Reset Procedure) © Copyright 2024 Rubicon Communications LLC...
  • Page 18 2. There are no operator serviceable parts inside this equipment. Service should be provided only by a qualified service technician. 3. This equipment is provided with a detachable power cord which has an integral safety ground wire intended for connection to a grounded safety outlet. © Copyright 2024 Rubicon Communications LLC...
  • Page 19 This Class B digital apparatus complies with Canadian ICES-3(B). Cet appareil numérique de la classe B est conforme à la norme NMB-3(B) Canada. 1.5.5 Australia and New Zealand This is a AMC Compliance level 2 product. This product is suitable for domestic environments. © Copyright 2024 Rubicon Communications LLC...
  • Page 20 Pour plus d’informations sur le mode d’élimination de votre ancien équipement, veuillez prendre contact avec les pouvoirs publics locaux, le service de traitement des déchets, ou l’endroit où vous avez acheté le produit. © Copyright 2024 Rubicon Communications LLC...
  • Page 21 NETGATE vakuuttaa täten että NETGATE device, tyyppinen laite on direktiivin 1999/5/EY oleellisten vaatimusten ja sitä koskevien direktiivin muiden ehtojen mukainen. Français [French] Par la présente NETGATE déclare que l’appareil Netgate, device est conforme aux exigences essentielles et aux autres dispositions pertinentes de la directive 1999/5/CE. © Copyright 2024 Rubicon Communications LLC...
  • Page 22 NETGATE deklaruoja, kad šis NETGATE ı ˛ renginys atitinka esminius reikalavimus ir kitas 1999/5/EB Direktyvos nuostatas. Malti [Maltese] Hawnhekk, Netgate, jiddikjara li dan NETGATE device, jikkonforma mal- ti ijiet essenzjali u ma provvedimenti o rajn relevanti li hemm fid-Dirrettiva 1999/5/EC. © Copyright 2024 Rubicon Communications LLC...
  • Page 23 TORY DAMAGES), AND MUST FOLLOW THE TERMS OF THESE TERMS AND CONDITIONS OF USE AS A COURT WOULD. To begin an arbitration proceeding, you must send a letter requesting arbitration and describing your claim to the following: © Copyright 2024 Rubicon Communications LLC...
  • Page 24 © Copyright 2024 Rubicon Communications LLC...
  • Page 25 LESS OTHERWISE SPECIFIED IN WRITING. YOU EXPRESSLY AGREE THAT YOUR USE OF THE PROD- UCTS/SERVICES IS AT YOUR SOLE RISK. TO THE FULL EXTENT PERMISSIBLE BY APPLICABLE LAW, RUBICON COMMUNICATIONS, LLC (RCL) AND ELECTRIC SHEEP FENCING (ESF) DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUD- ING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PAR- TICULAR PURPOSE.
  • Page 26 CHAPTER HOW-TO GUIDES 2.1 Connecting to the USB Console Port This guide shows how to access the serial console which can be used for troubleshooting and diagnostics tasks as well as some basic configuration. There are times when directly accessing the console is required. Perhaps GUI or SSH access has been locked out, or the password has been lost or forgotten.
  • Page 27 Look for an entry with a title such as Silicon Labs CP210x USB to UART Bridge. If there is a label in the name that contains “COMX” where X is a decimal digit (e.g. COM3), that value is what would be used as the port in the terminal program. © Copyright 2024 Rubicon Communications LLC...
  • Page 28 The device associated with the system console is likely to show up as /dev/cuaU0. Look for messages about the device attaching in the system log files or by running dmesg. Note: If the serial device is not present, ensure the device has power and then check again. © Copyright 2024 Rubicon Communications LLC...
  • Page 29 Note: The sudo command will prompt for the local workstation password of the current account. • Set the Connection type to Serial • Set Serial line to /dev/ttyUSB0 • Set the Speed to 115200 bits per second • Click the Open button PuTTY will then display the console. © Copyright 2024 Rubicon Communications LLC...
  • Page 30 Security Gateway Manual Netgate-4200 Fig. 1: An example of using PuTTY in Windows © Copyright 2024 Rubicon Communications LLC...
  • Page 31 If portions of the text are unreadable but appear to be properly formatted, the most likely culprit is a character encoding mismatch in the terminal. Adding the -U parameter to the screen command line arguments forces it to use UTF-8 for character encoding: sudo screen -U <console-port> 115200 © Copyright 2024 Rubicon Communications LLC...
  • Page 32 Font For the best experience, use a modern monospace unicode font such as Deja Vu Sans Mono, Liber- ation Mono, Monaco, Consolas, Fira Code, or similar. This setting may be under Terminal Appearance, Window Appearance, Text, or similar areas. © Copyright 2024 Rubicon Communications LLC...
  • Page 33 Some older operating systems or custom configurations may use slower speeds such as 9600 or 38400. Device OS Serial Console Settings Ensure the operating system is configured for the proper console (e.g. ttyS1 in Linux). Consult the various operating install guides on this site for further information. © Copyright 2024 Rubicon Communications LLC...
  • Page 34 (e.g. ttyS1 in Linux). Consult the various operating install guides on this site for further information. Bootable Media If booting from a USB flash drive, ensure that the drive was written correctly and contains a bootable operating system image. © Copyright 2024 Rubicon Communications LLC...
  • Page 35 • Set the Connection type to Serial • Set Serial line to the console port determined previously • Set the Speed to 115200 bits per second. • Click the Open button PuTTY will then display the console. © Copyright 2024 Rubicon Communications LLC...
  • Page 36 Security Gateway Manual Netgate-4200 Fig. 3: An example of using PuTTY in Windows © Copyright 2024 Rubicon Communications LLC...
  • Page 37 In many cases screen may be invoked simply by using the proper command line, where <console-port> is the console port that was located above. sudo screen <console-port> 115200 Note: The sudo command will prompt for the local workstation password of the current account. © Copyright 2024 Rubicon Communications LLC...
  • Page 38 Font For the best experience, use a modern monospace unicode font such as Deja Vu Sans Mono, Liber- ation Mono, Monaco, Consolas, Fira Code, or similar. This setting may be under Terminal Appearance, Window Appearance, Text, or similar areas. © Copyright 2024 Rubicon Communications LLC...
  • Page 39 Some older operating systems or custom configurations may use slower speeds such as 9600 or 38400. Device OS Serial Console Settings Ensure the operating system is configured for the proper console (e.g. ttyS1 in Linux). Consult the various operating install guides on this site for further information. © Copyright 2024 Rubicon Communications LLC...
  • Page 40 (e.g. ttyS1 in Linux). Consult the various operating install guides on this site for further information. Bootable Media If booting from a USB flash drive, ensure that the drive was written correctly and contains a bootable operating system image. © Copyright 2024 Rubicon Communications LLC...
  • Page 41 One exception to this is that it may be necessary to press the space bar to select the correct target disk. Note: Options such as the type of disk partition can be modified through this installation if required. © Copyright 2024 Rubicon Communications LLC...
  • Page 42 If this device contains multiple disks, such as when adding an SSD to an existing system which previously used MMC, additional steps may be necessary to ensure the device boots from and uses the correct © Copyright 2024 Rubicon Communications LLC...
  • Page 43 • This guide assumes the underlying interface is already present (e.g. physical port, VLAN, etc). • The WAN configuration type and settings must be known before starting. For example, this might be an IP address, subnet mask, and gateway value for static addresses or credentials for PPPoE. © Copyright 2024 Rubicon Communications LLC...
  • Page 44 Gateway IPv4 The IPv4 address of the gateway inside the same subnet. Description Optional text describing the purpose of the gateway. – Click – Ensure the new gateway is selected as the IPv4 Upstream Gateway © Copyright 2024 Rubicon Communications LLC...
  • Page 45 If there is more than one LAN subnet, create rules for each or use other methods such as aliases or CIDR summarization to cover them all. Destination Any Translation Address Interface Address Description Text describing the rule, e.g. LAN outbound on WAN2 © Copyright 2024 Rubicon Communications LLC...
  • Page 46 • Click Add to create another gateway group • Configure the group as follows: Group Name LoadBalance Gateway Priority Gateways for WAN and WAN2 both on Tier 1 Description Prefer WAN2, fail to WAN © Copyright 2024 Rubicon Communications LLC...
  • Page 47 DNS servers manually. • Click Save Note: If the DNS Resolver has specific outgoing interfaces selected in its configuration, select the new WAN there well as well. © Copyright 2024 Rubicon Communications LLC...
  • Page 48 It’s a good practice to have a separate DNS entry for each WAN and a shared entry for failover, or one per failover group. If that is not viable, at least have one for the most common needs. The particulars of configuring Dynamic DNS entries vary by provider and are beyond the scope of this document. © Copyright 2024 Rubicon Communications LLC...
  • Page 49 DMZ, IOT isolation, wireless segment, lab network, and more. Configuring an additional LAN • Requirements • Assign the Interface • Interface Configuration • DHCP Server • Outbound NAT • Firewall Rules – Open – Isolated • Other Services © Copyright 2024 Rubicon Communications LLC...
  • Page 50 This interface is a private network, this option would prevent it from functioning. • Uncheck Block bogon networks The rules on this interface should only allow traffic from the subnet on the interface, making this option unnec- essary. • Click Save • Click Apply Changes © Copyright 2024 Rubicon Communications LLC...
  • Page 51 Interface Choose the WAN interface. If there is more than one WAN interface, add separate rules for each WAN interface. Address Family IPv4 Protocol Any Source Network, and fill in the new LAN subnet, e.g. 192.168.2.0/24. Destination Any Translation Address Interface Address © Copyright 2024 Rubicon Communications LLC...
  • Page 52 Guest/BYOD networks, and other similar scenarios. Warning: Do not rely on tricks such as using policy routing to isolate clients. A full set of reject rules as described in this example are the best practice. © Copyright 2024 Rubicon Communications LLC...
  • Page 53 Add rule to pass ICMP to firewall • Click to add a new rule at the bottom of the list. • Configure the rule as follows: Action Pass Interface OPTx (or the custom name) Protocol ICMP © Copyright 2024 Rubicon Communications LLC...
  • Page 54 • Configure the rule as follows: Action Pass Interface OPTx (or the custom name) Protocol Any Source OPTx Net (or the custom name) Destination Any © Copyright 2024 Rubicon Communications LLC...
  • Page 55 • Factory Reset from GUI or Console Unlike some other models of Netgate hardware, the reset procedure on Netgate 4200 can be triggered while the device is running and does not require complicated timing. © Copyright 2024 Rubicon Communications LLC...
  • Page 56 When the device boots again it will be at its factory default settings and accessible from the LAN at https://192. 168.1.1. If this procedure fails, connect to the console and perform a factory reset there. © Copyright 2024 Rubicon Communications LLC...
  • Page 57 CHAPTER THREE REFERENCES 3.1 Additional Resources 3.1.1 Netgate Training ® Netgate training offers training courses for increasing your knowledge of pfSense Plus products and services. Whether you need to maintain or improve the security skills of your staff or offer highly specialized support and improve your customer satisfaction;...
  • Page 58 • All Specifications subject to change without notice For support information, view support plans offered by Netgate. See also: ® For more information on how to use pfSense Plus software, see the pfSense Documentation Resource Library. © Copyright 2024 Rubicon Communications LLC...