Download Print this page
Hide thumbs Also See for 8300:

Advertisement

Quick Links

Security Gateway Manual
Netgate-8300
© Copyright 2024 Rubicon Communications LLC
Aug 15, 2024

Advertisement

loading
Need help?

Need help?

Do you have a question about the 8300 and is the answer not in the manual?

Questions and answers

Summary of Contents for Netgate 8300

  • Page 1 Security Gateway Manual Netgate-8300 © Copyright 2024 Rubicon Communications LLC Aug 15, 2024...
  • Page 2 CONTENTS 1 Out of the Box 2 How-To Guides 3 References...
  • Page 3 Security Gateway Manual Netgate-8300 This Quick Start Guide covers the first time connection procedures for the Netgate® 8300 Security Gateway and will provide the information needed to keep the appliance up and running. Tip: Before getting started, a good practice is to download the...
  • Page 4: Getting Started

    Warning: The plastic overwrap must be removed from both the top and bottom of the unit before installing the device in a rack. 1.1.2 Rack Installation The Netgate 8300 is intended to be rack mounted. The best practice is to mount the unit in a rack before connecting it to the network or power. 1.1.3 Connect Network Cables...
  • Page 5: Connect Power

    Netgate-8300 1.1.4 Connect Power The Netgate 8300 ships with one or two power supplies depending on the specific model or purchased add-ons. Connect power to all installed power supplies before powering on the unit. Note: Though the device can function with only a single power supply connected, the best practice is to always connect power to both power supplies.
  • Page 6 Connecting to the Console Port. Warning: The default IP Address on the LAN subnet on the Netgate firewall is 192.168.1.1/24. The same subnet cannot be used on both WAN and LAN, so if the default IP address on the ISP-supplied modem is also 192.168.1.1/24, disconnect the WAN interface until the LAN interface on the firewall has been renumbered to...
  • Page 7: Initial Configuration

    Allow 4 or 5 minutes to boot up completely. Warning: If the ISP Customer Premise Equipment (CPE) on WAN (e.g. Fiber or Cable Router) has a default IP Address of 192.168.1.1, disconnect the Ethernet cable from the P10 port on the Netgate 8300 Security Gateway before proceeding.
  • Page 8 Security Gateway Manual Netgate-8300 Fig. 2: Example certificate warning message © Copyright 2024 Rubicon Communications LLC...
  • Page 9 Fig. 3: Setup Wizard starting page 1. Click Next to start the Setup Wizard. 2. Click Next after reading the information on Netgate Global Support. 3. Use the following items as a guide to configure the options on the General Information page: Hostname Any desired hostname name can be entered to identify the firewall.
  • Page 10 Security Gateway Manual Netgate-8300 Fig. 4: General Information page in the Setup Wizard © Copyright 2024 Rubicon Communications LLC...
  • Page 11 Plus dashboard, click Finish. Note: This step of the wizard also contains several useful links to Netgate resources and methods of obtaining assistance with the product. Be sure to read through the items on this page before finishing the wizard.
  • Page 12 Read and click Accept to continue to the dashboard. If the Ethernet cable was unplugged at the beginning of this configuration, reconnect it to the P10 port now. This completes the basic configuration for the Netgate appliance. © Copyright 2024 Rubicon Communications LLC...
  • Page 13 Security Gateway Manual Netgate-8300 Fig. 7: Copyright and Trademark Notices © Copyright 2024 Rubicon Communications LLC...
  • Page 14 ® Fig. 8: The pfSense Plus Dashboard Section 1 Important system information such as the model, Serial Number, and Netgate Device ID for this Netgate firewall. Section 2 ® Identifies what version of pfSense Plus software is installed, and if an update is available.
  • Page 15: Backup And Restore

    Click Download configuration as XML and save a copy of the firewall configuration to the computer connected to the Netgate firewall. This backup (or any backup) can be restored from the same screen by choosing the backed up file under Restore Configuration.
  • Page 16 Security Gateway Manual Netgate-8300 Fig. 10: Backup & Restore Fig. 11: Click Download configuration as XML © Copyright 2024 Rubicon Communications LLC...
  • Page 17: Connecting To The Console

    1.4 Input and Output Ports 1.4.1 Front Panel The front panel of the Netgate 8300 contains several items of interest for connecting to and managing the device. Fig. 12: Front view of the Netgate 8300 Security Gateway with key items numbered...
  • Page 18 PSUs connected to line power. The Netgate 8300 BASE unit ships with one power supply, the Netgate 8300 MAX unit ships with dual power supplies. Additional power supplies are available. A second PSU can be added to the BASE model later by removing the blank panel cover.
  • Page 19 Networking Ports The sections on the front of the device numbered 7, 8, and 9 in Front view of the Netgate 8300 Security Gateway with contain the network interfaces. These ports are labeled P0 through P10 on the device and are key items numbered grouped by speed.
  • Page 20 WAN, LAN, and other ports being assigned to different physical interfaces. There are two add-on expansion card slots on the Netgate 8300 device and they can both be populated with network cards, for a total of either two or four additional network ports.
  • Page 21: Status Leds

    1.4.2 Status LEDs The Netgate 8300 has two groups of status LEDs: Three LEDs (including the power button) for the operating system status, and one LED for the baseboard management controller (BMC) status. The Operating System status LEDs are labeled with shapes which correspond to each LED: Green Circle, Blue Square, and Black Diamond.
  • Page 22 Security Gateway Manual Netgate-8300 Fig. 13: Close-up view of the Netgate 8300 Security Gateway Status LEDs © Copyright 2024 Rubicon Communications LLC...
  • Page 23: Rear Panel

    The rear panel of the device has items which are not meant to be accessed as often as the front, as the device is intended to be mounted in a rack. Fig. 14: Rear view of the Netgate 8300 Security Gateway with key items numbered The items below are marked with numbers on figure...
  • Page 24: Safety And Legal

    (UPS) or a combination of those devices. Failure to take such precautions could result in premature failure, and/or damage to your Netgate appliance, which is not covered under the product warranty. Such an event may also present the risk of electric shock, fire, or explosion.
  • Page 25: Fcc Compliance

    Security Gateway Manual Netgate-8300 1.5.3 FCC Compliance Changes or modifications not expressly approved by the party responsible for compliance could void the user’s authority to operate the equipment. This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: 1.
  • Page 26 Security Gateway Manual Netgate-8300 Deutsch Die Europäische Richtlinie 2002/96/EC verlangt, dass technische Ausrüstung, die direkt am Gerät und/oder an der Verpackung mit diesem Symbol versehen ist, nicht zusammen mit unsortiertem Gemeindeabfall entsorgt werden darf. Das Symbol weist darauf hin, dass das Produkt von regulärem Haushaltmüll getrennt entsorgt werden sollte. Es liegt in Ihrer Verantwortung, dieses Gerät und andere elektrische und elektronische Geräte über die dafür zuständigen und von...
  • Page 27 Netgate-8300 1.5.8 Declaration of Conformity Česky[Czech] NETGATE tímto prohla uje, e tento NETGATE device, je ve shod se základními po adavky a dal ími p íslu n mi ustanoveními sm rnice 1999/5/ES. Dansk [Danish] Undertegnede NETGATE erklærer herved, at følgende udstyr NETGATE device, overholder de væsentlige krav og øvrige relevante krav i direktiv 1999/5/EF.
  • Page 28 Alulírott, NETGATE nyilatkozom, hogy a NETGATE device, megfelel a vonatkozó alapvetõ követelményeknek és az 1999/5/EC irányelv egyéb elõírásainak. Íslenska [Icelandic] Hér me l sir NETGATE yfir ví a NETGATE device, er í samræmi vi grunnkröfur og a rar kröfur, sem ger ar eru í tilskipun 1999/5/EC. Italiano [Italian] Con la presente NETGATE dichiara che questo NETGATE device, è...
  • Page 29 Security Gateway Manual Netgate-8300 Slovensky [Slovak] NETGATE t mto vyhlasuje, e NETGATE device, sp a základné po iadavky a v etky príslu né ustanovenia Smernice 1999/5/ES. Svenska [Swedish] Härmed intygar NETGATE att denna NETGATE device, står I överensstämmelse med de väsentliga egenskapskrav och övriga relevanta bestämmelser som framgår av direktiv 1999/5/EG.
  • Page 30: Applicable Law

    Security Gateway Manual Netgate-8300 Austin, Texas 78728 legal@netgate.com The arbitration will be conducted by the American Arbitration Association (AAA) under its rules. The AAA’s rules are available at www.adr.org. Payment of all filing, administration and arbitrator fees will be governed by the AAA’s rules.
  • Page 31: Limited Warranty

    Security Gateway Manual Netgate-8300 1.5.13 Limited Warranty DISCLAIMER OF WARRANTIES AND LIMITATION OF LIABILITY THE PRODUCTS/SERVICES AND ALL INFORMATION, CONTENT, MATERIALS, PRODUCTS (INCLUD- ING SOFTWARE) AND OTHER SERVICES INCLUDED ON OR OTHERWISE MADE AVAILABLE TO YOU THROUGH THE PRODUCTS/SERVICES ARE PROVIDED BY US ON AN “AS IS” AND “AS AVAILABLE” BA- SIS, UNLESS OTHERWISE SPECIFIED IN WRITING.
  • Page 32: How-To Guides

    2.1.1 Connecting to IPMI Web Browser Serial Console The IPMI interface on the Netgate 8300 contains a web-based serial console accessible via browser. This client is HTML-based and does not require extra software, only a current web browser.
  • Page 33 A separate adapter is required to make a connection between a computer and the firewall using the RJ45 serial port. The Netgate 8300 device ships with a USB A to RJ45 console cable suitable for this purpose. Fig. 1: Serial cable connected to RJ45 Console Port Any compatible cable may be used instead of the one shipped with the device.
  • Page 34 Security Gateway Manual Netgate-8300 macOS For macOS the best practice is to run GNU screen, or cu. An example of how to configure GNU screen is below. Linux For Linux the best practices are to run GNU screen, Linux, minicom, or dterm. Examples of how to PuTTY in configure PuTTY and GNU screen are below.
  • Page 35 Security Gateway Manual Netgate-8300 Fig. 2: An example of using PuTTY in Windows © Copyright 2024 Rubicon Communications LLC...
  • Page 36: Terminal Settings

    Security Gateway Manual Netgate-8300 Fig. 3: An example of using PuTTY in Linux If portions of the text are unreadable but appear to be properly formatted, the most likely culprit is a character encoding mismatch in the terminal. Adding the -U parameter to the screen command line arguments forces it to use UTF-8 for character encoding: sudo screen -U <console-port>...
  • Page 37: What's Next

    Security Gateway Manual Netgate-8300 Warning: Hardware flow control (RTS/CTS) must be disabled. Terminal Optimization Beyond the required settings there are additional options in terminal programs which will help input behavior and output rendering to ensure the best experience. These settings vary location and support by client, and may not be available in all clients or terminals.
  • Page 38: Troubleshooting

    Some devices expose multiple ports, so using the incorrect port may lead to no output or unexpected output. Hardware Failure There could be a hardware failure preventing the serial console from working. Contact Netgate TAC for assis- tance. No Serial Output...
  • Page 39 Security Gateway Manual Netgate-8300 PuTTY has issues with line drawing PuTTY generally handles most cases OK but can have issues with line drawing characters on certain platforms. These settings seem to work best (tested on Windows): Window Columns x Rows 80x24 Window >...
  • Page 40: Intelligent Platform Management Interface (Ipmi)

    2.2 Intelligent Platform Management Interface (IPMI) The Netgate 8300 appliance includes a baseboard management controller (BMC) for out-of-band (OOB) access via Intelligent Platform Management Interface (IPMI). Administrators can use this interface to control the hardware itself, such as power on/off, access a serial over LAN (SOL) console, mount virtual media for installation, see hardware status events, and more.
  • Page 41 2.2.2 Default IPMI Credentials The default IPMI username is root and the default password is root. In compliance with privacy legislation, the Username and Password to access the IPMI port on the Netgate 8300 must be changed on first access.
  • Page 42 Security Gateway Manual Netgate-8300 Fig. 4: IPMI Web Console forcing a password change on first login © Copyright 2024 Rubicon Communications LLC...
  • Page 43 Security Gateway Manual Netgate-8300 2.2.4 Changing the IPMI Password The IPMI password for Netgate 8300 appliances can be changed either through the browser-based IPMI console or by using the ipmitool utility directly in pfSense® software. Using IPMI Web Console To change the IPMI password in the web console: •...
  • Page 44 Security Gateway Manual Netgate-8300 Note: If the username is not known, see the next section for information on how to use ipmitool to view the current user list. • Navigate to Configuration > Users Fig. 6: Configuration > Users • Select the user to modify by clicking on its row in the list This is likely the root user or another user with Administrator privileges, typically the user in the second slot (User ID 2).
  • Page 45 Security Gateway Manual Netgate-8300 Fig. 7: Modify User User Name Change the username from the default root to a personalized name This is optional, but a best practice. Change Password Click to enable the slider Password Enter the new Password If the password is acceptable, the field will be outlined in green.
  • Page 46 Security Gateway Manual Netgate-8300 Fig. 8: Modify User Form Fig. 9: Click Confirm © Copyright 2024 Rubicon Communications LLC...
  • Page 47 NO ACCESS Warning: Usernames are case-sensitive. • Reset the password for a user The default root user is User ID 2, and the example below sets the password for this user to NETGATE. ipmitool user password NETGATE Warning: This password is for example purposes only. Use a secure password.
  • Page 48 • Unload the IPMI kernel module kldunload ipmi 2.2.6 Re-arm the Chassis Intrusion Switch The chassis on Netgate 8300 has an intrusion detection function which can be reset via IPMI. See Re-arm the Chassis for details. Intrusion Switch...
  • Page 49: Warnings And Precautions

    2.3 Updating the Baseboard Management Controller Firmware Occasionally there are updates to the Baseboard Management Controller (BMC) firmware on the Netgate 8300 to address problems or improve features. This firmware can be updated using the web interface on the BMC which also contains Intelligent Platform Management Interface (IPMI) functionality.
  • Page 50: Update The Firmware

    Security Gateway Manual Netgate-8300 2.3.4 Update the Firmware • Navigate to Configuration > Firmware Update in the web interface. Fig. 10: Firmware Update menu location • Check Reboot immediately after update. Warning: This reboots the BMC and the operating system.
  • Page 51 Security Gateway Manual Netgate-8300 Fig. 11: Check the box to automatically reboot when the update finishes Fig. 12: Select the firmware update file (e.g. BMC_FW-Update.bin) © Copyright 2024 Rubicon Communications LLC...
  • Page 52 Security Gateway Manual Netgate-8300 Fig. 13: Firmware file upload in progress © Copyright 2024 Rubicon Communications LLC...
  • Page 53 Security Gateway Manual Netgate-8300 Fig. 14: Firmware update in progress © Copyright 2024 Rubicon Communications LLC...
  • Page 54 Security Gateway Manual Netgate-8300 Fig. 15: Click Update to perform the firmware update Fig. 16: Checking the BMC firmware version © Copyright 2024 Rubicon Communications LLC...
  • Page 55 Security Gateway Manual Netgate-8300 Fig. 17: Factory Reset menu location Fig. 18: Click Restore to perform the factory reset © Copyright 2024 Rubicon Communications LLC...
  • Page 56 • Change any other settings and make any other customizations as needed. 2.4 Re-arm the Chassis Intrusion Switch The chassis on Netgate 8300 has an intrusion detection function. If the chassis has been opened the intrusion switch will be tripped even if the power was off.
  • Page 57 Plus software on a Netgate 8300 device. ® Note: pfSense Plus is preinstalled on Netgate appliances. It is optimally tuned for Netgate hardware and contains features that cannot be found elsewhere, such as ZFS Boot Environments, OpenVPN DCO, Built-in IPFIX Export, and AWS VPC Wizard.
  • Page 58 The most common use case for multiple drives in this device is a ZFS mirror, with both drives selected as targets. 2.5.6 Install pfSense Plus Software The installer will automatically launch and present several options. On Netgate appliances, choosing Enter for the default options will complete the installation process in most cases.
  • Page 59: Interface Configuration

    Security Gateway Manual Netgate-8300 • Firewall Rules • Gateway Groups • • Setup Policy Routing • Dynamic DNS • VPN Considerations • Testing 2.6.1 Requirements • This guide assumes the underlying interface is already present (e.g. physical port, VLAN, etc).
  • Page 60 Security Gateway Manual Netgate-8300 See also: IPv4 Configuration Types • Create a Gateway if this is a static IP address WAN: – Click Add a New Gateway – Configure the gateway as follows: Default Check if this new WAN should be the default gateway.
  • Page 61 Security Gateway Manual Netgate-8300 2.6.4 Outbound NAT For clients on local interfaces to reach the Internet from private addresses to destinations through this WAN, the firewall must apply Outbound NAT on traffic leaving this new WAN. • Navigate to Firewall > NAT, Outbound tab •...
  • Page 62: Firewall Rules

    Security Gateway Manual Netgate-8300 2.6.5 Firewall Rules By default there are no rules on the new interface, so the firewall will block all traffic. This is ideal for a WAN, so is safe to leave as-is. Adding services on the new WAN, such as VPNs, may require rules but those should be handled on a case-by-case basis.
  • Page 63 Security Gateway Manual Netgate-8300 Note: Rules using this group enable connection-based load balancing, not per-packet load balancing. Rules using this group will also have failover style behavior as WANs which are down are removed from load balancing. • Click Save •...
  • Page 64 Security Gateway Manual Netgate-8300 Note: If the gateway drop-down does not appear next to each DNS server, then the firewall does not have more than one gateway configured for any address family. Double check the gateway settings for all WAN interfaces.
  • Page 65: Dynamic Dns

    Security Gateway Manual Netgate-8300 Destination The other local subnet, VPN network, or an alias of such networks. Description Pass to local and VPN networks Do not set a gateway on this rule. • Click Save • Click Apply Changes 2.6.9 Dynamic DNS Dynamic DNS provides several benefits for multiple WANs, particularly with VPNs.
  • Page 66 Security Gateway Manual Netgate-8300 2.7 Configuring an OPT interface as an additional LAN This guide configures an OPT port as an additional LAN type interface. These local interfaces can perform a variety of tasks, such as being a guest network, DMZ, IOT isolation, wireless segment, lab network, and more.
  • Page 67: Dhcp Server

    Security Gateway Manual Netgate-8300 The newly assigned interface will have its own entry under the Interfaces menu and elsewhere in the GUI. 2.7.3 Interface Configuration The new interface must be enabled and configured. • Navigate to Interfaces > OPTx • Check Enable interface •...
  • Page 68 Security Gateway Manual Netgate-8300 2.7.5 Outbound NAT For clients on this interface to reach the Internet from private addresses, the firewall must apply Outbound NAT for the new subnet. • Navigate to Firewall > NAT, Outbound tab • Check the current outbound NAT mode and follow the section below which matches the mode.
  • Page 69 Security Gateway Manual Netgate-8300 2.7.6 Firewall Rules By default there are no firewall rules on the new interface, so the firewall will block all traffic. This is not ideal for a LAN as generally speaking, the clients on this LAN will need to contact hosts through the firewall.
  • Page 70 Security Gateway Manual Netgate-8300 Create a Private Networks Alias Create an alias using all RFC 1918 networks (listed in the example below) or at least an alias containing the local/private networks on this firewall, such as VPNs. Using all RFC 1918 networks is a safer practice.
  • Page 71 Security Gateway Manual Netgate-8300 If clients are configured to query DNS servers other than this firewall, create rules using those as the destination instead. Destination Port Range Select the DNS (53) entry or choose Other and manually enter 53 To allow DNS over TLS, create a separate rule using the DNS over TLS entry or manually enter port 853.
  • Page 72 Security Gateway Manual Netgate-8300 Reject Other Firewall-bound Traffic Add rule to reject any other traffic to the firewall to ensure users on this interface cannot connect to management services such as the GUI, SSH, and so on. • Click to add a new rule at the bottom of the list.
  • Page 73: Apply Changes

    Security Gateway Manual Netgate-8300 Allow Other Traffic Add rule to allow traffic from this interface network to any other destination, which enables clients on this interface to reach the Internet and/or other remote public networks. • Click to add a new rule at the bottom of the list.
  • Page 74: Other Services

    2.8 Factory Reset Procedure This procedure performs a factory reset using the hardware reset button on the Netgate 8300. This button is located on the rear side of the unit toward the left end, between the power and console connectors and under the power button.
  • Page 75: Warnings And Precautions

    Netgate-8300 2.9 M.2 NVMe SSD Installation The Netgate® 8300 ships with one PCIe-based M.2 NVMe SSD. Optionally, a second PCIe-based M.2 NVMe drive can be installed as an upgrade. Note: This guide assumes a second disk is being added for redundancy via ZFS mirroring.
  • Page 76: Installation Procedure

    Installing the SSD requires removing the top of the case to expose the internal components. For safety, before opening the case, the Netgate 8300 must be completely disconnected from everything. This includes power, network cables, USB cables, serial console cables, and any other external cables or devices connected to the Netgate 8300. Danger: Reminder: •...
  • Page 77 Security Gateway Manual Netgate-8300 Fig. 20: Power switch (circled) in the off position © Copyright 2024 Rubicon Communications LLC...
  • Page 78 Security Gateway Manual Netgate-8300 Fig. 21: Power Supply Units with power receptacles circled and status LEDs indicated with arrows © Copyright 2024 Rubicon Communications LLC...
  • Page 79: Removing The Lid

    Security Gateway Manual Netgate-8300 5. Move the Netgate 8300 to a safe work location such as an anti-static mat Removing the Lid The next portion of the procedure involves opening the device and removing the lid. Danger: Reminder: • Anti-static protection must be used throughout this procedure.
  • Page 80 Security Gateway Manual Netgate-8300 Fig. 23: Screw on the rear side of the unit at the left top corner, indicated with an arrow. © Copyright 2024 Rubicon Communications LLC...
  • Page 81 Security Gateway Manual Netgate-8300 Fig. 24: Screw on the rear side of the unit at the right top corner, indicated with an arrow. © Copyright 2024 Rubicon Communications LLC...
  • Page 82 Security Gateway Manual Netgate-8300 Fig. 25: Sliding back the top cover away from the front panel © Copyright 2024 Rubicon Communications LLC...
  • Page 83 Security Gateway Manual Netgate-8300 Fig. 26: Top cover in position to be lifted off © Copyright 2024 Rubicon Communications LLC...
  • Page 84 Security Gateway Manual Netgate-8300 1. Remove the screw retaining the side of the fan duct nearest to the PSU cages using the Phillips head screwdriver. Fig. 27: Screw holding the fan duct in place, indicated with an arrow 2. Gently lift the side of the fan duct up and out of the way...
  • Page 85 Security Gateway Manual Netgate-8300 Fig. 28: Fan duct lifted out of the way to access the M.2 NVMe riser © Copyright 2024 Rubicon Communications LLC...
  • Page 86: Install The Ssd

    Security Gateway Manual Netgate-8300 Remove the M.2 NVMe Riser Card The M.2 NVMe drives are located on a riser card near the PSU cages. This card must be removed to safely access the SSDs. Danger: Reminder: • Anti-static protection must be used throughout this procedure.
  • Page 87 Security Gateway Manual Netgate-8300 Fig. 31: M.2 NVMe riser card slot 1 with the stock SSD installed Fig. 32: M.2 NVMe riser card slot 2 (empty) and add-on M.2 NVMe SSD before install © Copyright 2024 Rubicon Communications LLC...
  • Page 88 Security Gateway Manual Netgate-8300 Note: As mentioned earlier in this document, the Netgate 8300 currently supports M.2 B+M-Key or M-Key PCIe NVMe SSDs in 2280 or 2242 sizes. 2. Move the retainer clip to match the SSD size being installed.
  • Page 89 Security Gateway Manual Netgate-8300 Fig. 34: Close-up view of the M.2 retaining clip for slot 2 with the SSD secured © Copyright 2024 Rubicon Communications LLC...
  • Page 90 Reconnect The device is now ready to be put back into its former location. 1. Mount the Netgate 8300 in the rack 2. Plug in all network cables, USB cables and devices, serial console connections, etc. 3. Insert the USB memstick containing the installation media 4.
  • Page 91 Security Gateway Manual Netgate-8300 Fig. 35: Replacing the M.2 riser card © Copyright 2024 Rubicon Communications LLC...
  • Page 92 Security Gateway Manual Netgate-8300 Fig. 36: M.2 riser card with two SSDs and riser clips in the closed position © Copyright 2024 Rubicon Communications LLC...
  • Page 93 Security Gateway Manual Netgate-8300 Fig. 37: Top cover in position to be replaced © Copyright 2024 Rubicon Communications LLC...
  • Page 94 Security Gateway Manual Netgate-8300 Fig. 38: Slide the top cover back toward the front panel © Copyright 2024 Rubicon Communications LLC...
  • Page 95 Security Gateway Manual Netgate-8300 Fig. 39: Screw on the rear side of the unit at the left top corner, indicated with an arrow. © Copyright 2024 Rubicon Communications LLC...
  • Page 96 Security Gateway Manual Netgate-8300 Fig. 40: Screw on the rear side of the unit at the right top corner, indicated with an arrow. © Copyright 2024 Rubicon Communications LLC...
  • Page 97 Security Gateway Manual Netgate-8300 Fig. 41: Screws on the top of the cover at the front of the unit, indicated with arrows Fig. 42: Power Supply Units with power receptacles circled and status LEDs indicated with arrows © Copyright 2024 Rubicon Communications LLC...
  • Page 98: Restore The Configuration

    Re-arm the Chassis Intrusion Switch sensor. 2.10 Add-On Expansion Card Installation The Netgate® 8300 has two expansion card slots available for additional devices such as 25 Gbit/s or 100 Gbit/s network interface cards. The two expansion card slots have the following capabilities: •...
  • Page 99 Installing add-on expansion cards in the Netgate 8300 requires the following tools and hardware: • Phillips screwdriver • Anti-static grounding strap and anti-static mat for handling bare components and the 8300 system • Compatible expansion card © Copyright 2024 Rubicon Communications LLC...
  • Page 100 Installing an add-on expansion card requires removing the top of the case to expose the internal components. For safety, before opening the case, the Netgate 8300 must be completely disconnected from everything. This includes power, network cables, USB cables, serial console cables, and any other external cables or devices connected to the Netgate 8300.
  • Page 101 Security Gateway Manual Netgate-8300 Fig. 43: Power switch (circled) in the off position © Copyright 2024 Rubicon Communications LLC...
  • Page 102 Security Gateway Manual Netgate-8300 Fig. 44: Power Supply Units with power receptacles circled and status LEDs indicated with arrows Fig. 45: Screws on the top of the cover at the front of the unit, indicated with arrows © Copyright 2024 Rubicon Communications LLC...
  • Page 103 Security Gateway Manual Netgate-8300 2. Remove the screw from the rear side of the unit at the top left corner using the Phillips head screwdriver. Fig. 46: Screw on the rear side of the unit at the left top corner, indicated with an arrow.
  • Page 104 Security Gateway Manual Netgate-8300 Fig. 47: Screw on the rear side of the unit at the right top corner, indicated with an arrow. © Copyright 2024 Rubicon Communications LLC...
  • Page 105 Security Gateway Manual Netgate-8300 Fig. 48: Sliding back the top cover away from the front panel © Copyright 2024 Rubicon Communications LLC...
  • Page 106 Security Gateway Manual Netgate-8300 Fig. 49: Top cover in position to be lifted off © Copyright 2024 Rubicon Communications LLC...
  • Page 107 Security Gateway Manual Netgate-8300 Note: These screws are captive and will not fully remove from the riser assembly. It is sufficient to loosen the screws until they no longer attach the riser assembly to the motherboard. This may be felt as a soft “click” when the screw is freely rotating and the threads are not engaged.
  • Page 108 Security Gateway Manual Netgate-8300 Fig. 51: Location of the riser assembly retaining screw on the front of the unit indicated with a red circle Fig. 52: Lift the riser assembly from the rear to remove it from the riser slot on the motherboard...
  • Page 109 Security Gateway Manual Netgate-8300 Fig. 53: Lift and rotate the riser assembly from the front as indicated by the red arrow to remove it from the chassis © Copyright 2024 Rubicon Communications LLC...
  • Page 110 Security Gateway Manual Netgate-8300 Install the Add-on Expansion Card With the riser assembly removed, it is time to install the add-on expansion card. Danger: Reminder: • Anti-static protection must be used throughout this procedure. • Any hardware damage incurred during this procedure is not covered by the hardware warranty.
  • Page 111 Security Gateway Manual Netgate-8300 Fig. 55: Location of the low profile add-on expansion card slot retaining screw indicated with a red circle © Copyright 2024 Rubicon Communications LLC...
  • Page 112 Security Gateway Manual Netgate-8300 Fig. 56: Location of the full height add-on expansion card slot retaining screw indicated with a red circle Fig. 57: Slide the expansion slot cover away from the center of the riser assembly © Copyright 2024 Rubicon Communications LLC...
  • Page 113 Security Gateway Manual Netgate-8300 Fig. 58: Remove the expansion slot cover once it is free from the expansion slot The rear of the socket has a retention clip to hold the card in place which should be engaged once the card is fully...
  • Page 114 Security Gateway Manual Netgate-8300 Fig. 59: Installing an add-on network interface card into an expansion slot © Copyright 2024 Rubicon Communications LLC...
  • Page 115 Security Gateway Manual Netgate-8300 Fig. 60: Expansion card slot retention clip holding a card in place © Copyright 2024 Rubicon Communications LLC...
  • Page 116 Security Gateway Manual Netgate-8300 Fig. 61: Expansion card aligned with the riser assembly and retention screw hole © Copyright 2024 Rubicon Communications LLC...
  • Page 117 Security Gateway Manual Netgate-8300 Fig. 62: Expansion card fastened in the riser assembly using the retention screw © Copyright 2024 Rubicon Communications LLC...
  • Page 118 Security Gateway Manual Netgate-8300 Fig. 63: Rotate and replace the riser assembly from the front in the opposite direction indicated by the red arrow © Copyright 2024 Rubicon Communications LLC...
  • Page 119 Security Gateway Manual Netgate-8300 Fig. 64: Re-seat the riser assembly in the the riser slot from the rear of the motherboard in the opposite of the direction indicated by the red arrow Fig. 65: Location of the riser assembly retaining screw on the front of the unit indicated with a red circle...
  • Page 120 Security Gateway Manual Netgate-8300 Fig. 66: Location of the captive riser assembly retaining screws indicated with red circles © Copyright 2024 Rubicon Communications LLC...
  • Page 121 Security Gateway Manual Netgate-8300 Replacing and Fastening the Lid With the internal components all in place, the next step is to replace the lid and all its fasteners. Danger: Reminder: • Anti-static protection must be used throughout this procedure. • Any hardware damage incurred during this procedure is not covered by the hardware warranty.
  • Page 122 Security Gateway Manual Netgate-8300 Fig. 68: Slide the top cover back toward the front panel © Copyright 2024 Rubicon Communications LLC...
  • Page 123 Security Gateway Manual Netgate-8300 Fig. 69: Screw on the rear side of the unit at the left top corner, indicated with an arrow. © Copyright 2024 Rubicon Communications LLC...
  • Page 124 Security Gateway Manual Netgate-8300 Fig. 70: Screw on the rear side of the unit at the right top corner, indicated with an arrow. © Copyright 2024 Rubicon Communications LLC...
  • Page 125 Reconnect The device is now ready to be put back into its former location. 1. Mount the Netgate 8300 in the rack 2. Plug in all network cables, USB cables and devices, serial console connections, etc. 3. Insert the USB memstick containing the installation media 4.
  • Page 126 Security Gateway Manual Netgate-8300 Fig. 72: Power Supply Units with power receptacles circled and status LEDs indicated with arrows © Copyright 2024 Rubicon Communications LLC...
  • Page 127 Security Gateway Manual Netgate-8300 See also: for details. Networking Ports If the device has an existing configuration which must be adjusted to match the new interface layout, then the ports must be reassigned manually. Since GUI access is likely broken by the interfaces being moved, this may need to be performed at the console.
  • Page 128: Additional Resources

    Netgate training has got you covered. https://www.netgate.com/training 3.1.2 Resource Library To learn more about how to use Netgate appliances and for other helpful resources, make sure to browse the Netgate Resource Library. https://www.netgate.com/resources 3.1.3 Professional Services Support does not cover more complex tasks such as CARP configuration for redundancy on multiple firewalls or circuits, ®...
  • Page 129: Warranty And Support

    Security Gateway Manual Netgate-8300 3.2 Warranty and Support • One year manufacturer’s warranty. • Please contact Netgate for warranty information or view the Product Lifecycle page. • All Specifications subject to change without notice For support information, view support plans offered by Netgate.
Save PDF