EasyManuals Logo

Netgate SG-3100 User Manual

Netgate SG-3100
65 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #55 background imageLoading...
Page #55 background image
Security Gateway Manual SG-3100
2.5.10 VPN Considerations
IPsec can use a gateway group as an as interface, but needs a dynamic DNS hostname as companion. The remote peer
would need to use the Dynamic DNS hostname as the peer address of this firewall instead of an IP address. Because
this relies on DNS, failover can be slow.
WireGuard does not bind to an interface, but can work with Multi-WAN. It will respond from WAN2 if client contacts
WAN2, but when initiating it will always use the current default gateway. Static routes can nudge traffic for a specific
peer out a specific WAN.
OpenVPN can use a gateway group as an interface for clients or servers. Client behavior is OK and should match
default failover behavior configured on the group. For servers it is better to bind the server to localhost and use port
forwards from each WAN to localhost. Remote clients can then have multiple remote entries and contact each WAN
as needed at any time.
2.5.11 Testing
Methods for testing depend on the type of WANs and gateway groups in use.
For most WANs, a better test is to unplug the upstream connection from the CPE. This more accurately simu-
lates a typical type of upstream connectivity failure. Do not power off the CPE or unplug the connection between
the firewall and the CPE. While this may work, it’s a much less common scenario and can behave differently.
For testing load balancing, use cURL or multiple browsers/sessions when checking the IP address multiple
times. Refreshing the same browser window will reuse a connection to the server and is not helpful for testing
connection-based load balancing.
2.6 Configuring an OPT interface as an additional LAN
Note: The default configuration of the Netgate 3100 includes one assigned OPT port which is separate from the
switch. The switch ports may also be configured as additional discrete OPT ports, see Switch Overview for details.
This guide configures an OPT port as an additional LAN type interface. These local interfaces can perform a variety
of tasks, such as being a guest network, DMZ, IOT isolation, wireless segment, lab network, and more.
Configuring an additional LAN
Requirements
Assign the Interface
Interface Configuration
DHCP Server
Outbound NAT
Firewall Rules
Open
Isolated
Other Services
© Copyright 2022 Rubicon Communications LLC 53

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Netgate SG-3100 and is the answer not in the manual?

Netgate SG-3100 Specifications

General IconGeneral
Storage8 GB eMMC
WAN Ports1x 1GbE
LAN Ports3x 1GbE
Power Input12V DC
Network Interfaces5x 1GbE
Operating SystempfSense
Weight2.2 lbs (1 kg)
Serial Port1x RJ45
Power Supply12V DC
RAM2 GB DDR3L
Dimensions8.5 x 6.5 x 1.75 in (216 x 165 x 44.5 mm)

Related product manuals