Netgate XG-7100-1U User manual
Security Gateway Manual
XG-7100-1U
© Copyright 2020 Rubicon Communications LLC
Aug 21, 2020
Security Gateway Manual XG-7100-1U
This Quick Start Guide covers the first time connection procedures for the Netgate® XG-7100 1U Firewall Appliance
and will provide the information needed to keep the appliance up and running.
Tip: Before getting started, we recommend downloading the PDF version of the Product Manual as well as the PDF
version of the pfSense Book in the event that you get knocked offline.
© Copyright 2020 Rubicon Communications LLC 1
CHAPTER
ONE
OUT OF THE BOX
1.1 Getting Started
The basic firewall configuration begins with connecting the Netgate® appliance to the Internet. Neither the modem
nor the Netgate appliance should be powered on at this time.
Establishing a connection to an Internet Service Provider (ISP) starts with connecting one end of an Ethernet cable to
the WAN port (shown in the Input and Output Ports section) of the Netgate appliance.
Warning: The default LAN subnet on the firewall is 192.168.1.0/24. The same subnet cannot be used on
both WAN and LAN, so if the subnet on the WAN side of the firewall is also 192.168.1.0/24,disconnect the
WAN interface until the LAN interface has been renumbered to a different subnet.
The opposite end of the same Ethernet cable should be inserted in to the LAN port of the ISP-supplied modem. The
modem provided by the ISP might have multiple LAN ports. If so, they are usually numbered. For the purpose of this
installation, please select port 1.
The next step is to connect the LAN port (shown in the Input and Output Ports section) of the Netgate appliance to the
computer which will be used to access the firewall console.
Connect one end of the second Ethernet cable to the LAN port (shown in the Input and Output Ports section) of
the Netgate appliance. Connect the other end to the network connection on the computer. In order to access the
webConfigurator, the PC network interface must be set to use DHCP, or have a static IP set in the 192.168.1.x
subnet with a subnet mask of 255.255.255.0. Do not use 192.168.1.1, as this is the address of the firewall,
and will cause an IP conflict.
1.1.1 Initial Setup
The next step is to power up the modem and the firewall. Plug in the power supply to the power port (shown in the
Input and Output Ports section).
Once the modem and Netgate appliance are powered up, the next step is to power up the computer.
Once the Netgate appliance is booted, the attached computer should receive a 192.168.1.x IP address via DHCP
from the Netgate appliance.
2
Security Gateway Manual XG-7100-1U
1.1.2 Logging Into the Web Interface
Browse to https://192.168.1.1 to access the web interface. In some instances, the browser may respond with a message
indicating a problem with website security. Below is a typical example in Google Chrome. If this message or similar
message is encountered, it is safe to proceed.
At the login page enter the default pfSense password and username:
Username admin
Password pfsense
Click Login to continue
© Copyright 2020 Rubicon Communications LLC 3
Security Gateway Manual XG-7100-1U
1.1.3 Wizard
Upon successful login, the following is displayed.
1.1.4 Configuring Hostname, Domain Name and DNS Servers
1.1.5 Hostname
For Hostname, any desired name can be entered as it does not affect functionality of the firewall. Assigning a hostname
to the firewall will allow the GUI to be accessed by hostname as well as IP address.
For the purposes of this guide, use pfsense for the hostname. The default hostname, pfsense may be left un-
changed.
Once saved in the configuration, the GUI may be accessed by entering http://pfsense as well as http://192.168.1.1
1.1.6 Domain
If an existing DNS domain is in use within the local network (such as a Microsoft Active Directory domain), use that
domain here. This is the domain suffix assigned to DHCP clients, which should match the internal network.
For networks without any internal DNS domains, enter any desired domain name. The default localdomain is used
for the purposes of this tutorial.
© Copyright 2020 Rubicon Communications LLC 4
Security Gateway Manual XG-7100-1U
1.1.7 DNS Servers
The DNS server fields can be left blank if the DNS Resolver is used in non- forwarding mode, which is the default
behavior. The settings may also be left blank if the WAN connection is using DHCP, PPTP or PPPoE types of Internet
connections and the ISP automatically assigns DNS server IP addresses. When using a static IP on WAN, DNS server
IP addresses must be entered here for name resolution to function if the default DNS Resolver settings are not used.
DNS servers can be specified here even if they differ from the servers assigned by the ISP. Either enter the IP addresses
provided by the ISP, or consider using Google public DNS servers (8.8.8.8,8.8.4.4). Google DNS servers are
used for the purpose of this tutorial. Click Next after filling in the fields as appropriate.
1.1.8 Time Server Configuration
1.1.9 Time Server Synchronization
Setting time server synchronization is quite simple. We recommend using the default pfSense time server address,
which will randomly select an NTP server from a pool.
1.1.10 Setting Time Zone
Select an appropriate time zone for the location of the firewall. For purposes of this manual, the Timezone setting will
be set to America/Chicago for US Central time.
1.1.11 Configuring Wide Area Network (WAN) Type
The WAN interface type is the next to be configured. The IP address assigned to this section becomes the Public IP
address that this network will use to communicate with the Internet.
© Copyright 2020 Rubicon Communications LLC 5
Security Gateway Manual XG-7100-1U
This depicts the four possible WAN interface types. Static, DHCP, PPPoE and PPTP. One must be selected from the
drop-down list.
Further information from the ISP is required to proceed when selecting Static,PPPoE and PPTP such as login name
and password or as with static addresses, an IP address, subnet mask and gateway address.
DHCP is the most common type of interface for home cable modems. One dynamic IP address is issued from the
ISP DHCP server and will become the public IP address of the network behind this firewall. This address will change
periodically at the discretion of the ISP. Select DHCP as shown and proceed to the next section.
1.1.12 MAC Address
If replacing an existing firewall, the WAN MAC address of the old firewall may be entered here, if it can be determined.
This can help avoid issues involved in switching out firewalls, such as ARP caches, ISPs locking to single MAC
addresses, etc.
If the MAC address of the old firewall cannot be located, the impact is most likely insignificant. Power cycle the ISP
router and modem and the new MAC address will usually be able to get online. For some ISPs, it may be necessary to
call them when switching devices, or an activation process may be required.
1.1.13 Configuring MTU and MSS
MTU or Maximum Transmission Unit determines the largest protocol data unit that can be passed onwards. A 1500-
byte packet is the largest packet size allowed by Ethernet at the network layer and for the most part, the Internet so
leaving this field blank allows the system to default to 1500-byte packets. PPPoE is slightly smaller at 1492-bytes.
Leave this blank for a basic configuration.
© Copyright 2020 Rubicon Communications LLC 6
Security Gateway Manual XG-7100-1U
1.1.14 Configuring DHCP Hostname
Some ISPs specifically require a DHCP Hostname entry. Unless the ISP requires the setting, leave it blank.
1.1.15 Configuring PPPoE and PPTP Interfaces
Information added in these sections is assigned by the ISP. Configure these settings as directed by the ISP
© Copyright 2020 Rubicon Communications LLC 7
Security Gateway Manual XG-7100-1U
1.1.16 Block Private Networks and Bogons
When enabled, all private network traffic originating on the internet is blocked.
Private addresses are reserved for use on internal LANs and blocked from outside traffic so these address ranges may
be reused by all private networks.
The following inbound address Ranges are blocked by this firewall rule:
•10.0.0.1 to 10.255.255.255
•172.16.0.1 to 172.31.255.254
•192.168.0.1 to 192.168.255.254
•127.0.0.0/8
•100.64.0.0/10
•fc00::/7
Bogons are public IP addresses that have not yet been allocated, so they may typically also be safely blocked as they
should not be in active use.
Check Block RFC1918 Private Networks and Block Bogon Networks.
Click Next to continue.
1.1.17 Configuring LAN IP Address & Subnet Mask
© Copyright 2020 Rubicon Communications LLC 8
Security Gateway Manual XG-7100-1U
A static IP address of 192.168.1.1 and a subnet mask (CIDR) of 24 was chosen for this installation. If there are
no plans to connect this network to any other network via VPN, the 192.168.1.x default is sufficient.
Click Next to continue.
Note: If a Virtual Private Network (VPN) is configured to remote locations, choose a private IP address range more
obscure than the very common 192.168.1.0/24. IP addresses within the 172.16.0.0/12 RFC1918 private
address block are the least frequently used. We recommend selecting a block of addresses between 172.16.x.x
and 172.31.x.x for least likelihood of having VPN connectivity difficulties. An example of a conflict would be If
the local LAN is set to 192.168.1.x and a remote user is connected to a wireless hotspot using 192.168.1.x
(very common), the remote client won’t be able to communicate across the VPN to the local network.
1.1.18 Change Administrator Password
Select a new Administrator Password and enter it twice, then click Next to continue.
1.1.19 Save Changes
Click Reload to save configuration.
© Copyright 2020 Rubicon Communications LLC 9
Security Gateway Manual XG-7100-1U
1.1.20 Basic Firewall Configured
To proceed to the webConfigurator, make the selection as highlighted. The Dashboard display will follow.
1.1.21 Backing Up and Restoring
At this point, basic LAN and WAN interface configuration is complete. Before proceeding, backup the firewall con-
figuration. From the menu at the top of the page, browse to Diagnostics > Backup/Restore.
© Copyright 2020 Rubicon Communications LLC 10
Security Gateway Manual XG-7100-1U
Click Download Configuration and save a copy of the firewall configuration.
This configuration can be restored from the same screen by choosing the backup file under Restore configuration.
© Copyright 2020 Rubicon Communications LLC 11
Security Gateway Manual XG-7100-1U
1.1.22 Connecting to the Console
There are times when accessing the console is required. Perhaps GUI console access has been locked out, or the
password has been lost or forgotten.
See also:
Connecting to the Console Port Connect to the console. Cable is required.
Tip: To learn more about getting the most out of your Netgate appliance, sign up for a pfSense Training course or
browse our extensive Resource Library.
1.2 Initial Configuration
Plug the power cable into the power port (shown in the Input and Output Ports section) to turn on the Netgate®
Firewall. Allow 4 or 5 minutes to boot up completely.
Warning: If your DSL or Cable Modem has a default IP Address of 192.168.1.1, please disconnect the Ethernet
cable from the ETH1 port on your XG-7100 1U Netgate Security Gateway before proceeding. You will need to
change the default IP Address of the device during a later step in the configuration.
1. From the computer, log into the Web Interface
Open a web browser (Google Chrome in this example) and type in 192.168.1.1 on the address bar. Press
Enter.
Fig. 1: Enter the Default LAN IP Address
2. A warning message may appear. If this message or similar message is encountered, it is safe to proceed. Click
the Advanced Button and the click Proceed to 192.168.1.1 (unsafe) to continue.
3. At the Sign In page, enter the default pfSense username and password and click Next.
• Default Username: admin
• Default Password: pfsense
© Copyright 2020 Rubicon Communications LLC 12
Security Gateway Manual XG-7100-1U
Fig. 2: Click Advanced and then Proceed to 192.168.1.1 (unsafe)
1.2.1 The Setup Wizard
The following steps will step through the Setup Wizard for the initial configuration of the firewall.
Note: Ignore the warning to reset the ‘admin’ account password. One of the steps in the Setup Wizard is to change
the default password.
1. Click Next to start the Setup Wizard.
2. Click Next after you have read the information on Netgate Global Support.
3. On the General Information page, use the following as a guide to configure the firewall.
Hostname: Any desired name can be entered. For the purposes of this guide, the default hostname pfsense
is used.
Domain: The default localdomain is used for the purposes of this tutorial.
DNS Servers: For purposes of this setup guide, use the Google public DNS servers (8.8.8.8 and 8.8.4.4).
4. Use the following information for the Time Server Information page.
Time Server Hostname: Use the default pfSense time server address.
Timezone: Select the time zone for the location of the firewall. For this guide, the Timezone will be set to
America/Chicago for US Central time.
5. The WAN interface is the Public IP address the network will use to communicate with the Internet. Use the
following information for the WAN configuration page.
DHCP is the default and is the most common type of interface for home cable modems.
Default settings for the other items on this page should be acceptable for normal home users.
© Copyright 2020 Rubicon Communications LLC 13
Security Gateway Manual XG-7100-1U
Fig. 3: Click Next
Fig. 4: Type in the DNS Server information and Click Next
© Copyright 2020 Rubicon Communications LLC 14
Security Gateway Manual XG-7100-1U
Fig. 5: Change the Timezone and Click Next
Fig. 6: Default Settings Should be Acceptable. Click Next
© Copyright 2020 Rubicon Communications LLC 15
Security Gateway Manual XG-7100-1U
6. Configuring LAN IP Address & Subnet Mask. The default LAN IP address of 192.168.1.1 and subnet mask
of 24 is usually sufficient.
Tip: If your DSL or Cable Modem has a default IP Address of 192.168.1.1, change the IP Address of your
XG-7100 1U Netgate Security Gateway to a different subnet, such as 192.168.2.1 with a subnet mask of
24 to avoid an IP Address conflict.
7. Change the Admin Password. Enter the same password in both fields.
8. Click Reload to save the configuration.
9. After a few seconds, a message will indicate the Setup Wizard has completed. To proceed to the pfSense
dashboard, click Finish.
10. A final notification screen will appear stating that NO COMMERCIAL DISTRIBUTION. . . Click Accept
to continue to the pfSense dashboard.
Fig. 7: Read and Click Accept
If you unplugged the Ethernet cable at the beginning of this configuration, reconnect it to the ETH1 port now.
This completes the basic configuration for the Netgate appliance.
© Copyright 2020 Rubicon Communications LLC 16
Security Gateway Manual XG-7100-1U
1.3 pfSense Overview
This page provides an overview of the pfSense® dashboard and navigation. It also provides information on how to
perform frequent tasks such as backing up the pfSense software and connecting to the Netgate firewall console.
1.3.1 The Dashboard
pfSense software is highly configurable, all of which can be done through the dashboard. This orientation will help to
navigate and further configure the firewall.
Fig. 8: The pfSense Dashboard
Section 1 shows important system information such as the model, Serial Number, and Netgate Device ID for this
Netgate firewall.
Section 2 identifies what version of pfSense software is installed, and if an update is available.
Section 3 describes Netgate Service and Support.
Section 4 shows the various menu headings. Each menu heading has drop-down options for a wide range of configu-
ration choices.
© Copyright 2020 Rubicon Communications LLC 17
Security Gateway Manual XG-7100-1U
1.3.2 Re-running the Setup Wizard
To re-run the Setup Wizard, navigate to System -> Setup Wizard.
Fig. 9: Re-run the Setup Wizard
1.3.3 Backup and Restore
It is important to backup the firewall configuration prior to updating or making any configuration changes. From the
menu at the top of the page, browse to Diagnostics > Backup/Restore.
Fig. 10: Backup & Restore
Click Download configuration as XML and save a copy of the firewall configuration to the computer con-
nected to the Netgate firewall.
This backup (or any backup) can be restored from the same screen by choosing the backed up file under Restore
Configuration.
© Copyright 2020 Rubicon Communications LLC 18
Other manuals for XG-7100-1U
1
Other Netgate Gateway manuals
Netgate
Netgate SG-3100 User manual
Netgate
Netgate SG-2100 User manual
Netgate
Netgate SG-3100 User manual
Netgate
Netgate Netgate-2100 User manual
Netgate
Netgate SG-1100 User manual
Netgate
Netgate SG-5100 User manual
Netgate
Netgate FXS Series User manual
Netgate
Netgate Netgate-6100 User manual
Netgate
Netgate XG-1537 User manual
Netgate
Netgate SG-4860 User manual
