Netgate 5100 User manual
Product Manual
TNSR 19.02
Netgate
Aug 25, 2022
Product Manual, TNSR 19.02
TNSR software is available pre-installed on Netgate hardware or as a Bare Metal Image (BMI) for use on Commercial
Off the Self (COTS) hardware or in virtual environments. For quotes, updates, and more information about TNSR,
please visit tnsr.com or contact TNSR sales.
General System Requirements
• 64-bit x86 processor with SSE4.2 extensions
• Minimum of 4GB RAM for basic routing functionality
RAM requirements increase significantly if the installation will need to handle large volumes of connections,
large volumes of routing data (e.g. full BGP feeds), or multiple worker threads.
See also:
See Memory Usage and Tuning for information on how to determine optimal memory sizes based on what the
router must handle.
• Minimum of 20GB Storage
• Minimum of two network interface ports, three network interface ports recommended (two for dataplane, one
for management)
• Option to disable Secure Boot if using UEFI, as it is incompatible with the TNSR dataplane
Compatibility
TNSR is a platform for high-speed packet processing, delivered as services that run on top of an operating system.
TNSR 21.11 and later are based on Ubuntu, currently the 20.04 LTS release for x86 processors. This platform has
been tested by Netgate, so that means most compatibility questions can be resolved by checking whether the hardware
can run Ubuntu Linux 20.04.
•Tested Platforms
•Untested Platforms
SOFTWARE DOCUMENTATION 1
CHAPTER
ONE
TESTED PLATFORMS
These systems and components have been tested extensively by Netgate and are known to work well with TNSR.
In addition to the support included with the TNSR license, Netgate warranty and technical support is available for
purchase for Netgate-branded appliances.
1.1 Netgate Appliances
•Netgate 5100
•Netgate 6100 MAX
•Netgate 1537-1U
•Netgate 1541-1U
1.1.1 Netgate 5100 Secure Router Manual
This Quick Start Guide covers the first time connection procedures for the Netgate 5100 Secure Router and also
provides information needed to stay up and running.
2
Product Manual, TNSR 19.02
Getting Started
Use the following steps to configure the TNSR Secure Router.
1. To configure the Network Interfaces and gaining access to the Internet, follow the instructions provided in the
Zero-to-Ping documentation.
Note: Not all steps in the Zero-to-Ping documentation will be necessary for every configuration scenario.
2. Once the Host OS is capable of reaching the Internet, check for updates (Updating TNSR) before proceeding.
This ensures the security and integrity of the router before TNSR interfaces are exposed to the Internet.
3. Finally, configure the TNSR instance to meet the specific use case. The topics are listed on the left column of
the TNSR Documentation site. There are also TNSR Configuration Example Recipes that might be of assistance
when configuring TNSR.
Input and Output Ports
Rear Side
Network Ports
Table 1: Netgate 5100 Network Interface Layout
Port Label Linux Label TNSR Label Port Type Port Speed
IGB0 enp3s0 GigabitEthernet3/0/0 RJ-45 1 Gbps
IGB1 enp4s0 GigabitEthernet4/0/0 RJ-45 1 Gbps
IX0 enp6s0f0 GigabitEthernet6/0/0 RJ-45 1 Gbps
IX1 enp6s0f1 GigabitEthernet6/0/1 RJ-45 1 Gbps
IX2 enp8s0f0 GigabitEthernet8/0/0 RJ-45 1 Gbps
IX3 enp8s0f1 GigabitEthernet8/0/1 RJ-45 1 Gbps
Note: Default Host OS Interface is enp3s0. The Host OS Interface is one network interface that is only available to
1.1. Netgate Appliances 3
Product Manual, TNSR 19.02
the host OS and not available in TNSR. Though technically optional, the best practice is to have one for accessing and
updating the host OS.
Status LED State Description
Left LED
(Link Status)
Solid Amber Link has been established and there
is no activity on this port
Blinking Amber Link has been established and there
is activity on this port
Off No link has been established
Right LED
(Speed)
Solid Green Operating as a 100 Mbps connection
Blinking Amber Operating as a Gigabit connection
(1000 Mbps)
Off No link has been established
Other Ports and Indicators
• Console (Mini-USB)
• Status LEDs
• 2x USB 3.0
Front Side
1. Receessed Reset Button
2. Power Button
3. Power (12VDC with threaded locking connector)
Center Pin Positive
Note: The power button on the Netgate 5100 has been programmed to perform a graceful shutdown when depressed.
1.1. Netgate Appliances 4
Product Manual, TNSR 19.02
Connecting to the Console Port
This guide shows how to access the serial console which can be used for troubleshooting and diagnostics tasks as well
as some basic configuration.
There are times when directly accessing the console is required. Perhaps GUI or SSH access has been locked out, or
the password has been lost or forgotten.
Install the Driver
AProlific PL2303 USB-to-UART Bridge driver is used to provide access to the console, which is exposed via the
USB Mini-B (5-pin) port on the appliance.
If needed, install an appropriate Prolific PL2303 USB to UART Bridge driver on the workstation used to connect
with the device.
Windows
There are drivers available for Windows available for download.
macOS
There are drivers available for macOS available for download.
Linux
There are drivers available for Linux available for download.
FreeBSD
Connect a USB Cable
Next, locate an appropriate USB cable that has a USB Mini-B (5-pin) connector on one end and a regular USB Type
Aplug on the other end. These cables are commonly used with smaller USB peripherals such as GPS units, cameras,
and so on.
Gently push the USB Mini-B (5-pin) plug end into the console port on the appliance and connect the USB Type A
plug into an available USB port on the workstation.
Tip: Be certain to gently push in the USB Mini-B (5-pin) connector on the device side completely. With most cables
there will be a tangible “click”, “snap”, or similar indication when the cable is fully engaged.
Apply Power to the Device
On some devices when using a USB serial console port the serial port will not appear on the client operating system
until the device is plugged into a power source.
If the client OS does not see the serial device, connect the power cord to the device to allow it to start booting.
If the device appears without power, then better to wait until the terminal is open before connecting power so the client
can view the entire boot output.
1.1. Netgate Appliances 5
Product Manual, TNSR 19.02
Locate the Console Port Device
The appropriate console port device that the workstation assigned as the serial port must be located before attempting
to connect to the console.
Note: Even if the serial port was assigned in the BIOS, the workstation OS may remap it to a different COM Port.
Windows
To locate the device name on Windows, open Device Manager and expand the section for Ports (COM & LPT).
Look for an entry with a title such as Prolific USB-to-Serial Comm Port. If there is a label in the name that contains
“COMX” where X is a decimal digit (e.g. COM3), that value is what would be used as the port in the terminal program.
macOS
The device associated with the system console is likely to show up as, or start with, /dev/cu.usbserial-<id>.
Run ls -l /dev/cu.*from a Terminal prompt to see a list of available USB serial devices and locate the ap-
propriate one for the hardware. If there are multiple devices, the correct device is likely the one with the most recent
timestamp or highest ID.
Linux
The device associated with the system console is likely to show up as /dev/ttyUSB0. Look for messages about the
device attaching in the system log files or by running dmesg.
Note: If the device does not appear in /dev/, see the note above in the driver section about manually loading the
1.1. Netgate Appliances 6
Product Manual, TNSR 19.02
Linux driver and then try again.
FreeBSD
The device associated with the system console is likely to show up as /dev/cuaU0. Look for messages about the
device attaching in the system log files or by running dmesg.
Note: If the serial device is not present, ensure the device has power and then check again.
Launch a Terminal Program
Use a terminal program to connect to the system console port. Some choices of terminal programs:
Windows
For Windows the best practice is to run PuTTY in Windows or SecureCRT. An example of how to configure PuTTY is
below.
Warning: Do not use Hyperterminal.
macOS
For macOS the best practice is to run GNU screen, or cu. An example of how to configure GNU screen is below.
Linux
For Linux the best practices are to run GNU screen,PuTTY in Linux,minicom, or dterm. Examples of how to
configure PuTTY and GNU screen are below.
FreeBSD
For FreeBSD the best practice is to run GNU screen or cu. An example of how to configure GNU screen is
below.
Client-Specific Examples
PuTTY in Windows
• Open PuTTY and select Session under Category on the left hand side.
• Set the Connection type to Serial
• Set Serial line to the console port determined previously
• Set the Speed to 115200 bits per second.
• Click the Open button
PuTTY will then display the console.
1.1. Netgate Appliances 7
Product Manual, TNSR 19.02
Fig. 1: An example of using PuTTY in Windows
1.1. Netgate Appliances 8
Product Manual, TNSR 19.02
PuTTY in Linux
• Open PuTTY from a terminal by typing sudo putty
Note: The sudo command will prompt for the local workstation password of the current account.
• Set the Connection type to Serial
• Set Serial line to /dev/ttyUSB0
• Set the Speed to 115200 bits per second
• Click the Open button
PuTTY will then display the console.
Fig. 2: An example of using PuTTY in Linux
GNU screen
In many cases screen may be invoked simply by using the proper command line, where <console-port> is the
console port that was located above.
$sudo screen <console-port> 115200
Note: The sudo command will prompt for the local workstation password of the current account.
1.1. Netgate Appliances 9
Product Manual, TNSR 19.02
If portions of the text are unreadable but appear to be properly formatted, the most likely culprit is a character encoding
mismatch in the terminal. Adding the -U parameter to the screen command line arguments forces it to use UTF-8
for character encoding:
$sudo screen -U <console-port> 115200
Terminal Settings
The settings to use within the terminal program are:
Speed 115200 baud, the speed of the BIOS
Data bits 8
Parity None
Stop bits 1
Flow Control Off or XON/OFF.
Warning: Hardware flow control (RTS/CTS) must be disabled.
What’s Next?
After connecting a terminal client, it may not immediately see any output. This could be because the device has already
finished booting or it may be that the device is waiting for some other input.
If the device does not yet have power applied, plug it in and monitor the terminal output.
If the device is already powered on, try pressing Space. If there is still no output, press Enter. If the device was
booted, it should redisplay the login prompt or produce other output indicating its status.
Troubleshooting
Serial Device Missing
With a USB serial console there are a few reasons why the serial port may not be present in the client operating system,
including:
No Power Some models require power before the client can connect to the USB serial console.
USB Cable Not Plugged In For USB consoles, the USB cable may not be fully engaged on both ends. Gently, but
firmly, ensure the cable has a good connection on both sides.
Bad USB Cable Some USB cables are not suitable for use as data cables. For example, some cables are only capable
of delivering power for charging devices and not acting as data cables. Others may be of low quality or have
poor or worn connectors.
The ideal cable to use is the one that came with the device. Failing that, ensure the cable is of the correct type
and specifications, and try multiple cables.
Wrong Device In some cases there may be multiple serial devices available. Ensure the one used by the serial client
is the correct one. Some devices expose multiple ports, so using the incorrect port may lead to no output or
unexpected output.
1.1. Netgate Appliances 10
Product Manual, TNSR 19.02
Hardware Failure There could be a hardware failure preventing the serial console from working. Contact Netgate
TAC for assistance.
No Serial Output
If there is no output at all, check the following items:
USB Cable Not Plugged In For USB consoles, the USB cable may not be fully engaged on both ends. Gently, but
firmly, ensure the cable has a good connection on both sides.
Wrong Device In some cases there may be multiple serial devices available. Ensure the one used by the serial client
is the correct one. Some devices expose multiple ports, so using the incorrect port may lead to no output or
unexpected output.
Wrong Terminal Settings Ensure the terminal program is configured for the correct speed. The default BIOS speed
is 115200, and many other modern operating systems use that speed as well.
Some older operating systems or custom configurations may use slower speeds such as 9600 or 38400.
Device OS Serial Console Settings Ensure the operating system is configured for the proper console (e.g. ttyS1 in
Linux). Consult the various operating install guides on this site for further information.
PuTTY has issues with line drawing
PuTTY generally handles most cases OK but can have issues with line drawing characters on certain platforms.
These settings seem to work best (tested on Windows):
Window
Columns x Rows 80x24
Window > Appearance
Font Courier New 10pt or Consolas 10pt
Window > Translation
Remote Character Set Use font encoding or UTF-8
Handling of line drawing characters Use font in both ANSI and OEM modes or Use
Unicode line drawing code points
Window > Colours
Indicate bolded text by changing The colour
Garbled Serial Output
If the serial output appears to be garbled, binary, or random characters check the following items:
Terminal Speed Ensure the terminal program is configured for the correct speed. (See No Serial Output)
Character Encoding Ensure the terminal program is configured for the proper character encoding, such as UTF-8 or
Latin-1, depending on the operating system. (See GNU Screen)
1.1. Netgate Appliances 11
Product Manual, TNSR 19.02
Serial Output Stops After the BIOS
If serial output is shown for the BIOS but stops afterward, check the following items:
Terminal Speed Ensure the terminal program is configured for the correct speed for the installed operating system.
(See No Serial Output)
Device OS Serial Console Settings Ensure the installed operating system is configured to activate the serial console
and that it is configured for the proper console (e.g. ttyS1 in Linux). Consult the various operating install
guides on this site for further information.
Bootable Media If booting from a USB flash drive, ensure that the drive was written correctly and contains a bootable
operating system image.
Additional Resources
Professional Services
Support does not cover more complex tasks such as network design and conversion from other firewalls. These items
are offered as professional services and can be purchased and scheduled accordingly.
https://www.netgate.com/our-services/professional-services.html
Netgate Training
Netgate training offers training courses for increasing your knowledge of Netgate products and services. Whether
you need to maintain or improve the security skills of your staff or offer highly specialized support and improve your
customer satisfaction; Netgate training has got you covered.
https://www.netgate.com/training/
Resource Library
To learn more about how to use your Netgate appliance and for other helpful resources, make sure to browse our
Resource Library.
https://www.netgate.com/resources/
Warranty and Support
• One year manufacturer’s warranty.
• Please contact Netgate for warranty information or view the Product Lifecycle page.
• All Specifications subject to change without notice.
Enterprise Support is included with an active software subscription, for more information view the Netgate Global
Support page.
See also:
For more information on how to use pfSense® software, see the TNSR Documentation and Resource Library.
1.1. Netgate Appliances 12
Product Manual, TNSR 19.02
1.1.2 Netgate 6100 MAX Secure Router Manual
This Quick Start Guide covers the first time connection procedures for the Netgate 6100 MAX Secure Router and also
provides information needed to stay up and running.
Getting Started
Use the following steps to configure the TNSR Secure Router.
1. To configure the Network Interfaces and gaining access to the Internet, follow the instructions provided in the
Zero-to-Ping documentation.
Note: Not all steps in the Zero-to-Ping documentation will be necessary for every configuration scenario.
2. Once the Host OS is capable of reaching the Internet, check for updates (Updating TNSR) before proceeding.
This ensures the security and integrity of the router before TNSR interfaces are exposed to the Internet.
3. Finally, configure the TNSR instance to meet the specific use case. The topics are listed on the left column of
the TNSR Documentation site. There are also TNSR Configuration Example Recipes that might be of assistance
when configuring TNSR.
Input and Output Ports
Networking Ports
The WAN1 and WAN2 Combo-Ports are shared ports. Each has an RJ-45 port and an SFP port. Only the RJ-45 or the
SFP connector can be used each port.
Note: Each port, WAN1 and WAN2, is descrete and individual. It is possible to use the RJ-45 connector on one port
and the SFP connector on the other.
1.1. Netgate Appliances 13
Product Manual, TNSR 19.02
Fig. 3: Rear view of the Netgate 6100 MAX Secure Router
The numbered labels in this image rerfer to entries in Networking Ports and Other Ports.
Table 2: Netgate 6100 Network Interface Layout
Port Label Linux Label TNSR Label Port Type Port Speed
WAN1 enp2s0f1 GigabitEthernet2/0/1 RJ-45/SFP 1 Gbps
WAN2 enp2s0f0 GigabitEthernet2/0/0 RJ-45/SFP 1 Gbps
WAN3 enp3s0f0 TenGigabitEthernet3/0/0 SFP 1/10 Gbps
WAN4 enp3s0f1 TenGigabitEthernet3/0/1 SFP 1/10 Gbps
LAN1 enp4s0 TwoDotFiveGigabitEthernet4/0/0 RJ-45 2.5 Gbps
LAN2 enp5s0 TwoDotFiveGigabitEthernet5/0/0 RJ-45 2.5 Gbps
LAN3 enp6s0 TwoDotFiveGigabitEthernet6/0/0 RJ-45 2.5 Gbps
LAN4 enp7s0 TwoDotFiveGigabitEthernet7/0/0 RJ-45 2.5 Gbps
Note: Default Host OS Interface is enp2s0f0. The Host OS Interface is one network interface that is only available
to the host OS and not available in TNSR. Though technically optional, the best practice is to have one for accessing
and updating the host OS.
SFP+ Ethernet Ports
WAN3 and WAN4 are discrete ports, each with dedicated 10 Gbps back to the Intel SoC.
Warning: The built-in SFP interfaces on C3000 systems do not support modules utilizing copper Ethernet con-
nectors (RJ45). As such, copper SFP/SFP+ modules are not supported on this platform.
Note: Intel notes the following additional limitations on these interfaces:
Devices based on the Intel(R) Ethernet Connection X552 and Intel(R) Ethernet Connection X553 do not support the
following features:
• Energy Efficient Ethernet (EEE)
• Intel PROSet for Windows Device Manager
• Intel ANS teams or VLANs (LBFO is supported)
1.1. Netgate Appliances 14
Product Manual, TNSR 19.02
• Fibre Channel over Ethernet (FCoE)
• Data Center Bridging (DCB)
• IPSec Offloading
• MACSec Offloading
In addition, SFP+ devices based on the Intel(R) Ethernet Connection X552 and Intel(R) Ethernet Connection X553 do
not support the following features:
• Speed and duplex auto-negotiation.
• Wake on LAN
• 1000BASE-T SFP Modules
Other Ports
Port Description
1Serial Console
5 Power
• Clients can access the Serial Console using either the built in serial interface with a Micro-USB B cable or an
RJ45 “Cisco” style cable and separate serial adapter.
Note: Only one type of console connection will work at a time and the RJ45 console connection has priority.
If both ports are connected only the RJ45 console port will function.
• The Power connector is 12VDC with threaded locking connector. Power Consumption 20W (idle)
Front Side
Fig. 4: Front view of the Netgate 6100 Firewall Appliance
1.1. Netgate Appliances 15
Product Manual, TNSR 19.02
LED Patterns
Description LED Pattern
Standby Circle solid orange
Power On Circle solid blue
Left Side
Fig. 5: Left side view of the Netgate 6100 Firewall Appliance
The left side panel of the device (when facing the front) contains:
# Description Purpose
1 Reset Button (Recessed) No function on TNSR at this time
2 Power Button (Protruding) Short Press (Hold 3-5s) Graceful shutdown, Power on
Long Press (Hold 7-12s) Hard power cut to CPU
3 2x USB 3.0 Ports Connect USB Devices
Connecting to the Console Port
This guide shows how to access the serial console which can be used for troubleshooting and diagnostics tasks as well
as some basic configuration.
There are times when directly accessing the console is required. Perhaps GUI or SSH access has been locked out, or
the password has been lost or forgotten.
Install the Driver
ASilicon Labs CP210x USB-to-UART Bridge driver is used to provide access to the console, which is exposed via
the USB Micro-B (5-pin) port on the appliance.
If needed, install an appropriate Silicon Labs CP210x USB to UART Bridge driver on the workstation used to connect
with the device.
Windows
There are drivers available for Windows available for download.
macOS
1.1. Netgate Appliances 16
Product Manual, TNSR 19.02
There are drivers available for macOS available for download.
For macOS, choose the CP210x VCP Mac download.
Linux
There are drivers available for Linux available for download.
FreeBSD
Recent versions of FreeBSD include this driver and will not require manual installation.
Connect a USB Cable
Next, locate an appropriate USB cable that has a USB Micro-B (5-pin) connector on one end and a regular USB Type
Aplug on the other end. These cables are commonly used with smaller USB peripherals such as GPS units, cameras,
and so on.
Gently push the USB Micro-B (5-pin) plug end into the console port on the appliance and connect the USB Type A
plug into an available USB port on the workstation.
Tip: Be certain to gently push in the USB Micro-B (5-pin) connector on the device side completely. With most
cables there will be a tangible “click”, “snap”, or similar indication when the cable is fully engaged.
Apply Power to the Device
On some devices when using a USB serial console port the serial port will not appear on the client operating system
until the device is plugged into a power source.
If the client OS does not see the serial device, connect the power cord to the device to allow it to start booting.
If the device appears without power, then better to wait until the terminal is open before connecting power so the client
can view the entire boot output.
Locate the Console Port Device
The appropriate console port device that the workstation assigned as the serial port must be located before attempting
to connect to the console.
Note: Even if the serial port was assigned in the BIOS, the workstation OS may remap it to a different COM Port.
Windows
To locate the device name on Windows, open Device Manager and expand the section for Ports (COM & LPT).
Look for an entry with a title such as Silicon Labs CP210x USB to UART Bridge. If there is a label in the name that
contains “COMX” where X is a decimal digit (e.g. COM3), that value is what would be used as the port in the terminal
program.
1.1. Netgate Appliances 17
Product Manual, TNSR 19.02
macOS
The device associated with the system console is likely to show up as, or start with, /dev/cu.usbserial-<id>.
Run ls -l /dev/cu.*from a Terminal prompt to see a list of available USB serial devices and locate the ap-
propriate one for the hardware. If there are multiple devices, the correct device is likely the one with the most recent
timestamp or highest ID.
Linux
The device associated with the system console is likely to show up as /dev/ttyUSB0. Look for messages about the
device attaching in the system log files or by running dmesg.
Note: If the device does not appear in /dev/, see the note above in the driver section about manually loading the
Linux driver and then try again.
FreeBSD
The device associated with the system console is likely to show up as /dev/cuaU0. Look for messages about the
device attaching in the system log files or by running dmesg.
Note: If the serial device is not present, ensure the device has power and then check again.
1.1. Netgate Appliances 18
This manual suits for next models
3
Table of contents
Other Netgate Network Router manuals
