Netgate SG-5100 User manual
Secure Router Manual
SG-5100
© Copyright 2022 Rubicon Communications LLC
Aug 25, 2022
CHAPTER
ONE
GETTING STARTED
Use the following steps to configure the TNSR Secure Router.
1. To configure the Network Interfaces and gaining access to the Internet, follow the instructions provided in the
Zero-to-Ping documentation.
Note: Not all steps in the Zero-to-Ping documentation will be necessary for every configuration scenario.
2. Once the Host OS is capable of reaching the Internet, check for updates (Updating TNSR) before proceeding.
This ensures the security and integrity of the router before TNSR interfaces are exposed to the Internet.
3. Finally, configure the TNSR instance to meet the specific use case. The topics are listed on the left column of
the TNSR Documentation site. There are also TNSR Configuration Example Recipes that might be of assistance
when configuring TNSR.
2
CHAPTER
TWO
INPUT AND OUTPUT PORTS
2.1 Rear Side
2.2 Network Ports
Table 1: Netgate 5100 Network Interface Layout
Port Label Linux Label TNSR Label Port Type Port Speed
IGB0 enp3s0 GigabitEthernet3/0/0 RJ-45 1 Gbps
IGB1 enp4s0 GigabitEthernet4/0/0 RJ-45 1 Gbps
IX0 enp6s0f0 GigabitEthernet6/0/0 RJ-45 1 Gbps
IX1 enp6s0f1 GigabitEthernet6/0/1 RJ-45 1 Gbps
IX2 enp8s0f0 GigabitEthernet8/0/0 RJ-45 1 Gbps
IX3 enp8s0f1 GigabitEthernet8/0/1 RJ-45 1 Gbps
Note: Default Host OS Interface is enp3s0. The Host OS Interface is one network interface that is only available to
the host OS and not available in TNSR. Though technically optional, the best practice is to have one for accessing and
updating the host OS.
3
Secure Router Manual SG-5100
Status LED State Description
Left LED
(Link Status)
Solid Amber Link has been established and there
is no activity on this port
Blinking Amber Link has been established and there
is activity on this port
Off No link has been established
Right LED
(Speed)
Solid Green Operating as a 100 Mbps connection
Blinking Amber Operating as a Gigabit connection
(1000 Mbps)
Off No link has been established
2.3 Other Ports and Indicators
• Console (Mini-USB)
• Status LEDs
• 2x USB 3.0
2.4 Front Side
1. Receessed Reset Button
2. Power Button
3. Power (12VDC with threaded locking connector)
Center Pin Positive
Note: The power button on the Netgate 5100 has been programmed to perform a graceful shutdown when depressed.
© Copyright 2022 Rubicon Communications LLC 4
CHAPTER
THREE
CONNECTING TO THE CONSOLE PORT
This guide shows how to access the serial console which can be used for troubleshooting and diagnostics tasks as well
as some basic configuration.
There are times when directly accessing the console is required. Perhaps GUI or SSH access has been locked out, or
the password has been lost or forgotten.
3.1 Install the Driver
AProlific PL2303 USB-to-UART Bridge driver is used to provide access to the console, which is exposed via the
USB Mini-B (5-pin) port on the appliance.
If needed, install an appropriate Prolific PL2303 USB to UART Bridge driver on the workstation used to connect
with the device.
Windows
There are drivers available for Windows available for download.
macOS
There are drivers available for macOS available for download.
Linux
There are drivers available for Linux available for download.
FreeBSD
3.2 Connect a USB Cable
Next, locate an appropriate USB cable that has a USB Mini-B (5-pin) connector on one end and a regular USB Type
Aplug on the other end. These cables are commonly used with smaller USB peripherals such as GPS units, cameras,
and so on.
Gently push the USB Mini-B (5-pin) plug end into the console port on the appliance and connect the USB Type A
plug into an available USB port on the workstation.
Tip: Be certain to gently push in the USB Mini-B (5-pin) connector on the device side completely. With most cables
there will be a tangible “click”, “snap”, or similar indication when the cable is fully engaged.
5
Secure Router Manual SG-5100
3.3 Apply Power to the Device
On some devices when using a USB serial console port the serial port will not appear on the client operating system
until the device is plugged into a power source.
If the client OS does not see the serial device, connect the power cord to the device to allow it to start booting.
If the device appears without power, then better to wait until the terminal is open before connecting power so the client
can view the entire boot output.
3.4 Locate the Console Port Device
The appropriate console port device that the workstation assigned as the serial port must be located before attempting
to connect to the console.
Note: Even if the serial port was assigned in the BIOS, the workstation OS may remap it to a different COM Port.
Windows
To locate the device name on Windows, open Device Manager and expand the section for Ports (COM & LPT).
Look for an entry with a title such as Prolific USB-to-Serial Comm Port. If there is a label in the name that contains
“COMX” where X is a decimal digit (e.g. COM3), that value is what would be used as the port in the terminal program.
macOS
The device associated with the system console is likely to show up as, or start with, /dev/cu.usbserial-<id>.
© Copyright 2022 Rubicon Communications LLC 6
Secure Router Manual SG-5100
Run ls -l /dev/cu.*from a Terminal prompt to see a list of available USB serial devices and locate the ap-
propriate one for the hardware. If there are multiple devices, the correct device is likely the one with the most recent
timestamp or highest ID.
Linux
The device associated with the system console is likely to show up as /dev/ttyUSB0. Look for messages about the
device attaching in the system log files or by running dmesg.
Note: If the device does not appear in /dev/, see the note above in the driver section about manually loading the
Linux driver and then try again.
FreeBSD
The device associated with the system console is likely to show up as /dev/cuaU0. Look for messages about the
device attaching in the system log files or by running dmesg.
Note: If the serial device is not present, ensure the device has power and then check again.
3.5 Launch a Terminal Program
Use a terminal program to connect to the system console port. Some choices of terminal programs:
Windows
For Windows the best practice is to run PuTTY in Windows or SecureCRT. An example of how to configure PuTTY is
below.
Warning: Do not use Hyperterminal.
macOS
For macOS the best practice is to run GNU screen, or cu. An example of how to configure GNU screen is below.
Linux
For Linux the best practices are to run GNU screen,PuTTY in Linux,minicom, or dterm. Examples of how to
configure PuTTY and GNU screen are below.
FreeBSD
For FreeBSD the best practice is to run GNU screen or cu. An example of how to configure GNU screen is
below.
© Copyright 2022 Rubicon Communications LLC 7
Secure Router Manual SG-5100
3.5.1 Client-Specific Examples
PuTTY in Windows
• Open PuTTY and select Session under Category on the left hand side.
• Set the Connection type to Serial
• Set Serial line to the console port determined previously
• Set the Speed to 115200 bits per second.
• Click the Open button
PuTTY will then display the console.
Fig. 1: An example of using PuTTY in Windows
© Copyright 2022 Rubicon Communications LLC 8
Secure Router Manual SG-5100
PuTTY in Linux
• Open PuTTY from a terminal by typing sudo putty
Note: The sudo command will prompt for the local workstation password of the current account.
• Set the Connection type to Serial
• Set Serial line to /dev/ttyUSB0
• Set the Speed to 115200 bits per second
• Click the Open button
PuTTY will then display the console.
Fig. 2: An example of using PuTTY in Linux
GNU screen
In many cases screen may be invoked simply by using the proper command line, where <console-port> is the
console port that was located above.
$sudo screen <console-port> 115200
Note: The sudo command will prompt for the local workstation password of the current account.
© Copyright 2022 Rubicon Communications LLC 9
Secure Router Manual SG-5100
If portions of the text are unreadable but appear to be properly formatted, the most likely culprit is a character encoding
mismatch in the terminal. Adding the -U parameter to the screen command line arguments forces it to use UTF-8
for character encoding:
$sudo screen -U <console-port> 115200
3.5.2 Terminal Settings
The settings to use within the terminal program are:
Speed 115200 baud, the speed of the BIOS
Data bits 8
Parity None
Stop bits 1
Flow Control Off or XON/OFF.
Warning: Hardware flow control (RTS/CTS) must be disabled.
3.6 What’s Next?
After connecting a terminal client, it may not immediately see any output. This could be because the device has already
finished booting or it may be that the device is waiting for some other input.
If the device does not yet have power applied, plug it in and monitor the terminal output.
If the device is already powered on, try pressing Space. If there is still no output, press Enter. If the device was
booted, it should redisplay the login prompt or produce other output indicating its status.
3.7 Troubleshooting
3.7.1 Serial Device Missing
With a USB serial console there are a few reasons why the serial port may not be present in the client operating system,
including:
No Power Some models require power before the client can connect to the USB serial console.
USB Cable Not Plugged In For USB consoles, the USB cable may not be fully engaged on both ends. Gently, but
firmly, ensure the cable has a good connection on both sides.
Bad USB Cable Some USB cables are not suitable for use as data cables. For example, some cables are only capable
of delivering power for charging devices and not acting as data cables. Others may be of low quality or have
poor or worn connectors.
The ideal cable to use is the one that came with the device. Failing that, ensure the cable is of the correct type
and specifications, and try multiple cables.
Wrong Device In some cases there may be multiple serial devices available. Ensure the one used by the serial client
is the correct one. Some devices expose multiple ports, so using the incorrect port may lead to no output or
unexpected output.
© Copyright 2022 Rubicon Communications LLC 10
Secure Router Manual SG-5100
Hardware Failure There could be a hardware failure preventing the serial console from working. Contact Netgate
TAC for assistance.
3.7.2 No Serial Output
If there is no output at all, check the following items:
USB Cable Not Plugged In For USB consoles, the USB cable may not be fully engaged on both ends. Gently, but
firmly, ensure the cable has a good connection on both sides.
Wrong Device In some cases there may be multiple serial devices available. Ensure the one used by the serial client
is the correct one. Some devices expose multiple ports, so using the incorrect port may lead to no output or
unexpected output.
Wrong Terminal Settings Ensure the terminal program is configured for the correct speed. The default BIOS speed
is 115200, and many other modern operating systems use that speed as well.
Some older operating systems or custom configurations may use slower speeds such as 9600 or 38400.
Device OS Serial Console Settings Ensure the operating system is configured for the proper console (e.g. ttyS1 in
Linux). Consult the various operating install guides on this site for further information.
3.7.3 PuTTY has issues with line drawing
PuTTY generally handles most cases OK but can have issues with line drawing characters on certain platforms.
These settings seem to work best (tested on Windows):
Window
Columns x Rows 80x24
Window > Appearance
Font Courier New 10pt or Consolas 10pt
Window > Translation
Remote Character Set Use font encoding or UTF-8
Handling of line drawing characters Use font in both ANSI and OEM modes or Use
Unicode line drawing code points
Window > Colours
Indicate bolded text by changing The colour
3.7.4 Garbled Serial Output
If the serial output appears to be garbled, binary, or random characters check the following items:
Terminal Speed Ensure the terminal program is configured for the correct speed. (See No Serial Output)
Character Encoding Ensure the terminal program is configured for the proper character encoding, such as UTF-8 or
Latin-1, depending on the operating system. (See GNU Screen)
© Copyright 2022 Rubicon Communications LLC 11
Secure Router Manual SG-5100
3.7.5 Serial Output Stops After the BIOS
If serial output is shown for the BIOS but stops afterward, check the following items:
Terminal Speed Ensure the terminal program is configured for the correct speed for the installed operating system.
(See No Serial Output)
Device OS Serial Console Settings Ensure the installed operating system is configured to activate the serial console
and that it is configured for the proper console (e.g. ttyS1 in Linux). Consult the various operating install
guides on this site for further information.
Bootable Media If booting from a USB flash drive, ensure that the drive was written correctly and contains a bootable
operating system image.
© Copyright 2022 Rubicon Communications LLC 12
CHAPTER
FOUR
ADDITIONAL RESOURCES
4.1 Professional Services
Support does not cover more complex tasks such as network design and conversion from other firewalls. These items
are offered as professional services and can be purchased and scheduled accordingly.
https://www.netgate.com/our-services/professional-services.html
4.2 Netgate Training
Netgate training offers training courses for increasing your knowledge of Netgate products and services. Whether
you need to maintain or improve the security skills of your staff or offer highly specialized support and improve your
customer satisfaction; Netgate training has got you covered.
https://www.netgate.com/training/
4.3 Resource Library
To learn more about how to use your Netgate appliance and for other helpful resources, make sure to browse our
Resource Library.
https://www.netgate.com/resources/
13
CHAPTER
FIVE
WARRANTY AND SUPPORT
• One year manufacturer’s warranty.
• Please contact Netgate for warranty information or view the Product Lifecycle page.
• All Specifications subject to change without notice.
Enterprise Support is included with an active software subscription, for more information view the Netgate Global
Support page.
See also:
For more information on how to use pfSense® software, see the TNSR Documentation and Resource Library.
14
Other manuals for SG-5100
3
Table of contents
Other Netgate Network Router manuals
Popular Network Router manuals by other brands
MikroTik
MikroTik RouterBOARD RB2011U Quick setup guide and warranty information
HALNy
HALNy HL-4GQV Quick installation guide
ORiNG
ORiNG RGPS-92222GCP-NP-LP user manual
SonicWALL
SonicWALL SOHO TZW Getting started guide
H3C
H3C S12500CR Series Preparing for Installation
Premiertek
Premiertek POWERLINK PT-AP2403 Quick installation guide