Rubicon Netgate-4200 User manual

Security Gateway Manual

Netgate-4200

Jan 08, 2024

CONTENTS

1 Out of the Box 2

2 How-To Guides 24

3 References 55

Security Gateway Manual Netgate-4200

This Quick Start Guide covers the ﬁrst time connection procedures for the Netgate® 4200 Desktop Firewall Appliance

and will provide the information needed to keep the appliance up and running.

Tip: Before getting started, a good practice is to download the PDF version of the Product Manual and the PDF

version of the pfSense Documentation in case Internet access is not available during setup.

CHAPTER

ONE

OUT OF THE BOX

1.1 Getting Started

The basic ﬁrewall conﬁguration begins with connecting the Netgate® appliance to the Internet. The Netgate appliance

should be unplugged at this time.

Connect one end of an Ethernet cable to the WAN port (shown in the Input and Output Ports section) of the Netgate

appliance. The other end of the same cable should be inserted into a LAN port on the ISP CPE device, such as a cable

or ﬁber modem. If the CPE device provided by the ISP has multiple LAN ports, any LAN port should work in most

circumstances.

Next, connect one end of a second Ethernet cable to the LAN port (shown in the Input and Output Ports section) of

the Netgate appliance. Connect the other end to the computer.

Security Gateway Manual Netgate-4200

1.1.1 What next?

To connect to the GUI and conﬁgure the ﬁrewall in a browser, continue on to Initial Conﬁguration.

To connect to the console and make adjustments before connecting to the GUI, see Connecting to the USB Console

Port.

Warning: The default IP Address on the LAN subnet on the Netgate ﬁrewall is 192.168.1.1/24. The same

subnet cannot be used on both WAN and LAN, so if the default IP address on the ISP-supplied modem is also

192.168.1.1/24,disconnect the WAN interface until the LAN interface on the ﬁrewall has been renumbered

to a different subnet (like 192.168.2.1/24) to avoid an IP Address conﬂict.

To change an interface IP address, choose option 2 from the Console Menu and walk through the steps to change

it, or from the GUI, go through the Setup Wizard (opens at ﬁrst boot, also found at System > Setup Wizard) and

change the IP address on Step 5. Complete the Wizard and save the changes.

1.2 Initial Conﬁguration

Plug the power cable into the power port (shown in the Input and Output Ports section) to turn on the Netgate®

Firewall. Allow 4 or 5 minutes to boot up completely.

Warning: If the CPE on WAN (e.g. Fiber or Cable Modem) has a default IP Address of 192.168.1.1,

disconnect the Ethernet cable from the 1port on the Netgate 4200 Security Gateway before proceeding.

Change the default LAN IP Address of the device during a later step in the conﬁguration to avoid having conﬂicting

subnets on the WAN and LAN.

1.2.1 Connecting to the Web Interface (GUI)

1. From the computer, log into the web interface

Open a web browser (Google Chrome in this example) and enter 192.168.1.1 in the address bar. Press

Enter.

Fig. 1: Enter the default LAN IP address in the browser

2. A warning message may appear. If this message or similar message is encountered, it is safe to proceed. Click

the Advanced Button and then click Proceed to 192.168.1.1 (unsafe) to continue.

3. At the Sign In page, enter the default pfSense®Plus username and password and click Next.

• Default Username: admin

• Default Password: pfsense

Security Gateway Manual Netgate-4200

Fig. 2: Example certiﬁcate warning message

Security Gateway Manual Netgate-4200

1.2.2 The Setup Wizard

This section steps through each page of the Setup Wizard to perform the initial conﬁguration of the ﬁrewall. The

wizard collects information one page at a time but it does not make any changes to the ﬁrewall until the wizard is

completed.

Tip: The wizard can be safely stopped at any time for those who wish to perform the conﬁguration manually or

restore an existing backup (Backup and Restore).

To stop the wizard, navigate away from the wizard pages by clicking the logo in the upper left of the page or by

choosing an entry from one of the menus.

Note: Ignore the warning at the top of each wizard page about resetting the admin account password. One of the

steps in the Setup Wizard is to change the default password, but the new password is not applied until the end of the

wizard.

1. Click Next to start the Setup Wizard.

Fig. 3: Setup Wizard starting page

2. Click Next after reading the information on Netgate Global Support.

3. Use the following items as a guide to conﬁgure the options on the General Information page:

Hostname Any desired hostname name can be entered to identify the ﬁrewall. For the purposes of

this guide, the default hostname pfsense is used.

Domain The domain name under which the ﬁrewall operates. The default home.arpa is used for

the purposes of this tutorial.

Security Gateway Manual Netgate-4200

DNS Servers For purposes of this setup guide, use the Google public DNS servers (8.8.8.8 and

8.8.4.4).

Note: The ﬁrewall defaults to acting as a resolver and clients will not utilize these forwarding

DNS servers. However, these servers give the ﬁrewall itself a way to ensure it has working DNS

if resolving the default way does not work properly.

Fig. 4: General Information page in the Setup Wizard

Type in the DNS Server information and Click Next.

4. Use the following information for the Time Server Information page:

Time Server Hostname Use the default time server address. The default hostname is suitable for

both IPv4 and IPv6 NTP clients.

Timezone Select a geographically named time zone for the location of the ﬁrewall.

For this guide, the Timezone will be set to America/Chicago for US Central time.

Change the Timezone and click Next.

5. Use the following information for the Conﬁgure WAN Interface page:

The WAN interface is the external (public) IP address the ﬁrewall will use to communicate with the Internet.

DHCP is the default and is the most common type of WAN interface for home ﬁber and cable modems.

Default settings for the other items on this page should be acceptable for normal home users.

Default settings should be acceptable. Click Next.

Security Gateway Manual Netgate-4200

Fig. 5: Time Server Information page in the Setup Wizard

Fig. 6: Conﬁgure WAN Interface page in the Setup Wizard

Security Gateway Manual Netgate-4200

6. Conﬁguring LAN IP Address & Subnet Mask. The default LAN IP address of 192.168.1.1 and subnet mask

of 24 is usually sufﬁcient.

Tip: If the CPE on WAN (e.g. Fiber or Cable Modem) has a default IP Address of 192.168.1.1, the

Ethernet cable should be disconnected from the 1port on the Netgate 4200 Security Gateway before starting.

Change the default LAN IP Address of the device during this step in the conﬁguration to avoid having conﬂicting

subnets on the WAN and LAN.

7. Change the Admin Password. Enter the same new password in both ﬁelds.

8. Click Reload to save the conﬁguration.

9. After a few seconds, a message will indicate the Setup Wizard has completed. To proceed to the pfSense®Plus

dashboard, click Finish.

Note: This step of the wizard also contains several useful links to Netgate resources and methods of obtaining

assistance with the product. Be sure to read through the items on this page before ﬁnishing the wizard.

1.2.3 Finishing Up

After completing or exiting the wizard, during the ﬁrst time loading the Dashboard the ﬁrewall will display a notiﬁ-

cation modal dialog with the Copyright and Trademark Notices.

Read and click Accept to continue to the dashboard.

If the Ethernet cable was unplugged at the beginning of this conﬁguration, reconnect it to the 1port now.

This completes the basic conﬁguration for the Netgate appliance.

1.3 pfSense Plus Software Overview

This page provides an overview of the pfSense®Plus dashboard and navigation. It also provides information on how to

perform frequent tasks such as backing up the pfSense®Plus software and connecting to the Netgate ﬁrewall console.

1.3.1 The Dashboard

pfSense®Plus software is highly conﬁgurable, all of which can be done through the dashboard. This orientation will

help to navigate and further conﬁgure the ﬁrewall.

Section 1 Important system information such as the model, Serial Number, and Netgate Device ID for this Netgate

ﬁrewall.

Section 2 Identiﬁes what version of pfSense®Plus software is installed, and if an update is available.

Section 3 Describes Netgate Service and Support.

Section 4 Shows the various menu headings. Each menu heading has drop-down options for a wide range of conﬁg-

uration choices.

Security Gateway Manual Netgate-4200

Fig. 7: Copyright and Trademark Notices

Security Gateway Manual Netgate-4200

Fig. 8: The pfSense®Plus Dashboard

1.3.2 Re-running the Setup Wizard

To re-run the Setup Wizard, navigate to System > Setup Wizard.

1.3.3 Backup and Restore

It is important to backup the ﬁrewall conﬁguration prior to updating or making any conﬁguration changes. From the

menu at the top of the page, browse to Diagnostics > Backup/Restore.

Click Download configuration as XML and save a copy of the ﬁrewall conﬁguration to the computer con-

nected to the Netgate ﬁrewall.

This backup (or any backup) can be restored from the same screen by choosing the backed up ﬁle under Restore

Conﬁguration.

Note: Auto Conﬁg Backup is a built-in service located at Services > Auto Conﬁg Backup. This service will save

up to 100 encrypted backup ﬁles automatically, any time a change to the conﬁguration has been made. Visit the Auto

Conﬁg Backup page for more information.

Security Gateway Manual Netgate-4200

Fig. 9: Re-run the Setup Wizard

1.3.4 Connecting to the Console

There are times when accessing the console is required. Perhaps GUI console access has been locked out, or the

password has been lost or forgotten.

See also:

Connecting to the USB Console Port. Cable is required.

Tip: To learn more about getting the most out of a Netgate appliance, sign up for a pfSense Plus Software Training

course or browse the extensive Resource Library.

1.3.5 Updates

When a new version of pfSense Plus software is available, the device will indicate the availability of the new version

on the System Information dashboard widget. Users can peform a manual check as well by visiting System > Update.

Users can initiate an upgrade from the System > Update page as needed.

For more information, see the Upgrade Guide.

Security Gateway Manual Netgate-4200

Fig. 10: Backup & Restore

Fig. 11: Click Download conﬁguration as XML

Security Gateway Manual Netgate-4200

1.4 Input and Output Ports

1.4.1 Rear Side

The rear side of the Netgate 4200 contains several items of interest for connecting to and managing the device.

Fig. 12: Rear view of the Netgate 4200 Firewall Appliance

The items below are marked with circled numbers on ﬁgure Rear view of the Netgate 4200 Firewall Appliance:

Item Description

1 Power Connector

2 ACPI Power Button (Protruding) - Graceful shutdown, hard power off (Hold 10s), power on

3 Reset Button (Recessed) - Used when performing the Factory Reset Procedure.

4 Serial Console (USB or RJ45)

5 Rear Status LEDs

6Networking Ports

Power Connector (1) The Power connector is 12VDC with threaded locking connector. Power con-

sumption is approximately 13W when idle.

Power Button (2) The upper protruding Power Button behaves the same as a typical ACPI power button.

If the device is powered on and running, pressing the button immediately performs a graceful shut-

down and the system enters a standby state.

If the system is in a powered off or standby state, pressing the power button immediately powers on

the device and starts the boot process.

If the system is unresponsive, holding in the power button for 10 seconds will forcefully power off

the device. Press the power button again to turn it back on.

Reset Button (3) The lower recessed Reset Button is used to perform the Factory Reset Procedure.

Pressing and immediately releasing the button has no effect, it does not perform a hardware reset.

See Factory Reset Procedure for details on how to use the button to perform a factory reset.

Serial Console Port (4) Clients can access the serial console using the USB Micro-B (5-pin) serial

adapter port and a compatible USB cable or via the RJ45 “Cisco” style port with a separate ca-

ble and USB serial adapter or client hardware port.

Note: Only one type of console connection will work at a time and the RJ45 console connection

has priority. If both ports are connected only the RJ45 console port will function.

Security Gateway Manual Netgate-4200

Note: The serial console in the OS is a memory mapped serial port and not a traditional COM port.

pfSense®Plus automatically detects and uses the correct console type for this device.

Note: The RJ45 Serial Console port is only for use with the Serial Console. It cannot be used for

any other purpose.

Status LEDs (5) The rear status LEDs show the same output as the status LEDs on the front of the unit.

See Status LEDs for information on interpreting the meaning of different LED states.

Networking Ports (6) This group of four ports are the network interfaces. They are explained in detail

in the next section, Networking Ports.

Networking Ports

The section on the rear of the device numbered 6in Rear view of the Netgate 4200 Firewall Appliance contains the

network interfaces. These ports are labeled 1through 4on the device.

Label Assigned Name Device Name Type Speed

1 PORT1WAN igc3 RJ-45 2.5 Gbps

2 PORT2LAN igc2 RJ-45 2.5 Gbps

3 PORT3 igc1 RJ-45 2.5 Gbps

4 PORT4 igc0 RJ-45 2.5 Gbps

Note: The igc(4) network interfaces on this device do not support ﬁxed speed operation. These interfaces emulate

a speed/duplex choice by limiting the values offered during autonegotiation to the speed/duplex value selected in the

GUI.

When connecting different devices to these interfaces the peer should typically be set to autonegotiate, not to a speciﬁc

speed or duplex value. The exception to this is if the peer interface has the same limitation, in which case both peers

should select the same negotiation speed.

1.4.2 Front Side

The front of the device has Status LEDs as well as an access panel for future expansion uses.

Fig. 13: Front view of the Netgate 4200 Firewall Appliance

Security Gateway Manual Netgate-4200

1.4.3 Right Side

Fig. 14: Right side view of the Netgate 4200 Firewall Appliance

The right side panel of the device (when facing the front) contains:

# Description Purpose

1 USB 3.0 Port Connect USB devices

USB Ports

USB ports on the device can be used for a variety of purposes.

The primary use for the USB ports is to install or reinstall the operating system on the device. Beyond that, there

are numerous USB devices which can expand the base functionality of the hardware, including some supported by

add-on packages. For example, UPS/Battery Backups, Cellular modems, GPS units, and storage devices. Though the

operating system also supports wired and wireless network devices, these are not ideal and should be avoided.

1.4.4 Status LEDs

The Netgate 4200 has two sets of status LEDs: One on the front of the device and one on the rear. The status LEDs

on the front are horizontal while the LEDs on the rear are arranged vertically. Though the placement is different, both

sets are labeled consistently.

LED Patterns

Description LED Pattern

Standby Circle pulsing orange

Boot in Process Diamond ﬂashing blue

Boot Completed/Ready Diamond solid blue

Upgrade Available Square solid purple

Upgrade in Progress All rapidly ﬂash green

Triggering Reset Circle, Square, then Diamond solid red (Factory Reset Procedure)

Reset In Progress All rapidly ﬂash red (Factory Reset Procedure)

Security Gateway Manual Netgate-4200

Fig. 15: Status LEDs on the front (left) and rear (right) of the Netgate 4200 Firewall Appliance

1.5 Safety and Legal

1.5.1 Safety Notices

1. Read, follow, and keep these instructions.

2. Heed all warnings.

3. Only use attachments/accessories speciﬁed by the manufacturer.

Warning: Do not use this product in location that can be submerged by water.

Warning: Do not use this product during an electrical storm to avoid electrical shock.

1.5.2 Electrical Safety Information

1. Compliance is required with respect to voltage, frequency, and current requirements indicated on the manu-

facturer’s label. Connection to a different power source than those speciﬁed may result in improper operation,

damage to the equipment or pose a ﬁre hazard if the limitations are not followed.

2. There are no operator serviceable parts inside this equipment. Service should be provided only by a qualiﬁed

service technician.

3. This equipment is provided with a detachable power cord which has an integral safety ground wire intended for

connection to a grounded safety outlet.

Security Gateway Manual Netgate-4200

a) Do not substitute the power cord with one that is not the provided approved type. If a 3 prong plug is

provided, never use an adapter plug to connect to a 2-wire outlet as this will defeat the continuity of the

grounding wire.

b) The equipment requires the use of the ground wire as a part of the safety certiﬁcation, modiﬁcation or

misuse can provide a shock hazard that can result in serious injury or death.

c) Contact a qualiﬁed electrician or the manufacturer if there are questions about the installation prior to

connecting the equipment.

d) Protective grounding/earthing is provided by Listed AC adapter. Building installation shall provide appro-

priate short-circuit backup protection.

e) Protective bonding must be installed in accordance with local national wiring rules and regulations.

Warning: To help protect your Netgate appliance from sudden, transient increases and decreases in electrical

power, use a surge suppressor, line conditioner, uninterruptible power supply (UPS) or a combination of those

devices.

Failure to take such precautions could result in premature failure, and/or damage to your Netgate appliance, which

is not covered under the product warranty. Such an event may also present the risk of electric shock, ﬁre, or

explosion.

1.5.3 FCC Compliance

Changes or modiﬁcations not expressly approved by the party responsible for compliance could void the user’s au-

thority to operate the equipment. This device complies with Part 15 of the FCC Rules. Operation is subject to the

following two conditions:

1. This device may not cause harmful interference, and

2. This device must accept any interference received, including interference that may cause undesired operation.

Note: This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant

to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference

when the equipment is operated in a residential environment.

1.5.4 Industry Canada

This Class B digital apparatus complies with Canadian ICES-3(B). Cet appareil numérique de la classe B est conforme

à la norme NMB-3(B) Canada.

1.5.5 Australia and New Zealand

This is a AMC Compliance level 2 product. This product is suitable for domestic environments.

Security Gateway Manual Netgate-4200

1.5.6 CE Marking

CE marking on this product represents the product is in compliance with all directives that are applicable to it.

1.5.7 RoHS/WEEE Compliance Statement

English

European Directive 2002/96/EC requires that the equipment bearing this symbol on the product and/or its packaging

must not be disposed of with unsorted municipal waste. The symbol indicates that this product should be disposed

of separately from regular household waste streams. It is your responsibility to dispose of this and other electric and

electronic equipment via designated collection facilities appointed by the government or local authorities. Correct

disposal and recycling will help prevent potential negative consequences to the environment and human health. For

more detailed information about the disposal of your old equipment, please contact your local authorities, waste

disposal service, or the shop where you purchased the product.

Deutsch

Die Europäische Richtlinie 2002/96/EC verlangt, dass technische Ausrüstung, die direkt am Gerät und/oder an der

Verpackung mit diesem Symbol versehen ist, nicht zusammen mit unsortiertem Gemeindeabfall entsorgt werden darf.

Das Symbol weist darauf hin, dass das Produkt von regulärem Haushaltmüll getrennt entsorgt werden sollte. Es liegt in

Ihrer Verantwortung, dieses Gerät und andere elektrische und elektronische Geräte über die dafür zuständigen und von

der Regierung oder örtlichen Behörden dazu bestimmten Sammelstellen zu entsorgen. Ordnungsgemäßes Entsorgen

und Recyceln trägt dazu bei, potentielle negative Folgen für Umwelt und die menschliche Gesundheit zu vermeiden.

Wenn Sie weitere Informationen zur Entsorgung Ihrer Altgeräte benötigen, wenden Sie sich bitte an die örtlichen

Behörden oder städtischen Entsorgungsdienste oder an den Händler, bei dem Sie das Produkt erworben haben.

Español

La Directiva 2002/96/CE de la UE exige que los equipos que lleven este símbolo en el propio aparato y/o en su

embalaje no deben eliminarse junto con otros residuos urbanos no seleccionados. El símbolo indica que el producto

en cuestión debe separarse de los residuos domésticos convencionales con vistas a su eliminación. Es responsabilidad

suya desechar este y cualesquiera otros aparatos eléctricos y electrónicos a través de los puntos de recogida que ponen

a su disposición el gobierno y las autoridades locales. Al desechar y reciclar correctamente estos aparatos estará

contribuyendo a evitar posibles consecuencias negativas para el medio ambiente y la salud de las personas. Si desea

obtener información más detallada sobre la eliminación segura de su aparato usado, consulte a las autoridades locales,

al servicio de recogida y eliminación de residuos de su zona o pregunte en la tienda donde adquirió el producto.

Français

La directive européenne 2002/96/CE exige que l’équipement sur lequel est apposé ce symbole sur le produit et/ou son

emballage ne soit pas jeté avec les autres ordures ménagères. Ce symbole indique que le produit doit être éliminé dans

un circuit distinct de celui pour les déchets des ménages. Il est de votre responsabilité de jeter ce matériel ainsi que

tout autre matériel électrique ou électronique par les moyens de collecte indiqués par le gouvernement et les pouvoirs

publics des collectivités territoriales. L’élimination et le recyclage en bonne et due forme ont pour but de lutter contre

l’impact néfaste potentiel de ce type de produits sur l’environnement et la santé publique. Pour plus d’informations

sur le mode d’élimination de votre ancien équipement, veuillez prendre contact avec les pouvoirs publics locaux, le

service de traitement des déchets, ou l’endroit où vous avez acheté le produit.

Other Rubicon Gateway manuals

Rubicon

Rubicon Netgate SG-5100 User manual

Rubicon

Rubicon netgate XG-7100 User manual

Rubicon

Rubicon Netgate SG-2100 User manual

Rubicon

Rubicon netgate SG-1100 User manual

Rubicon

Rubicon Netgate-8200 User manual

Popular Gateway manuals by other brands

Synway

Synway SMG Series user manual

LG-Nortel

LG-Nortel ARIA SOHO quick start guide

Patton

Patton SmartNode 4131 user manual

Arris

Arris Xfinity TG1682 user guide

sauter

sauter GW485LCD4P user manual

Sierra Wireless

Sierra Wireless FX30S user guide

Kara Systems

Kara Systems BACnet:M-Bus user manual

Dräger

Dräger GMS Instructions for use

Topex

Topex VoxiPlus installation manual

ABB

ABB DG/S 1.1 product manual

Ruckus Wireless

Ruckus Wireless MediaFlex 7211 Quick setup guide

Azatel

Azatel AzaCall200 Administrator's guide

ZyXEL Communications

ZyXEL Communications P-660H-61 user guide

Nortel

Nortel 2000 Hardware installation guide

SMC Networks

SMC Networks Lochinvar ProtoNode Startup guide

B&B Electronics

B&B Electronics Vlinx MESP211 instruction manual

Cisco

Cisco TelePresence ISDN GW MSE 8321 Getting started guide

LevelOne

LevelOne VOI-8000 user guide