So you want to stop someone from causing problem by purposely setting a dupe IP for your gateway?  Yeah use a NAC/NAP to prevent such people from getting on your network. I don't even have to set a dupe to cause problems, just need to flood the network with gratuitous arps pointing to the wrong mac for the IP, or answering arps very quickly with the wrong info, etc. There is nothing you can do on pfsense to stop this if that is your question.. Since pfsense has nothing to do with traffic that happens on the network of a specific segment it might have an interface in - it is just the gateway off that segment and yeah it can firewall traffic it sees on its that interface for somewhere else. On a host level you could setup static arps for your gateway or any other IPs on your network, so if someone was giving out bad info you wouldn't pay attention to it, etc.

Indeed boxes accelerating (kind of) protocols like SMB are not increasing bandwidth but are, assuming you have one on each side  ;), sending back local ACK to fight against latency. Some protocols, like SMB, have been written to work on LAN only and are very verbose, requiring frequent ACK between client and server. By handling ACK at the border of each LAN (faking in fact remote client or server), these boxes are still very useful, whatever bandwidth, if you have network with significant latency.

OpenVPN peer-to-peer seems to be the right answer. What you need to add to above answer is the need for dynamic DNS stuff so that despite dynamic IP on site B, you can still know how to reach it  ;)

How about put in some kind of mini game that is trivial to win.  Game of pong or 1 level of tetris?

That explains it, I added an interface, thanks.

Sounds like what you want is a smart/managed switch..  There is no reason to route this traffic over pfsense.. If you want your nas to talk to something else to copy its video too, then that something should be on same layer 2. I would agree you prob don't want all your other network stuff on this same network.  So you put your camera stuff on its on network/vlan ie layer 2.  Now be it you want to talk to this stuff from another network or allow it to talk to other stuff via layer 3 then sure that would route through pfsense. Having another nic in pfsense would allow for having multiple nics for your other networks so you don't have to put everything on a vlan sharing the same phy speed limitation of 1 nic..  But once you get switch that supports vlans pfsense could be used with just 1 nic, etc. Isolation/separation of networks is yeah good security practice.. I sure don't trust all this iot stuff to be on the same network as all my other stuff. So yeah they all get put on their own vlan.. They can talk to each other.. I let them talk to the internet - but they don't talk to any of my other local networks.  For example nest thermo and nest protect.  They are on their own wifi segment.  They have no access to anything else on my network.  Once I get a cameras setup it would be the same way, my directv dvr is on its own segment, etc.

I'd start as most do on the network. Physical layer. (unless you know there was some recent changes made to the network or PFSense). Check all hardware including the switch, pcs, cabling etc… for any issues. I'd start by checking the modem. If you have a static IP on it you can configure a NIC on a laptop to the static IP and connect it to the LAN of the modem. Remove all other connections and test the modem speeds on a laptop. If all is well reconnect it back to normal and move onto the next step. Bypass the switch and next test the PFSense box, plug the LAN from the PFSense into your laptop. Check the connection at this point. Is it slow or stable at correct speeds? If not the obviously the problem is with the PFSense box and not the remaining items on the LAN. If it is, then do the same troubleshooting method for the switch. Swap it out with spare for a test. Reboot the switch, do speeds return to normal then die out over time? etc.... Pinepoint the item causing the issues first. Then you can troubleshoot the cause. Just a side note about running PFSense in a Hyper-V. I just installed PFSense for my home network and reviewed online documentation that stated to use legacy network adaptors in the VM. When I did that I noticed I was getting very poor download speeds and other packet loss issues. I changed it back to the default adaptors and had no issues since. A lot of the online documentation and videos for setting up in Hyper-V are out-dated and incorrect for today's technologies and recent PFSense releases.

Are you able to share this package? Interested in the same thing.

yeah that is what it seems like to me as well.  I for now have just turned off logging of the auth.  Maybe I am just having a brain fart but I don't see a way to log just failures and not log good auth which would be better than no logging at all. While they are not doing it like every minute its does produce quite a bit of spam in the logs when you have 2 of them doing it every few minutes all night long, etc. Or be nice if you could set it somewhere on the phone to only do it say every hour or something when they are sleeping.  I will have to look through the iphone settings, but what is odd is not seeing it from the ipad and its on the same eap-tls network.  When I get a chance I will explore the difference in settings on the ipad vs the iphones.

We have generated them in a while and we stopped using them completely in 2.3.2. So if you're on 2.3.2 and working fine, you're ahead of the curve. Only a few people have had issues that we've seen. Most all of them easily solved by a client software upgrade or tweak in the settings.

@cmb: There almost certainly won't be a 2.3.3 release. There will be 2.3.2_x updates no doubt, especially since that's the end of the road for 32 bit. Hmmmm, Would have thought 2.6.4 would be more fitting end of the road for 32 bit. ;)

I would also appreciate any insight into logging from pfsense to security onion now that snortby is depreciated from the security-onion iso.

She was. She had a Masters and PHD related to computer systems security. We'd talk for hours after class since she mostly taught just a handful of high level courses. She taught 4 of my courses, server administration, securing servers, network design, and network security. Something like 5-6 credits per class and something I enjoyed, so easy As. GPA boost! I graduated with a little more than 2x my required credits for my major. I got to work with her husband who was head of IT security. Now my brother is working with him on a research project for AI learning intrusion detection. He's working towards a PHD in AI. My brother is leader("because no one else knows what they're doing") for like 4 different research projects at the same time while helping my University redesign their datacenter for their own personal cloud, while doing an intern project for programming a super computer. And he has exclusive access to the super computer and is allowed to pretty much program whatever he wants. He and I rarely talk, but when we do, it's a total geek fest. Not many people understand us. He's a lot more ambitious than I am.