Search for "policy routing" instead of "selective routing" and you will probably get more pertinent search results.

@Grimson i have been blacklisted several times over the past week and cant seem to find which device is spamming from the network,although ran Malwarebytes basically on all client devices

I agree, makes no sense to define point to point rules (first 5) and then throw /24 behind it so the whole network can talk to each other. Also those rules are TCP only so if you are that specific, why not also include the ports instead of "all"? I'd also sort the kind of infrastructure rules on top (allow DNS, Ping, NTP and 80/443 for updates or such likes) and make them more specific so it won't interfere with other rules. Normally if that's your DMZ I see no reason why my DMZ hosts should talk to any DNS out there if I have a resolver/forwarder with caching running myself. Same for NTP. I would consider creating a RFC1918 Alias with all private IP space and use that instead of LAN net as a target so to reject all traffic from DMZ to other internal networks. If you specifically need a single IP or subnet, add that with a pass above the reject. So you can't accidentally introduce a new subnet on your firewall and open it up to network segments that it shouldn't be visible. That are the basic thing's I'd consider.

You'd be better off setting an IPS policy. Google the error messages, the TMG one is one I've disabled. [image: 1554211853424-screenshot-2019-04-02-at-14.29.01.png]

@tuyensteven said in Pfsense block microsoft store: I can not connect microsoft store Good news : not pfSEnse related. I just visited https://www.microsoft.com/en-gb/store/b/home?rtc=2 works fine for me - and I'm using pfSense.

@Grimson Thanks for the reply Grimson. I forgot to mention that I had used an ubuntu live boot and ran lspci with no results...so I'm almost positive it's a lower level issue than the bsd kernel. Thanks for the advice though. If I get any additional information from asrock, I'll post it here.

@alpineaudio said in pfSense hardware selection help: @akuma1x said in pfSense hardware selection help: firewall black-boxes and more specific, this one's an i5 https://www.amazon.com/QOTOM-Q355G4-Factory-Firewall-Multi-Function-Appliance/dp/B06XNWLR3J/ref=sr_1_fkmr2_2?keywords=pfsense+firewall+black-boxes+i5&qid=1553882807&s=gateway&sr=8-2-fkmr2 This one is a much better choice! I'm going to get up on my soap box here... keep in mind, you should try to support the pfsense open source project as much as you can. With the Qotom box you found, you're only about $60 away from the "official" Netgate SG-3100 box. I'm not trying to guilt you into a purchase, and I'm not saying you're going to get a better experience with name-brand or not, but being that close in price, I would send my money to Netgate and the firewall project itself. Jeff

Just VoIP phones, ideally no on premises equipment.

Based on the zero information you've given, I don't know how you would expect anyone to help other than generalities. It could be a million things, from your NIC to your cable to your router to your cable modem to your ISP to the route to destination etc etc etc etc.

515/5000 Sorry, what does this refer to? According to that page you linked, the agent can work in two modes. The first uses tcp3377, the second uses standard web ports. Have you tried with the first method? Have you checked any of the logs I mentioned? Have you checked Squid's log?

@svark do you have radvd running on the system? The easiest way to check is from the cli by logging into the console and do a ps. https://forum.netgate.com/topic/123554/new-latency-every-30-seconds-with-2-4-2-caused-by-radvd-2-17_3

You are the Best!!!!! thank you it worked!!!!!

Go to https://forum.netgate.com/category/67/pfsense-international-support and scroll to the bottom and ignore.

I agree with @Grimson and and @Derelict. It's nice to read positive feedback though :)

@marian78 said in pfSense hardware help for new box (DiY): Is there any WIFI n/ac module, that it can work with pfSense on that board, ideal for 2,4GHz and another for 5GHz? I'd advise not to go that route. You won't get any (AFAIK) -ac to run, -n would be the most and even for that, the hardware to choose from is very sparse and picky. You could try some Atheros based cards but considering your time and the money for that, you'd be better of buying some good and configurable AP (I took a unify AP-AC-Pro and had no regrets).