That are values we can work with :) Thank you! If you want to run gigabit and routing I'd guess the small i5-2400 would already be enough for that. If you want to add a bit of power, you can go with the i5-2500. The i7-2600 I'd ignore, as all you would gain are a couple of MHz more and hyperthreading that you'd disable anyways as it brings more negative than positive effects to the table. So if you have one of those i5 lying around, have a got at them. I'd suppose a bit newer i3 would work, too. On the other hand if you're going for future compatibility, perhaps a new board with new RAM and a Denverton SOC (C3558 or the likes) would also bring more then enough bang for the bucks to the table. Systems with DDR3 can/will become expensive as the industry moved on and replacements (RAM etc.). Greets

The SG-3100 could be okay for your branches, but with 100Mbit/s VPN traffic and IPS/IDS you would have the SG-3100 on very high full load with no reserve. For your HQ it would definitely be the wrong device, you could never get close to 300Mbit/s VPN traffic. The XG-7100 should fit your requirements and make you happy. :-) Depending on your budget get two of them and run in HA. For your branches check out the SG-5100 or if you need rackmount buy the XG-7100 for them, too. -Rico

Yeah I had the same problem with what used to be my XenServer. Disabling UEFI boot quickly "fixed" it.

hello vegastech thank you for the reply i can ping to 192.168.1.1 from my pfsense at 192.168.55.2 in internal network when i try to go to internet from a Virtual machine at 192.168.55.x in bridge mode it doen't work

You prob get better support on centos forums or radius forums - not sure what this has to do with pfsense? Your in the general section and all.. But good luck..

@Johev Did you ever pick one?

@petreza If I wouldn't be that Cisco centric now (was very different 10 years ago) I'd probably have a look at the D-Link DGS1510 series.

@rcmpayne said in [SOLVED] Internet through pfsense keeps dropping: @rcmpayne said in Internet through pfsense keeps dropping: @bmeeks said in Internet through pfsense keeps dropping: If Snort works, then just use it instead of Suricata. There is no meaningful security difference between the two packages. Were you running Suricata with Inline IPS Mode? If so, then netmap is probably the issue as it will restart an interface when netmap mode is activated. So each time Suricata stopped and started it would activate netmap which in turn will cycle the interface. The Inline IPS Mode of blocking in Suricata uses Netmap. The Legacy Blocking Mode in Suricata works the same as Snort and uses libpcap instead of netmap. Yes i was Is there a way to restart or cycle the interface to see if that alone will also cause issues? i no-longer have Suricata installed at this point. Sure, you can disable and then re-enable the interface on the INTERFACES menu in pfSense. That will not use netmap, though. That will simply cycle the interface down and back up.

@esrisa said in Pfsense - Outlook the linked image cannot be displayed: Errors in emails - The linked image cannot be displayed How do I resolve this problem? How should pfSense know that the GET for an image in a mail is coming from an email client like Outlook, so it blocks these requests ? Are you blocking something on your LAN firewall ? Some other proxy issue ? @Bismarck : I don't think @EsriSA instructs (or has been instructed) his mail client to stop showing image in a mail and then looking for the phenomena in pfSense. That's doesn't make sense.

Got it working. Come to find out the Public LAN on the modem was not enabled or setup. Once i did that, everything it worked.

As a follow-up on this post, I ended up purchasing a used 2-port intel server NIC. This solved the problem, which seems to be related to the Realtek NIC's on the motherboard

Just an update - managed to get this done without any additional hardware. Just had to configure the 2 vNics with the right settings. i can now send any device through the vpn. works a treat.

@grimson said in Should i cancel my fios gigabit plan|VPN speed only 200+mbps: @jegr said in Should i cancel my fios gigabit plan|VPN speed only 200+mbps: I want some of that money-printing-thingy, too :D No problem: Rent a few cheap VPS and install OpenVPN on them, create a decent looking website with lot's of FUD and offer your service as the salvation there. Et voila you are your own VPN provider. OK should clearly have inserted that "sarcasm" or "irony" holding smiley there ;) @johnpoz said in Should i cancel my fios gigabit plan|VPN speed only 200+mbps: To your fingerprinting - up your IP is kind of minor thing these days.. New firefox is going to implement some sizing stuff that the tor browser been doing to try and remove one of the things used to fingerprint. Aye, of course there are more countermeasures today. But even back in the '09s it was already shady to "trust" those services implicitly with all information. As everyone can research, there were quite a few companies selling "secure private VPNs" giving away user information afterwards or tracking things like website and app usage etc. So when someone sees one of those "unbelievable offers" of a lifetime/10years/whatever long time VPN membership for only 99.99$ (or whatever) one should ask: is that really viable? Or are you simply buying snakeoil.

Ah, ok, now we are getting somewhere ... Still, what does this CA cert has to do with it ? Anyway. When you use solutions that block 'some users' to visit 'some sites' you need to read awful lot of information. Because you have to understand the why / what / when. Added to that : when you have a working situation, you have to survey it constantly as your are using rather complicated solution that can change any moment. This is a topicality : you want something, so you implement something (like driving that car you bought - you do it, because no one will be there for you for your car). So, read the forums I mentioned. Try something like Google pfsense block Facebook - just read and you will get the picture. Have a look at the Netgate's Videos about this subject (Youtube => Netgate). Btw : I never ever I block 'some sites' for some of the visitors or my colleagues or who eve on my networks. I'm using pfSense in a company - not some family or related environment. I also tend to keep things simple.