A map might be fun … so long as results in export-controlled countries are filtered out so as not to raise any suspicions. :-)

i haven't had issues with the zyxel 1910 series. They offer a lot of value for money imho. 1910-24 without POE costs around €130.
I don't have prices for the POE version at hand, but i do know the 24-port POE is kind of noisy (fan noise). In other words, you wouldn't want them in your livingroom or near your desk

for gigabit i would go for a dell power edge with xeon or an old HP server

I only have a 100M fiber, averaging out on 80-89M, this is sufficient foe me.

Thanks Benny and Jimp,

i am gonna see if Jimp's idea is workable.. i am looking for a quick solution for the issue. changing settings in 4 diff pfboxes will be a titanic task.

rgds

So if I understand you correctly you need the wan connection to be also available on another nic? If power is no issue, use a switch. That is really the easiest way.
Otherwise, I think that a bridge is what you are looking for. (bridging 2 nics…. Think of it as bridging lan&wlan, but then for wan and (e.g.) opt1)
Lots of material to find in the forum here, search for; bridge, bridging, transparent firewall, transparent bridge, ....

@jflsakfja:

How many companies have spent millions so far on solutions that stop working when the next OS version comes out? Either that or they get stuck on outdated and unpatched systems, which lead to their compromise. How many of those companies would be in the same position if they used open source software as a foundation of their systems?

Let's take ACME bank for example. ACME bank needs to make sure that their systems are secure, since they are after all a bank. They hire a programmer to write their custom bank software, and when he is finished, they hire someone to audit it. 5 years down the line, when the original software author gets run over by a black van with tinted windows, the bank is left at the mercy of the people doing the audit.
Rewind back the clock now. ACME bank searches for an open source software that does the job they need. Let's assume for now that they do find such a project. They get in touch with the developers to add a couple of things they need, the developers make the changes, and the software is rushed into production. The bank then audits the software through third parties and finds a bug. The developers fix that bug in a timely manner.

5 years down the line ABC bank comes into play. They search for an open source project, and they find the one that ACME bank uses. They also get interested and start using the software. 5 years down the line they in turn discover a bug that ACME's auditors missed all those years. End result? Both banks benefit, since the bugs are fixed in the common code by its developers. Instead of investing millions, they invested a couple thousand into their software (excluding audits, since that's mandatory) which in turn fed the developers and supported the software's community.

Good example, thanks for it. Unfortunately this can only happen in a dream world. Here's the reason why:

Bank ACME and bank ABC are competitors on their market. It's against their interest to show the ways/workflows they use to make business. That's why they rather pay trillions more money to keep the source closed and their own property. They will never agree to share internal workflows and business secrets with each other… and computer software is more and more the base for business workflows everywhere. They will also never agree to share these things to public because then newer and newer competitors could come and decrease profits.

It's all about money and time, unfortunately. How fast can Cisco firewall be deployed within a big company? How many people can stand behind it? Are there any guarantees? Oh sure, many contracts can be signed and promises and lies, nobody cares really. Can't be the same with pfSense... this is the reality nowdays, and I can't really see how can it be changes.

Businessmen and politicians don't care about the community and honesty and trust. This whole NSA is nothing more than another method to try to get more money by gaining newer and newer business positions over the world. America doesn't want to allow to be overridden by China...

Every time I realise this I get more and more angry and start fearing about what a rude world we're living in. And I have two children I have to rise, what should I teach them...?

@BBcan17:

@hongkonger:

Also, anyway i can restore my Snort configs again…i lost those as well when i updated to 2.1.3... its pain to reconfigure snort.

In Snort:Global Settings, did you enable "Keep Snort Settings After Deinstall"?

Damn. i guess its time to reconfigure snort.

I am certain you are right and I am wrong, but my brain just refuses to understand that LAN out is out to the LAN. I would have expected WAN out to go to the LAN (the 'vice versa' in the above: the traffic from the internet comes in on the WAN and goes out on the WAN to the LAN).

Maybe another way to think of it? Data arriving from the internet you are happy to call WAN In. Then what label/name will you give packets that are transmitted from the WAN to the internet (acknowledge packets, the Google search string you typed, the email you send, the text that you post here in the forum…). If the stuff coming from the internet is WAN In, then you are kind of forced to call the traffic in the opposite direction "WAN Out".
Once you have that convention, then packets arriving on LAN (=from LAN clients) become LAN In, and packets transmitted to LAN (clients) become LAN Out.
Then you just live with the convention, even if your brain struggles to cope sometimes :)

Proxy settings are on the System->Advanced Misc page.

The OP, might check and make sure HTTPS is working through the proxy.

@hongkonger:

Both of these packages are not for beginners, even with a good tutorial i had lots of problems with dansguardian

Even after 1 year you can still qualify as a beginner. I do, since I removed squid and squidguard as they were doing more bad than good. And most point/click'-'tutorials' don't go beyond how to install the packages. If I may: the GUI is most excellent and fool proof, no need for such a kind of tutorial  ;D

Need a lot more info. IPsec or OpenVPN? Any errors in the logs?

Thanks now I am in the stress, but end of june I will test version 2.2 (or hopefully the final version ;-) )

Because now i have another problem with pfsense, but this is another topic

Greetings

I can't get to it right away, but I'll move things around and make it more visable and hopefully easier to understand.

You are probably thinking about what is now the top of this page: https://www.pfsense.org/about-pfsense/index.html

It is also mentioned a little here: https://www.pfsense.org/getting-started/index.html#overview

Thanks, (new) user feedback is always appreciated.

On FreeBSD the single word command is 'poweroff' (vs 'halt' on Linux). Just making a note for if anybody searches for this.

@OP: Better post some screenshots of relevant configuration.

Otherwise, it seems there is actually no problem with pfSense blocking here, you simply need to tell the executives that they are supposed to work and do their FB chit-chat at home – exactly like everyone else...