@keyser pfsense is upstream and has no switch ports..

pfsense -- sg300-28 --- sg300-10 -- nvr

The sg300-10 port connected to the poe port on the back of the nvr to put a leg into that L2 was the one going up down.. The actual nvr lan port was fine. But there was no possible way for there to be any sort of loop that is for sure. The sg300-10 was the one logging the up/down.

Yeah the poe didn't dawn on me for a bit.. And I tried turning off auto neg, turning off green ethernet, etc. etc.. tried all kinds of settings.

Is it poe related - no I am not 100% sure on that.. But I know if your going to connect another switch to poe port of an upstream switch, if possible should make sure poe is disabled on that port, etc. But with the nvr there is no way to do anything like that..

What I can say is no longer seeing any packet loss at all - which before there was some, that would go together with a up/down of the port even if very short 2 seconds, etc.. And there are no log entries for up down on that port connected to the nvr poe port with the little mini between the sg300-10 and the NVR poe port.. And the mini is being powered by the poe coming off the nvr port.

edit: so before I was seeing some minor packet loss

Packets: Sent = 386, Received = 383, Lost = 3 (0% loss)

Now after I put the mini between I don't see any

Packets: Sent = 1524, Received = 1524, Lost = 0 (0% loss)

@Gertjan said in No PayPal at Checkout:

@NollipfSense

As a company that sells devices or services on the Internet, paypal is just a choice.
Like accepting a credit card.
Be ware that the selling party looses a percentage, and it isn't just "1 %".
Furthermore, when a product is sold, the buyer can go to paypal.com and 'contest' Example : because he wanted a router that could handle 1000+ LAN devices, and he discovered that the "1100" can't handle it. Accepting paypal means you have to hire some one to handle paypal transactions.
Money you receive, as a seller, from a paypal transaction, doesn't go to your bank account,, it goes to your paypal account. You want the money on your bank ? Ok, you have to pay for that as well.
Etc.

But anyway as a BIG company (#1 in SOHO firewalls solutions, honorable, etc, etc see the ADs), Netgate MUST ACCEPT THE MOST USABLE PAYMENT METHODS that work with fiats money like PayPal, Moneybookers, etc…
BUT NOT THE CRYPTO

Be aware : I love paypal, as a consumer. I never used them as a seller, and I'm telling this 'as heard' (and reading their usage conditions).

As a BIG HiTech company - this PayPal fees (and all for its support and processing) must be YOUR EXPENDITURES. No doubts.

P.S.
From my business experience, 2 full-time stuff’s persons with ZenDesk able to processing with a stable quality about 200-300 transactions: this mean all aspects from just monitoring to resolving issues by mailing, phone calling, money return, etc…
I hope, Netgate company have sufficient funds on 2 full-time persons, even hiring them from rich places like NYDC, California, or Switzerland:)

@stephenw10 said in Anker Solix 800 Plus as UPS:

UPS but the switch over time is not great

It works great in UPS mode and switch over is very quick

Did the Anker run as continuously from battery in UPS mode?

in UPS mode, all conected devices uses the mains power (bypasses anker) . The battery kicks in (in UPS mode) when power is cut off seamlessly (I did test this by disconnecting the power and my modem and netgate 2100 worked fine)

Anker switch over is documented by 20 seconds and it works very good. I was dissappointed to return the unit because of some other fault - The app started flooding messages as low temp while my basement is constant 66 degrees F. Maybe I will wait for couple of years before buying another one.
I would welcome anybody else who have tried such a thing and please mention the make and model numbers you have.

FYI, I have solix anker 800 (not the plus) as my garage door opener UPS and so far (2 weeks) it is working good.

@JonathanLee

uptime between 200 and 250 days, depending on the Netgate release cycle ;)
Accident free over more than 14 years, well ok two fails, both hardware...

Better late than never.........

I had a similar issue and noticed that you didn't have a number '1' after -c (presuming that you only wanted it to ping once): -c 1

Maybe that would work.

Cheers.

@Wylbur said in Q: Hardware to run PfSense....:

So far I have watchdog behaving when Snort stops and restarts itself.

Very, very bad idea to configure Service Watchdog to monitor either of the two IDS/IPS packages available for pfSense. I'm the volunteer package maintainer (meaning the developer) for both packages, so I speak with definitive knowledge 🙂.

Service Watchdog does not know how to correctly monitor the IDS/IPS packages, especially on multiple interfaces. It will sometimes needlessly issue a restart command when the IDS/IPS package is in the middle of automatically restarting itself. That will lead to multiple instances running on the same interface. I've coined those as "zombie" instances as they will continue to alert and block, but will not respond at all to any configuration changes made in the GUI. The only way to regain control is to manually kill the zombie instances.

TLDR: do not use Service Watchdog to monitor the IDS/IPS packages.

@w0w

It’s definitely not MY personal requirements, this affect EACH pfSense user. More (in case office/small/middle company in US/Europe ) or less (web surfer from Tanzania, techno-geek at home network or DevOps at home).

But making decision based on wrong testing strategy and wrong instruments -> wrong way and certainly wasting time and effort.
Agree?

Before in this thread You wrote:

——
RACK and BBR will mostly have an effect running on endpoints, like streaming servers or tunnel endpoints. Since pfSense is a firewall there are not so many situations when BBR or RACK will give any benefit,
——
TCP congestion control is managed by endpoints (sever and/or client e.g. web browser and web server), so anything not placed on the firewall is not using cognestion control, like newreno or any other.
Endpoint means that firewall iself is an endpoint, then congestion control is applied, otherwise all other traffic is just passed to upstream/downstream interface.
——-

I friendly pointing You that this is not correct and by saying “TCP congestion control is managed by endpoints” You show that You not deeply understanding how exactly QUIC (and so-called HTTP/3) working and how overall CC strategy, BSD/NIX TCP stack parameters, NICs parameters, ISPs switches on aggregate levels, ISPs routers (with sophisticated routing policies, shapers and limiters) on core level routers impact on packets flow back and forth between external users and Your application’s server.

And now You make that decision based on … ordinary SpeedTest ? Really wrong way to comparing CCs!

P.S.
Do You know that small (but important) example: Your server’s ~72Mb/s with 1ms ping -> after 1% PL (packet loss) on a user’s “last mile” BECOME ~54Mb/s with 4ms ping ~> after +100ms RTT added by “fat magistral” BECOME 5,7Mb/s with 104ms ping.

Only 1% of PL and +100 RTT make Your “magic server’s 72Mb/s” to “5,7Mb/s” !

Imagine, what happened with 2-3% PL and 80-120 RTT ?

This all about YOU NEED MAKE PROFESSIONAL-GRADE MEASUREMENTS WITH RIGHT TOOLS !

Already on .internal.

The 8200 has 4 SIM slots. It can hold two cellular modems and have each use dual SIMs. 😉

The only modems I know work are the older Sierra devices: EM7305/7355/7455. Those are easily available used but many (most even) are rebranded OEM that may require a firmware reflash or at least re-configuring in a Windows device.
The Huawei ME906s-158 will also work and that works with the cellular package to give you additional data. I use that here in a 6100. That's the euro spec version.

Steve

Good to know that the old installers are still available, at least for now. This new policy however still raises some concerns.
In our network we can't easily attach device to it. It has to register with the radius server and it has to use a proxy. Which is why we typically setup and configure a new firewall before we install it in our network.

I'm curious to see how pfSense will evolve from this.

TAC Lite is for the life of the device. You can always contact support support for help reinstalling etc.

The support widget was created before that and the backend code (currently) assumes 1 year from purchase as the base support level. That should get updated soon but it's only cosmetic, if confusing!

Steve