@jflsakfja: How many companies have spent millions so far on solutions that stop working when the next OS version comes out? Either that or they get stuck on outdated and unpatched systems, which lead to their compromise. How many of those companies would be in the same position if they used open source software as a foundation of their systems? Let's take ACME bank for example. ACME bank needs to make sure that their systems are secure, since they are after all a bank. They hire a programmer to write their custom bank software, and when he is finished, they hire someone to audit it. 5 years down the line, when the original software author gets run over by a black van with tinted windows, the bank is left at the mercy of the people doing the audit. Rewind back the clock now. ACME bank searches for an open source software that does the job they need. Let's assume for now that they do find such a project. They get in touch with the developers to add a couple of things they need, the developers make the changes, and the software is rushed into production. The bank then audits the software through third parties and finds a bug. The developers fix that bug in a timely manner. 5 years down the line ABC bank comes into play. They search for an open source project, and they find the one that ACME bank uses. They also get interested and start using the software. 5 years down the line they in turn discover a bug that ACME's auditors missed all those years. End result? Both banks benefit, since the bugs are fixed in the common code by its developers. Instead of investing millions, they invested a couple thousand into their software (excluding audits, since that's mandatory) which in turn fed the developers and supported the software's community. Good example, thanks for it. Unfortunately this can only happen in a dream world. Here's the reason why: Bank ACME and bank ABC are competitors on their market. It's against their interest to show the ways/workflows they use to make business. That's why they rather pay trillions more money to keep the source closed and their own property. They will never agree to share internal workflows and business secrets with each other… and computer software is more and more the base for business workflows everywhere. They will also never agree to share these things to public because then newer and newer competitors could come and decrease profits. It's all about money and time, unfortunately. How fast can Cisco firewall be deployed within a big company? How many people can stand behind it? Are there any guarantees? Oh sure, many contracts can be signed and promises and lies, nobody cares really. Can't be the same with pfSense... this is the reality nowdays, and I can't really see how can it be changes. Businessmen and politicians don't care about the community and honesty and trust. This whole NSA is nothing more than another method to try to get more money by gaining newer and newer business positions over the world. America doesn't want to allow to be overridden by China... Every time I realise this I get more and more angry and start fearing about what a rude world we're living in. And I have two children I have to rise, what should I teach them...?

@BBcan17: @hongkonger: Also, anyway i can restore my Snort configs again…i lost those as well when i updated to 2.1.3... its pain to reconfigure snort. In Snort:Global Settings, did you enable "Keep Snort Settings After Deinstall"? Damn. i guess its time to reconfigure snort.

I am certain you are right and I am wrong, but my brain just refuses to understand that LAN out is out to the LAN. I would have expected WAN out to go to the LAN (the 'vice versa' in the above: the traffic from the internet comes in on the WAN and goes out on the WAN to the LAN). Maybe another way to think of it? Data arriving from the internet you are happy to call WAN In. Then what label/name will you give packets that are transmitted from the WAN to the internet (acknowledge packets, the Google search string you typed, the email you send, the text that you post here in the forum…). If the stuff coming from the internet is WAN In, then you are kind of forced to call the traffic in the opposite direction "WAN Out". Once you have that convention, then packets arriving on LAN (=from LAN clients) become LAN In, and packets transmitted to LAN (clients) become LAN Out. Then you just live with the convention, even if your brain struggles to cope sometimes :)

Proxy settings are on the System->Advanced Misc page. The OP, might check and make sure HTTPS is working through the proxy.

@hongkonger: Both of these packages are not for beginners, even with a good tutorial i had lots of problems with dansguardian Even after 1 year you can still qualify as a beginner. I do, since I removed squid and squidguard as they were doing more bad than good. And most point/click'-'tutorials' don't go beyond how to install the packages. If I may: the GUI is most excellent and fool proof, no need for such a kind of tutorial  ;D

Need a lot more info. IPsec or OpenVPN? Any errors in the logs?

Thanks now I am in the stress, but end of june I will test version 2.2 (or hopefully the final version ;-) ) Because now i have another problem with pfsense, but this is another topic Greetings

I can't get to it right away, but I'll move things around and make it more visable and hopefully easier to understand. You are probably thinking about what is now the top of this page: https://www.pfsense.org/about-pfsense/index.html It is also mentioned a little here: https://www.pfsense.org/getting-started/index.html#overview Thanks, (new) user feedback is always appreciated.

On FreeBSD the single word command is 'poweroff' (vs 'halt' on Linux). Just making a note for if anybody searches for this.

@OP: Better post some screenshots of relevant configuration. Otherwise, it seems there is actually no problem with pfSense blocking here, you simply need to tell the executives that they are supposed to work and do their FB chit-chat at home – exactly like everyone else... [image: 24d25gh.jpg]

Bump again. I offer my Help to do Security scans of new releases, anyone intrested?

@drew134: I spent years looking for a router setup that would do exactly what I want and their work resolved every single one of my problems.  Keep up the great work and know that we all appreciate everything you do for the community!  :D Couldn't agree more!!!

192.82.x.x is a real public IP address, why have you used it? Your client computer is probably, correctly, trying to access it via the internet. Steve

The "Getting Started" (a.k.a overview) section was more popular so we decided to start highlighting it. You can access the forum directly from the homepage by clicking the grey icon on the right of the blog entry.

Read this: https://forum.pfsense.org/index.php/topic,69860.msg383922.html#msg383922 and https://forum.pfsense.org/index.php?topic=72648.0

So which one you use? You really just confused things instead of clarifying.

I am sorry my bad, the guide works and i finally got it working. seems i was missing the 3 check marks in the authentication container.

here is my network map [image: map.jpg] [image: map.jpg_thumb]