You'd be better off setting an IPS policy.

Google the error messages, the TMG one is one I've disabled.

Screenshot 2019-04-02 at 14.29.01.png

@tuyensteven said in Pfsense block microsoft store:

I can not connect microsoft store

Good news : not pfSEnse related.
I just visited https://www.microsoft.com/en-gb/store/b/home?rtc=2 works fine for me - and I'm using pfSense.

@Grimson Thanks for the reply Grimson. I forgot to mention that I had used an ubuntu live boot and ran lspci with no results...so I'm almost positive it's a lower level issue than the bsd kernel. Thanks for the advice though. If I get any additional information from asrock, I'll post it here.

@alpineaudio said in pfSense hardware selection help:

@akuma1x said in pfSense hardware selection help:

firewall black-boxes

and more specific, this one's an i5 https://www.amazon.com/QOTOM-Q355G4-Factory-Firewall-Multi-Function-Appliance/dp/B06XNWLR3J/ref=sr_1_fkmr2_2?keywords=pfsense+firewall+black-boxes+i5&qid=1553882807&s=gateway&sr=8-2-fkmr2

This one is a much better choice!

I'm going to get up on my soap box here... keep in mind, you should try to support the pfsense open source project as much as you can. With the Qotom box you found, you're only about $60 away from the "official" Netgate SG-3100 box. I'm not trying to guilt you into a purchase, and I'm not saying you're going to get a better experience with name-brand or not, but being that close in price, I would send my money to Netgate and the firewall project itself.

Jeff

Just VoIP phones, ideally no on premises equipment.

Based on the zero information you've given, I don't know how you would expect anyone to help other than generalities. It could be a million things, from your NIC to your cable to your router to your cable modem to your ISP to the route to destination etc etc etc etc.

515/5000

Sorry, what does this refer to?

According to that page you linked, the agent can work in two modes. The first uses tcp3377, the second uses standard web ports. Have you tried with the first method? Have you checked any of the logs I mentioned? Have you checked Squid's log?

@svark do you have radvd running on the system? The easiest way to check is from the cli by logging into the console and do a ps.

https://forum.netgate.com/topic/123554/new-latency-every-30-seconds-with-2-4-2-caused-by-radvd-2-17_3

You are the Best!!!!! thank you it worked!!!!!

Go to https://forum.netgate.com/category/67/pfsense-international-support and scroll to the bottom and ignore.

I agree with @Grimson and and @Derelict. It's nice to read positive feedback though :)

@marian78 said in pfSense hardware help for new box (DiY):

Is there any WIFI n/ac module, that it can work with pfSense on that board, ideal for 2,4GHz and another for 5GHz?

I'd advise not to go that route. You won't get any (AFAIK) -ac to run, -n would be the most and even for that, the hardware to choose from is very sparse and picky. You could try some Atheros based cards but considering your time and the money for that, you'd be better of buying some good and configurable AP (I took a unify AP-AC-Pro and had no regrets).

That are values we can work with :) Thank you!

If you want to run gigabit and routing I'd guess the small i5-2400 would already be enough for that. If you want to add a bit of power, you can go with the i5-2500.
The i7-2600 I'd ignore, as all you would gain are a couple of MHz more and hyperthreading that you'd disable anyways as it brings more negative than positive effects to the table. So if you have one of those i5 lying around, have a got at them. I'd suppose a bit newer i3 would work, too.

On the other hand if you're going for future compatibility, perhaps a new board with new RAM and a Denverton SOC (C3558 or the likes) would also bring more then enough bang for the bucks to the table. Systems with DDR3 can/will become expensive as the industry moved on and replacements (RAM etc.).

Greets

The SG-3100 could be okay for your branches, but with 100Mbit/s VPN traffic and IPS/IDS you would have the SG-3100 on very high full load with no reserve.
For your HQ it would definitely be the wrong device, you could never get close to 300Mbit/s VPN traffic.
The XG-7100 should fit your requirements and make you happy. :-) Depending on your budget get two of them and run in HA. ☺
For your branches check out the SG-5100 or if you need rackmount buy the XG-7100 for them, too.

-Rico

Yeah I had the same problem with what used to be my XenServer. Disabling UEFI boot quickly "fixed" it.