Edit your gateway settings: System/Routing/Gateways

I could probably filter out a list of known offenders to see what is new with a simple script.  Thanks.

You should not upgrade to 2.4.
I tried and completely disappointed

Sorry, have to disagree completely.
My experience migrating 20+ installations at various revisions from 2.2.5 up to 2.3.5 has been very positive.

The only (minor) headache I ran into was a system that wouldn't auto-update from 2.3.0.
It seemed to be locked down to a development stream and wouldn't let me change it.
Simplest fix was to take a backup of the config.xml, reinstall from scratch and restore the backup.

Full repair was perhaps 20min.

Other than that it's been quite painless for me.

Whatever you do, make sure you have a backup of your current setup.

Just my $.02

@johnpoz:

1.1.1.1 is typical ip used in cisco for the captive portal..

So states from such an IP would point to that as your problem.. Its really bad practice to leave it using that IP if you ask me.. That is reserved IP range and shouldn't really be used in such a setup.  1.1.1.1 was handed off to apnic long time ago.. They could hand that out whenever even though currently they listed it as testing network..

Its better to change that to a rfc1918 address that you do not use in your network or even a rfc3330 special use IPv4..

But if your seeing odd traffic from 1.1.1.1 it would point cisco or maybe other wireless controller doing something funky..

Thanks so much !

It was actually in a chapter in the book had I bothered to look a little further. Thank you so much for your assistance. Have to laugh at myself sometimes.

I think we need some actual numbers of how many states you have, how many new ones are being created, and what your throughput is.

You reinstall the old version and restore the configuration backup you took before you upgraded.

i was not happy the RC candidate crashed my sg 2220… but now that i have learned the process to console and reinstall the OS i am happy.  i did learn several tricks on the way to improve my network from all the research i did!

it breaks enterprise folder redirection too soo…......

We don't have specific budget for this, we wish to use desktop with core i3 processor/4GBRAM/500GB Hard disk.
Is enough for all, but pending on the configuration of pfBlockerNG & DNSBL & TDL you may need more
RAM inside.

Branch A=50, Branch B=20, Branch C=20

Could be also a SG-4860

Traffic: Mailing, surfing. Internet Speed is 50Mbps (Up/Down).

Could be also a APU2C4

My thanks to all of you for this avalanche of useful replies. Yes, my intent was as restated by johnpoz. I understand the image file needs to be in the forum and the reason for that. Also, it must not be too heavy but readable: 1000px width seems to be an acceptable compromise. For more than one images, I will use reference numbers inserted in the text at the appropriate position as suggested. Thanks.

Resistance is futile.

Thanx for doing this  :)

But it would be so much more usefull if presented in a PDF document

/Bingo

What ports are you using for TCP, UDP and TLS? in the software  Forward those!

https://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense

@BlueKobold:

You will be able to create groups and each of them is able to get a different lease time as credential!
So you are abele to create;

group 1 = 1 hour group 2 = 2 hours ect…...

Hi BlueKobold Thanks for the reply.

im talking about ramdom users, they dont have to login or to have any credentials on pfsense.
example: someone will connect to my open wifi, and have 1 hour or internet

Hi, I am new to pfSense experience. My friend told me about pfsense but I have no idea what it is and how it operates?

It is an OpenSource x86 firewall distribution based on FreeBSD as the underlying OS.

Is it a paid service? or a platform?

He is telling you about his firewall, and nothing more?

He said something about securing the network. How pfsense can help me in that?

A router does usually only SPI/NAT and a firewall is working with firewall rules for allow and deny
or plain passing through the entire network traffic. Or in short a router is routing between one and another or
more networks and a firewall is separating one from another or more networks. As today this border will be for
sure becoming blurred more and more.

There are 2 different things here.. There is the UI that is built into the host of esxi (free)  And then there is the web client on the vserver.  I think the issue in the kb article is only on the vserver web interface.

I updated the embedded because there was a nasty bug on the UI where items were not populating, and you would have to log out and back in.. The 1.23.0 update fixed that.. There is a whole long thread on the fling site.