I think that video doesn't show what you try to achieve. The goal in the video is to deploy a trusted environment in an AD domain by installing the root CA's cert on the DC and rolling out a policy to trust it.

To get a webserver work with HTTPS you need a pair of a private key and a public certificate.
Most webservers provide a generator for a self signed cert, which is easier to install than that.
But if you want, you may also install a cert generated by a CA on pfSense. However, you have also export the private key of the cert, either as separate file or as a p12 bundle, and install both on your webserver. How to do this, depends on the webserver type.

"IPv4 Address
196.219.129.21
Subnet mask IPv4
255.255.255.255
Gateway IPv4
10.45.10.37"

That is Just Borked!!!  So they gave you a static IP of public with a /32 mask and a gateway that is rfc1918 (10.x.x.x) ??

What sort of shit ISP is this??

is this your static you set??

41.39.34.86
Subnet mask IPv4
255.255.255.0
Gateway IPv4
41.39.34.1

They gave you a /24?? So your saying you can not ping 41.39.34.1?

Screenshots would be easier to read!

I would suggest you pull down your config you posted it has your pppoe password and user name in the clear.

Wow is this F'd UP!!!

traceroute to 41.39.34.1 (41.39.34.1), 30 hops max, 60 byte packets
1  192.168.9.253  2.327 ms  2.262 ms  2.215 ms
2  96.120.24.113  19.491 ms  18.426 ms  19.460 ms
3  162.151.90.117  19.435 ms  19.407 ms  19.396 ms
4  68.86.188.93  23.062 ms  21.120 ms  21.135 ms
5  68.86.91.165  23.019 ms * *
6  68.86.82.158  20.925 ms  17.297 ms  21.901 ms
7  199.229.229.249  26.168 ms  12.128 ms  20.069 ms
8  141.136.105.222  133.184 ms  133.131 ms  132.191 ms
9  46.33.84.102  156.814 ms 46.33.85.198  156.209 ms  154.668 ms
10 10.36.18.162  164.761 ms  165.683 ms  163.506 ms

Just F'ing wow!!!

traceroute to 196.219.129.21 (196.219.129.21), 30 hops max, 60 byte packets
1  192.168.9.253  1.188 ms  1.582 ms  1.850 ms
2  96.120.24.113  11.927 ms  17.753 ms  16.818 ms
3  162.151.90.117  17.714 ms  17.677 ms  17.652 ms
4  68.86.188.93  20.070 ms  20.040 ms  20.880 ms
5  68.86.91.165  19.968 ms *  19.905 ms
6  68.86.82.158  19.833 ms  18.904 ms  18.579 ms
7  199.229.229.249  17.112 ms  12.972 ms  13.492 ms
8  141.136.105.222  138.849 ms  138.461 ms  136.909 ms
9  46.33.84.102  164.928 ms  165.035 ms 46.33.85.198  154.796 ms
10  10.36.18.162  166.384 ms  166.052 ms  164.960 ms
11  * * *
12  * 10.36.18.114 166.756 ms *

You might want to contact your ISP that is just BORKED beyond belief!! 10.x.x.x is rfc1918 space!!

I tried with the suggested webgui ip address but no luck.

Hosts Allow
192.168.10.0/24 10.0.7.0/24 192.168.0.0/24
Space delimited set of IP or CIDR notation that permitted to access the WebGUI. (empty is the same network of LAN interface)

Network, LAN Managment
IP Address  192.168.0.250/24
Gateway    192.168.0.1

I was able to solve by problem using the information provided here:: https://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks

Thanks!

@jimp:

Sounds like you have cameras that require using a specific port to operate and don't like being remapped.

Use a VPN instead. Aside from being more secure than opening DVRs up to the Internet, there is no NAT so it will probably work without any other adjustments.

Never open any cameras to the Internet like that. It's just asking for trouble.

Ok, I will try to do that. I was thinking about that but I never did anything with VPNs before(aside of HOLA, like everyone)

Also, today we tried to uncheck https on the one that did have and suddenly it showed the cameras that I wanted to see but instantly started showing those cameras in the other DVR as well.

If I remember correctly, the 192.168.100.1 on SB Modem is used when the device is in bridge mode, and has both status info and a login for management ?

I manage a lot of Watchguard firewalls using VOIP and they run into similar issues with UDP time outs. We simply just increase the default UDP time outs.

I'm sure it can be done in PFSense. I run a PFSense box at home but never needed to change that.

I did found this thread with someone having VOIP issues. I'm sure you can find your answer here on how to increase the time outs.

https://forum.pfsense.org/index.php?topic=4364.0

If they are both local, why do you need NAT? Just craft proper firewall rules and they can route directly.

Otherwise you'll either have to setup multiple VIPs on pfSense so you can do 1:1 NAT -or- you'll need to map each monitored device to a different SNMP port. That may only work if your monitoring system lets you specify the SNMP port for a monitored host.

I believe i resolved the issue:

Navigate to Firewall > NAT on the Outbound tab
Select Hybrid Outbound NAT rule generation.
(Automatic Outbound NAT + rules below)
Click Save
Copied the rule at the bottom of the page labeled "Auto created rule for LAN".
Edited the rule so it only covers the source IP of the device that needs static port, example 192.168.1.2 /32
Check Static Port box on that page
Click Save
Move the rule to the top of the list
Click Apply Changes
Rebooted ps4

Done

@mishad:

Vodafone fibre broadband in UK. Apparently their policy is to not give out the PPPoE credentials (despite there being nothing in their T&Cs saying that only their provided equipment can be used) - though a few customers do seem to have managed it (probably via the magical powers of the"retention" team).

Very unfortunate. I know in the UK you have lots of broadband options assuming you have access to BT or TalkTalk backhaul.

I can imagine load balancing with VoIP would be unsatisfactory.

I would create a failover gateway group and policy route the VoIP traffic to that instead of the load balance group. Both can coexist and you can have different outbound connections use different gateway groups.

I solved this. For anybody coming across this issue:

I had to add two LAN Firewall Rules. See the rules in the screenshot attached.  Note that I had to select the non-default gateway that corresponded to the interface that I was trying to force the traffic out on. I have no idea where I would have found this in the documentation or even if I'm actually doing this correctly, but it seems to work for me.

Capture.JPG
Capture.JPG_thumb

You need a static route for the inner network pointing to pfSese on your workstation.
If you use a DHCP you may set the DHCP server to push the route to all clients.

It was pinging. The problem is solved. I had to set the DNS resolver to all the interfaces.

Thank u marjohn56, I made mistake WAN address previously, now it is working thank you very much

Unlikely, and there is probably a better way to implement what you're after that doesn't require using port 80, such as using HAProxy and ACLs to determine how to route the requests.