Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    1. Home
    2. pfSense® Software
    3. webGUI
    Log in to post
    • Newest to Oldest
    • Oldest to Newest
    • Most Posts
    • Most Votes
    • Most Views
    • V

      CE and Plus software differences
      • ViktorKr

      2
      0
      Votes
      2
      Posts
      210
      Views

      No one has replied

    • mr.rosh

      Custom Logo Option
      • mr.rosh

      17
      0
      Votes
      17
      Posts
      932
      Views

      N

      open source does not mean that you can safely rename it for commercial purposes. . .

    • T

      Raduis and the WebGUI
      • tastleford

      2
      0
      Votes
      2
      Posts
      253
      Views

      T

      @tastleford OK... so, since posting this and getting zero reply... I have found a few other comments in other posts that no matter what your admin users will always be able to log in using the local database. Which does make sense to me. Our insurance company is telling us we have to have ALL admin accounts on all firewalls, switches and servers use MFA - not only externally but INTERNALLY as well.... which, I think is ridiculous! They did tell us however that if what we have is not compatible with MFA that we did not have to replace hardware to make it compatible. And.... there's no way I'm replacing all my firewalls! So that will be what I tell them. that they are not compatible.

    • J

      WebGUI SSL cert for HA cluster
      • Jinat

      15
      0
      Votes
      15
      Posts
      413
      Views

      J

      @johnpoz I recovered the GUI Acces with generating new web configurator cert. Thanks.

      Now, I am having A communications error occurred while attempting to call XMLRPC method merge_installedpackages_section: @ 2021-12-14 08:52:20 and GUI access is not stable it is very often giving 504 gateway timeout error.

    • A

      Web GUI behind NAT
      • avibarilan

      2
      0
      Votes
      2
      Posts
      203
      Views

      V

      @avibarilan said in Web GUI behind NAT:

      i have a pfsense firewall connected to the isp and behind it another firewall that is connected from its wan port to the pfsense lan port.

      To pfSense LAN interface or any other?

      but from a client computer that behind the second firewall i cannot access the pfsense web ui.

      If your inner firewall is connected to pfSense LAN and you use default settings this should work though.
      Otherwise you will have to add a proper firewall rule for allowing it.

    • deemery

      A small suggested change: 'time not reliable'
      • deemery

      1
      0
      Votes
      1
      Posts
      163
      Views

      No one has replied

    • L

      "502 Bad Gateway" - problem with PHP-FPM
      • LeoRapoport

      1
      0
      Votes
      1
      Posts
      166
      Views

      No one has replied

    • J

      Suggestions and improvements for the GUI
      • jc1976

      6
      0
      Votes
      6
      Posts
      283
      Views

      johnpoz

      @jc1976 well I would think this thread is a good start. If it can gain some traction. Then you could put in a feature request on the pfsense redmine for your suggestedd changes/enhancements and reference this thread.

      https://redmine.pfsense.org/

    • L

      Compress or hide firewall rule interface list
      • Lemmons

      1
      0
      Votes
      1
      Posts
      167
      Views

      No one has replied

    • T

      Automating Certificate imports with letencrypt script
      • tylerhoadey

      21
      0
      Votes
      21
      Posts
      12302
      Views

      S

      Hello, I just wanted to add to this topic, since I was looking for the same info, and found another possible solution.

      Instead of trying to edit the config.xml with a regex/sed, it seems simpler to use the approach featured in this github repo. Use a php script and the built in functions for editing the config.

      Check out
      https://github.com/zxsecurity/pfsense-import-certificate

      You will need to install the script on each firewall, and then upload your certs, and then call the script. For centralized letsencrypt managment this seems like it could be a good approach. I have 30 firewalls and I don't really want each one running acme, I would rather run a central letsencrypt, and deploy the certs to each firewall.

    • E

      webGui SSL Cert source existing nfs-share
      • Enyalios

      1
      0
      Votes
      1
      Posts
      188
      Views

      No one has replied

    • tobywhiting10

      Urgent webgui failed to load
      • tobywhiting10

      5
      0
      Votes
      5
      Posts
      292
      Views

      tobywhiting10

      @gertjan that work perfectly thank you.

      It's probably worth mentioning that after doing this PFsence gave me a "missing or expired csrf token" upon logging in. this was rectified by clearing all browser cache then resetting it through pfsense. There are many articles on carf so for future readers check them out.

    • M

      Why Am I getting lots of http get from Android phone?
      • mluna

      2
      0
      Votes
      2
      Posts
      265
      Views

      DaddyGo

      @mluna said in Why Am I getting lots of http get from Android phone?:

      I'd like to know what does this mean, why is the phone sending too many requests to my router?

      Hi,

      I think you are infected with NSO, hahaha.... 😉
      Okay it's just a bad joke

      do a packet capture towards to the phones in question to see more of what might be behind the "get"

    • J

      Windows 11 doesn't like SSl Certs
      • Jarhead

      6
      0
      Votes
      6
      Posts
      492
      Views

      J

      All the errors were the same, not trusted.
      I ended up deleting all the certs and reinstalling all of them by downloading from each pfSense box and now they're fine again.
      Not sure what happened but happy it's fixed!

    • T

      webGUI over HTTPS not working after restoring backup
      • tgoltz

      11
      0
      Votes
      11
      Posts
      1209
      Views

      P

      @gertjan

      Yep - did exactly that and problem was fixed. Thanks!

    • P

      Help! Can't access webGUI
      • pfguy2018

      18
      0
      Votes
      18
      Posts
      407
      Views

      M

      @viragomann Thank you the additional server part was not clear to me. Probably read too quickly over it.
      But thanks for clarification.

    • P

      Any way to view historical notifications in GUI?
      • pfpv

      1
      0
      Votes
      1
      Posts
      159
      Views

      No one has replied

    • T

      how to enable TLS 1.2 & 1.3 in netgate 1100
      • thomasyang

      8
      0
      Votes
      8
      Posts
      391
      Views

      Gertjan

      @thomasyang
      I understand.
      "webGUI" seems fine to me, as your question concerns the web based GUI.

      If your looking for the perfect "security", make it a none issue.
      Like : Make the WebGUI only accessible on the LAN interface.
      Activate LAN type another interface (initially called OPT), and use a firewall rule to forbid any "local" web GUI access.
      Remove all devices from the LAN port.

      This way, the question is resolved, as the question became irrelevant.

      The only web to admin the device is to connect physically a cable into the LAN port : the admin has to have physical access to (into) the device.

      ..... humm : a SG1000 only has two ports, which is rather minimalistic

      Next best : Set up a OpenVPN if you need to connect to the webgui remotely.

    • P

      Font issue suddenly - icons "broken"
      • planetinse

      4
      0
      Votes
      4
      Posts
      232
      Views

      johnpoz

      also what version of pfsense - are you on new dev 2.6 snapshots?

    • M

      SG5100 cant update from 2.5.x to 21x
      • Mosquitor

      11
      1
      Votes
      11
      Posts
      521
      Views

      roncbk

      @steveits Thank you.

    • J

      Squid module is not displayed in the menu
      • jorgefernando

      1
      0
      Votes
      1
      Posts
      129
      Views

      No one has replied

    • O

      Webgui php errors in log
      • Ofloo

      2
      0
      Votes
      2
      Posts
      184
      Views

      Gertjan

      @ofloo

      These messages are shown the number of php session "begin" and "end" are not equal.
      This should normally never happen.

      Maybe a clue here ?

    • K

      504 Gateway Time-out
      • kirrn6100

      3
      0
      Votes
      3
      Posts
      277
      Views

      K

      @johnpoz Thank you! , I'll try

    • C

      [Workaround-ed] Width issue in firewall rules list: could be wider
      • CDuv

      7
      0
      Votes
      7
      Posts
      1586
      Views

      K

      @cduv Tested on 2.5.2 and it still works, though I found 90% to be more aesthetically pleasing.
      Thank you for this, by the way, The limited screen usage for anything but the dashboard was slowly driving me nuts.

      Using percentages for widths should be the default anyway, given the wide range of display resolutions available today. It also allows for a more flexible interface, though admittedly it can cause some headaches to get it right.

    • KpuCko

      Is it wise to disable logging of default block rule?
      • KpuCko

      4
      0
      Votes
      4
      Posts
      233
      Views

      KpuCko

      Clarified. Thanks for the detailed explanation guys.
      Nice evening ☺

    • F

      2.5.2 webGUI and firefox
      • f.meunier

      4
      0
      Votes
      4
      Posts
      278
      Views

      johnpoz

      @f-meunier seems more like a browser caching problem maybe? If you at first had accessed it via the lan IP?

      There should be nothing different be it the browser accesses it via the wan IP or the lan IP.

      That being said - access from the wan/internet to the gui is normally a bad idea.. Unless you can lock it down to specific source IP or network.. Say from your work IP/Network or something.

      Bad idea to expose the gui to the public internet.. If you need/want to access pfsense web gui while your remote - via a vpn connection is far better method.

      I do access some of works pfsense boxes via the wan, locked down to my home IP as the only source. And I have not noticed any issues using firefox. They are not yet on 2.5.2 because of lack of access to facility, and risk in updating when nobody could be on site to correct if something went wrong.. But I do have test 2.5.2 setup here, that I could access via its wan IP vs its lan IP.. If you could give some specific example of what your seeing so I could try and duplicate it. But again - there would be no difference accessing it via the wan or lan IP. If wan rules allowed the access.

    • P

      Disable WAN interface Web UI
      • praveen02

      4
      0
      Votes
      4
      Posts
      304
      Views

      V

      @johnpoz
      Yeah, that's an option of course. I was thinking of this and reread the part "from WAN public IP" twice and toke it as "from WAN interface".

      Also not sure if he added a rule for allowing TCP 443 to WAN to forward it to a server behind. In this case it would be a good advice to change the web configurators port to any other.

    • S

      2.5.2-RELEASE RRD-Summery
      • swips

      15
      0
      Votes
      15
      Posts
      520
      Views

      S

      @johnpoz its on live with squid running.

    • P

      SG-5100 Access via ethernet on a RDP connection over wifi
      • PSSG

      1
      0
      Votes
      1
      Posts
      160
      Views

      No one has replied

    • pandafy

      WebGUI login error
      • pandafy

      1
      0
      Votes
      1
      Posts
      217
      Views

      No one has replied

    • A

      SG1100 - Can´t login webGUI sometimes after 21.05.1 upgrade.
      • Adrianoebm

      3
      0
      Votes
      3
      Posts
      738
      Views

      S

      @adrianoebm said in SG1100 - Can´t login webGUI sometimes after 21.05.1 upgrade.:

      CPU is always at 100% too in the web GUI

      Did you follow the suggestions in your thread about that?

    • N

      cannot disable startup/shutdown notifiction
      • nopfsense

      1
      0
      Votes
      1
      Posts
      199
      Views

      No one has replied

    • E

      MFA WebGUI access using Cisco ISE and DUO auth
      • ejerviss

      1
      0
      Votes
      1
      Posts
      245
      Views

      No one has replied

    • K

      Suggested improvement for the OpenVPN display on the dashboard
      • Knausepeter

      1
      0
      Votes
      1
      Posts
      200
      Views

      No one has replied

    • S

      Jquery vulnerabilities pre 3.5.1
      • siteunfold

      1
      0
      Votes
      1
      Posts
      298
      Views

      No one has replied

    • I

      PF Notifications
      • Ilya.V

      3
      0
      Votes
      3
      Posts
      298
      Views

      I

      @steveits Thank you!

    • M

      The dashboard does not show the cpu clock speed in system information
      • mikekoke

      1
      0
      Votes
      1
      Posts
      213
      Views

      No one has replied

    • H

      Firewall log filter display
      • hulleyrob

      1
      0
      Votes
      1
      Posts
      226
      Views

      No one has replied

    • S

      [solved] IPSec Widget not showing correct number of tunnels
      solved • • SophiaMarchildon

      2
      0
      Votes
      2
      Posts
      368
      Views

      jimp

      It's a known issue and fixed on 2.6.0/21.09 snapshots

    • C

      Autoconfigbackup restore page doesn't refresh
      • chandrayandeepak

      3
      0
      Votes
      3
      Posts
      332
      Views

      C

      Hello Steve,
      Thanks, it’s working now. Seems, missed several backups in between! that’s fine to us as it resumed to normal.