Common knowledge applies for pfSense !

So, go to /usr/local/www/css/ and copy the standard style sheet 'pfSense.css' to your own :

[22.05-RELEASE][root@pfSense.did-I-mess-up-again.net]/usr/local/www/css: cp pfSense.css MyOwnStyle.css

And now you'll see :

837dbcb3-ff12-4970-88a8-727f7a5b1586-image.png

Open MyOwnStyle.css and another one, like pfSense-dark-BETA.css as an example, and now you can control whatever you want.

If something goes horribly wrong : undo your edits.
Still wrong ? Select the "pfSense" theme in the GUI and problem solved.

@jonofmac said in WebGUI redirects to wrong domain:

but chrome doesn't use it

Pfsense isn't a webserver - it has a gui served up by nginx sure, with really no access to those settings other then redirect 80 to https port, etc.

But you could most likely just setup haproxy to what you want.. You can do redirection there..

You might be able to directly edit the files on pfsense to put in a redirect to whatever fqdn you want, etc.

But it takes what .03 seconds to type in pfsense.home.domain.com ;) Not using fqdn is a bad habit - you should break yourself of.. Webservers shouldn't answer to just hostnames either..

So pfsense.home.domain.com resolves to a public IP.. Why are you worried about redacting some rfc1918 address. My lan IP of pfsense is 192.168.9.253 - what would you do with that info??

@johnpoz Thanks for the reply. I had tried Edge and Brave to get into the system. Out of curiosity, I switched Edge to Internet Explorer mode, and it worked. Checking setting on my browsers now.

@cool_corona I really do appreciate your input and ideas but I've only provided part of the information and the business case as I didn't feel in warranted explaining. In summary with 150 desktop/laptops in the estate and the impact of Teams A/V on our centralised infrastructure it was much more cost effective to move our hosting requirements online rather than hosting internally as we had been doing. We were at a point where the server estate needed major investment which wasn't a viable or sustainable option. So going back to a Terminal Server/VDI solution is off the cards just so we can manage the network.

Irrespective of my particular circumstances, the key 'positive' thing here is that netgate/pfSense has now matured to such an extent that much larger deployments use cases are being considered. To break into the next market, they need to consider the ease on managing an 'estate' rather than an 'individual' devices. I don't mean that to be a slur on netgate/pfSense in any way. Many companies out there have great products but get to a point where chasing the 'next new thing' out weighs the more mundane tasks on optimising the less glamorous management functions larger/complex organisations require.

@willemb
Just what is says. Someone is trying to access non-existent pages on the web server. I would suggest you not leave your web gui open to the Internet.

@rcoleman-netgate Done, thanks

@alex-the-firewall

Nearly all 'webgui is slow' issues are really 'I have DNS issues'. Checking out the many 'webgui is slow' forum threads normally end with ..... nothing, as the author silently undid his previous DNS settings and doesn't erport back here, or are explained in the forum and then DNS is corrected.

After all, DNS needs to work for not only the pfSense WegGUI, but pretty everything on your local networks.
I mean, when pfSense default DNS settings get altered, its very possible that overall DNS functionality gets impacted.

Btw : most host names shown by the GUI are only known to the local DNS == the resolver or the forwarder. Resolving them doesn't produce any time taking requests to public resolvers. These public resolvers can't even resolve host names that are only known to your local network - they will try, searching through their billion records database, and give up by sending back a "we don't have what you are asking - unknown on the Internet", also known as a NXDOMAIN answer.

I advise you to do everything that is possible to reduce the number of restarts of the resolver (or forwarder). It will build a cache with previously resolved host names

Then you activate :

672ff694-acfd-4a92-99c9-755e9c5e7a6c-image.png

and after a while you enter 'DNS warp speed'.

These are some of my unbound/resolver stats.
Note that unbound can get restarted by, for example, pfBlockerng-devel (other events might also restart unbound/dnsmasq). The cache will get dumped just before the stop, to get read back in while it's starting.

Last but not least : the core functionality of pfSense, routing and firewalling, is build into the kernel. pfSense is more then that, and adds a lot of other options, functionalities and even gadgets. Most of these are implemented using some web server scripting like PHP, perl, python etc. So, all these take processor == webserver (nginx) time.
Depending the type of processor, and Intel Mega Lax Core isn't equal to some low power ARM processor.

Why did you add the waterfall download example of a zillion js files ? That's not DNS related.
That's just downloading those stupid js files that declare themselves most often as 'non cache-able' by your web bowser, to visiting these sites using these bootstrap js file will always be slow == depending your uplink/downlink.

We do try to keep things phrased positively for new options so that checked=enabled=on and things might be set by default if they default to on.

For existing options it's tough to reword things and also change any logic that touches the option to ensure it works the other way with an appropriate default behavior. There is a lot of room for error there in some cases which makes it tough to make a case for changing code and introducing bugs to correct the wording, even if it ends up more logical. And aside from that, having to accommodate both forms in the docs during the transition is very confusing for existing users.

The docs would be full of things like "Prior to x.x.x this would not do foo when checked, after x.x.x the default is to do foo when checked".

Not saying it wouldn't ever happen for older options just that it takes a lot more work and care than one might think, and would likely need to be done slowly over time and not all at once.

@aaronssh For what it's worth, this fixed it for me:

pfSense General Setup page was configured to use NextDNS I changed it to use my local AD Domain Controllers instead. Suddenly DHCP Leases loads instantly.

@mcdiesel said in Colors for interfaces:

New pfSense 2.3 gui style is nice, easy to use, well done.

Colors on interfaces would be useful.

eg Red, Green, Blue.  Colour wouldn't actually do anything, it's just a 'tag'.

Two tones for each colour - the dark color when used for text / primary / icon, and the light shade for background bands.

Abstracting further, colour is just a word, and words are tags, and tags can be represented already with aliases.

So if the existing alias feature can have a color attribute, that colour in it's two tones could be used where the alias is involved.

I think the light background colour would be the most often used - rules lines, log lines, dhcp lease lines would all be subtly banded with the interface colour, which improve understanding, without making the interface any busier by adding elements.

Taking it one step further, if an alias could have an icon attribute, we could have subtle pictures of desktops, printers, switches on the various lists.

Many humans think in colours & pictograms, so I think this would make pfSense more intuitive, and faster to use, while maintaining it's great look and feel.

Appologies if this suggestion is duplicated elsewhere, or belongs in another part of forum/tracker/suggestion box.

Good time of the day. I can't help but agree that colors on interfaces would be helpful. Only Vod would suggest using not red, green and blue (it's just banal), but pastel colors - Pink, Rose Gold, Plum from the palette https://create.vista.com/colors/color-names/rose-quartz/. As for me, this is a good idea :)

Has someone came up with a solution of this severe problem?

@mystique_ one can also restore parts of a configuration, if you’re duplicating.

@gertjan this worked perfectly, thanks

Upgraded earlier to Beta release 22.05.b.20220531.0600 and now to RC release 22.05.r.20220604.1403.
Problem still persists on both versions.

EDIT:
Seems that the problem appears if you have 2 (or more) System Information widgets with different contents on the Dashboard.

EDIT 2:
Looks like it's specifically caused by the "CPU Type", "Uptime" and "Current Date/Time" fields, as log as all of them are visible in all System Information widgets, everything is ok. If one or all of those fields are hidden in one of the System Information widget, then they start to act up.

So, after a few days I (in desperation!) reached out to the great people at Protectli who sold me the router hardware in the first place. Their support was awesome. Thanks protectli!

Someone there set up a working example and then exported the xml description (diagnostics > backup & restore) so that I had something to compare against, line-by-line. After an hour or so combing through mine and theirs, I discovered I had wrongly configured a static route early in my experimenting with pfsense, which was disrupting access on the WAN interface to the gui. Once removed (and after a reboot) access via WAN was restored. "Problem" resolved.

Many thanks @Bob-Dig and @johnpoz for helping me through the initial stages patiently; much appreciated.

@larrym04 To avoid all of this, IMO the best (and most secure) option is to download the Acme package and get yourself a free LetsEncrypt cert so you can have that tasty green padlock. It's not too difficult, and you won't need to keep hitting that Advanced button.