OK, I think I have worked it out, its Bitdefender complaining that the HTTPS is invalid when it first connects as there is no cert so Bitdefender goes into defense mode, says the certificate is invalid and asks if you want to create an exception and continue. If you agree to the exception, it goes to the login page and when looking at the logs you can see the error messages. If I then logout, log straight back in again, because the exception is in place, pfSense does not generate the login error.

I finally figured it out after a day and a half of troubleshooting. I was able to get all interfaces except LAN and WAN configured with the names I wanted, then I did change by change and tested. First I enabled IPv6 on LAN with an IP ::1. I saved this, but did not apply the changes. I next when to the DHCPv6 settings into the RA screen and changed routing to disabled. I saved that screen and returned to the LAN interface. I removed ::1 from the IPv6 IP and changed IPv6 to disabled, then saved and applied. This allowed me to change the LAN description to what I wanted. After applying the new name, I tested and the interface was still up and I was able to access the internet. To change the WAN, I changed and applied the new WAN name. This killed my access to the internet. I was getting a "Destination host unreachable" message trying to ping any internet IP. I then figured out to change the default route from Auto to the specific new WAN interface name. I figured this out because I was able to ping my WAN IP and the WAN gateway, but nothing else from the pfsense box. Once the WAN route was changed from Auto to the new WAN name, I was able to get out. It is an extremely simple fix, but it took a while to figure out what combination would work. Hopefully this helps someone else that may be looking. The LAN trick was taken from a reddit that I found. It took a little while to figure out the WAN default route issue. When I was ssh'd into pfsense, trying to ping an internet address gave a "no route to host" message, which led to the solution. Hope this may help someone else in the same boat. I'm not sure why the Auto feature wouldn't pull up the WAN, other than it possible does the auto detection just based on an interface with the name "WAN".

@viragomann That would make more sense than trying to manual edit nginx rules make it work. It would be nice if they added the ability to bind the webui to specific interfaces in the future but I imagine that this is a pretty niche use case. I'll give your suggestion a shot and see what happens.

@dominikhoffmann Looks like the login from my Snom VOIP phone:- [image: 1669218624272-screenshot-2022-11-23-at-15.49.51.png]

@steveits Thanks. Yes, I did set up an alias for the 2 IPs that I want to have remote admin access and only those source addresses are allowed in the policy.

@cylosoft I agree, the systemlogs is a great potential area for a new package for pfSense. Obviously having some real log analytics and trend history with filtering capabilities straight out of the Firewall would be nice, but I understand that larger installs would not need that - hence an add-on package that you could elect to use - in case a graylog/splunk whatever install is not an option to you. If only I was a developer and knew how to code…..:-)

@luckman212 said in Live refresh for dashboard Services Status widget: snapshot and try to update this to merge cleanly. Thanks Cool then we get "live widget updates", thank you both also.

@lanna Why posting an actual photo?

@petri said in webGUI not accessible from VLAN but ...: Client connected to em2 cannot access to GUI if em1 doesn't have an active connection Normally you would have interfaces connected to a switch, and not some single device.. But if an interface is not up then no you wouldn't be able to connect to its up, because the interface is not up.. https://docs.netgate.com/pfsense/en/latest/multiwan/policy-route.html#policy-routing-configuration Why would you not just fix whatever it is your wanting to happen on lan interface not doing what you want for your vpn??

@johnpoz and @bingo600 Thank you! That did the trick.

@johnpoz Thank you so much, now im working on it, i was able to see that the rules on wan settings was gone and a new rule was created on the LAN settings.. THanks, joe

UPDATE: I've been doing some tests trying to know where the problem is and it seems that finally it comes from WAN interface. I configured first WAN but until I configured the IPSEC tunnels the problem didnt appear. Today I reinstall a fresh pfsense and first of all I configured the tunnels with no problems and when I configured the WAN the problem start. If I enable WAN with DHCP or Static IP without a gateway it works everything fine, when I choose a IPv4 Upstream gatewy then return the problem. At this point this topic can be closed.

@gertjan I will attempt this tonight and report back. Thanks.

@publictoiletbowl You mean the status monitoring page ? You have access to the page, but .... the page builder, PHP; is probably using commands that need root/admin access.

@gertjan Did as you suggested and turned off the Wireguard tunnel and the web page response time improved dramatically, unless I tried to go to: Status/ Wireguard - which was still slow. Memory usage is at 12% and cpu at 33%. It simply appears to be very slow in pulling data from the Status of the Wireguard peers and displaying this data on a web page.

@jimmychoosshoes The UI display and filter only handles 10.000 logentries from the current logfile/rotation. If your current logfile is much larger than 10.000 lines, it becomes REALLY slow to load. If you want lots of log retention, create a MUCH bigger rotation and use smaller logfiles. This will make the UI much faster since the 10.000 lines does not require loading a 400Mb file. This way you still have a lot of retention. The only drawback (regardless of which settings you use) is you can’t find older log entries from the UI as that only goes back 10.000 lines in the combined log rotation. So the remaining rotation logs can only be searched from the CLI or som external tool. I’m still hoping a log analysis/parsing package will be created for pfSense, or that Netgate will create an option for letting the UI filter feature go MUCH further back than 10.000 lines.