@khb ah misread, sorry

Having gone ahead and created an explicit gateway group, with both WAN's Tier 1 .. and adjusting the LAN firewall rules to use that gateway group, enable/disable now works to simulate a wire pull for failover.

I'll also note that performance is now very good, at peak 2x our previous best observed peaks (up+down)

@opoplawski

The one liner method works also :

@Gertjan On a separate note

Thank you for sharing the screenshot. I had been pulling my hair for the past few days trying to figure out why I could not access my WAN GUI from a external network.

I had followed the steps and setup the rule. But your screenshot showed me that I also needed to specify the port within the rule to allow access rather than a choosing HTTP or HTTPS as the destination port

FYI for anyone reading this, you need to pick Port Range as "other" and insert the Port you chose for your GUI which was set in System>Advanced> TCP Port

I'm enjoying learning about all this all thanks to you @Gertjan. On behalf of all the newbies and rookies, thank you for all your contributions

@madmaxpr said in 24.11 GUI crash report from firewall log:

nach Korrekturen suchen.

thanks, i have installed the patch and is worked now without errors

@patient0 said in Error Response Received / Can't access the Web GUI But seems to be Working:

And I would have thought that installing AdGuard (not an pfSense package AFAIK)

@doug_gordon41 :
A non pfSense package that uses the DNS port, thus blocking the resolver from using it.
It has a web server, thus blocking the pfSense GUI from using it.
Etc.

Read Using Software from FreeBSD again ...

Imho : re install pfSense.

@Fitin said in I can't access the web gui after changing hardware, but all services are working fine:

now the only thing I can't access again is the pfSense webgui in any way😐

What does the console menu shows you ?
And :

Double check that you didn't mix WAN and some LAN port.

The new system has new ? other network interface ?
If they got reordered at start, what previous firewall rules will be assigned to what interface ? ( just thinking out loud here )

@Gertjan

7zip did the trick. Thank you.

@Gertjan said in Shouldn't be here? (Solved):

edit : which creates the hilarious situation where you can't apply (it was applied), neither revert the original patch :

If you revert the second one then you can revert the original fix -- it's why they're ordered that way. So if you use apply all or revert all it will come out OK either way.

@Gertjan said in RESOLVED Configuration history hanging php:

And "backupcount" is set to what ? 100 ?

I couldn't check this value exactly because it was hanging.
But based on the config size and the folder size, I would say a hundred indeed.

This one ?

Yes. How I didn't see that option to change the behavior 😢
Just changed to "Automatically backup on a regular schedule" and enabled ACB again.

@Gertjan Thank you for the reply!
I want to go back and test this again later but it seemed when I ran the tail log in your first command (in ssh) the gui was more responsive. I really had to zip (10-15 consecutive page loads) around the gui with the nginx/system log both visible for it to actually lock up.

I also double checked the unbound log, and manually restarted it to make sure it was catching a start. Unfortunately, the only 'start of service' message I received was the manual restart from the status > services page.

I will add, while zipping through the highest CPU usage of the vm was 4.56%, I don't think that would be an evident issue at the moment but I'm open to suggestions.

Additionally, being that this is a webgui issue. I'm currently using firefox ver: 134.0b10 (64-bit), I switched to beta during the youtube issue.
This does appear on chrome as well.
Outside of browser, I previously had the VM configured with full passover of the realtek (RTL8125) nic for the WAN interface, and a virtIO linux bridge for the LAN adapter. I stood up/rebuilt the pfsense vm, and re-added the config from a backup recently in an attempt to fix this issue, and both adapters are currenly virtIO linux bridge adapters.

@bmeeks Thanks, that makes perfect sense. Sorting timestamps in that month-first format would be a mess!

My responses are being held for administrator approval since I just signed up to post this thread. Hopefully they still make sense being out of order. I had already found the setting you pointed me to, and also a timestamp format setting to make alpha sorting work properly.

@WhoAmI68 AFAIK pfSense has no concept of “from” like MySQL does (user@ip).

@GPz1100 said in GUI services in the system log are filled with nginx messages:

@fireodo , @SteveITS

I assume this does not survive updates and has to be edited each time?

That is correct!

Or has gui log level been added to a gui setting to be managed (set different log level or disable entire)?

No, not in 2.7.2 and not in 24.11

@Almas said in How to increase nginx php-fpm timeout?:

There was the file "/etc/inc/system.inc" was used to generate the /var/etc/nginx-webConfigurator.conf

Just keep in mind that files like "/etc/inc/system.inc" will get updated (rewriiten, new version) when upgrading pfSense.
Also, likewise, when patches are published and it modifies a file modified by you, the patch might not apply.
So, keep some local documentation about your modifications, so you can re apply your mods later on, if needed.

Your rule has a syntax error. I believe this is an invalid address specification:

And you should post questions related to the IDS/IPS packages (Snort and Suricata) in the IDS/IPS sub-forum here: https://forum.netgate.com/category/53/ids-ips.

The answer is:

Set:
WebCfg - All pages Allow access to all pages (admin privilege)

followed by:
User - Config: Deny Config Write

@Izaac It worked perfectly—thanks so much for your help!

@fireix You could run "top" and see what the CPU usage is. 10 seconds is not that long compared to say a 2100 or 3100 loading a couple dozen entries with, say, all US IPs as an alias.