Hello everyone, we have performed further tests, among other things we tested version 2.5.0, which shows the same problem. I would be glad about any input or ideas you may provide me with! Regards, Timo

@jgdgzpqatddjpa said in 502 Bad Gateway when selecting Suricata IDS / Interface LAN - Categories / LAN Rules: @bmeeks In process... Darn thing gave me the 3 endless flashing blue lights Hard rebooted it. Yes not a good idea, but its back up and.... The patch fixed the issue. Thank you!!! Yeah, my experience with the SG-3100 is that it takes a LONG time to boot, and every now and then, you need to hard cycle the power (after waiting a very long time).

Thanks, I was able to resolve by reinstalling pfsense and restoring the config.

@gertjan Not in my case. Only one interface exists. WAN. And it's virtio. I will see how 2.5.2 goes. Any day now. :)

Thanks for the more detailed explanation. Now I see what the problem is. pfBlocker and Snort both beat the crap out of the configuration system writing to it on such a frequent basis that ACB becomes pretty much useless. I discussed ways to address this with the package maintainers some time ago but so far the problem still exists. For this reason there is a filter in the ACB system that rejects backups if the "Reason" parameter contains "pfblocker", "snort" or "minicron". pfSense is supposed to display an error message stating that the backup was rejected, but this seems to be broken. I'll try to get that fixed ASAP. For now, please ensure you backup "Reason" does not include those terms.

@kom I defaulted the Admin Access TCP port line. It is working fine for now after I did the option 15 thing on all the entries it had. Thanks

I am with @KOM did the serial console ever work? You should get something out of the console.. What are the lights on the box showing? I would suggest contact support - they are helpful, even if you don't have a support contract for how to restore a device that has failed for some reason. Support contracts are really meant for configuration help, but they should help you restore functionality of the device, etc.

tyvm that was it.

It seems to be solved. Found a topic saying that when a change from ldap to ldaps happens, a 16) Restart PHP-FPM is required.. In case it happens again I'll post here, thanks.

Yeah their job is to look for shrimp in my food.. There is no reason for them to look in food I am never going to eat ;) Only the food I am going to eat.. Not their job to tell me there is shrimp in the house - you could die.. No I am not going to eat that shrimp... But hey you can check all the meals I am going to eat.. Pretty pointless to tell me there is shrimp in the freezer out in the garage.. I can not get into the garage freezer its locked, only my wife can get in there - she likes shrimp, and she doesn't get sick from it ;) But you know what - you can keep checking my meals (3 month scans, and scans after changes) you know in case my wife makes a mistake and cooks something with shrimp in it ;) You can check that its locked.. To validate only my wife can get in there, maybe she left it unlocked. But me and my buddy pci can not get in there - so no reason to give you the key so you can look inside to validate yes there is shrimp in there.. Even if the shrimp might be bad - doesn't matter.. We don't eat it anyway, nor does my pci buddy..

ut-oh ;) we may have a future stratum 1 time server owner soon.. ntp is fascinating to me.. There are few around here as well that run their own.. It can be done fairly cheaply with pi and a gps hat for it. Some interesting threads if you look for them.. Some have some really great setups, mine is bit older and not as accurate as it could be.. It sub 1ms, have seen like 20ns setups.. I have not gotten into the tinker with it mood in quite some time to play around with tweaking it to see if could get it to be more stable. Last thing I did with it really was switch it to running ntpsec... I should prob reset up my monitoring of it I guess ;) To better track how well its doing.. pi@ntp:~ $ ntpq ntpq> pe remote refid st t when poll reach delay offset jitter ======================================================================================================= *SHM(1) .PPS. 0 l - 8 377 0.0000 -0.0388 0.0088 Looks to be within 40ns - but should prob graph that to see how its drifting, etc.

@gertjan I figured it out with 'ps' [2.5.1-RELEASE][admin@fw.my.lan]/root: ps -adux | grep php-fpm root 6327 0.0 0.0 11188 2688 1 S+ 23:37 0:00.00 | `-- grep php-fpm root 95835 0.0 0.4 104164 33660 - Ss 22:33 0:00.07 |-- php-fpm: master process (/usr/local/lib/php-fpm.conf) (php-fpm) root 5848 0.0 0.5 106212 42872 - I 22:34 0:00.01 | |-- php-fpm: pool nginx (php-fpm) root 12543 0.0 0.5 106212 42876 - I 22:36 0:00.01 | |-- php-fpm: pool nginx (php-fpm) root 15542 0.0 0.5 106212 42876 - I 22:34 0:00.01 | |-- php-fpm: pool nginx (php-fpm) root 23468 0.0 0.5 106212 42876 - I 22:36 0:00.01 | |-- php-fpm: pool nginx (php-fpm) root 25149 0.0 0.5 106212 42880 - I 22:36 0:00.01 | |-- php-fpm: pool nginx (php-fpm) root 31488 0.0 0.5 106212 42876 - I 22:35 0:00.01 | |-- php-fpm: pool nginx (php-fpm) root 95858 0.0 0.6 109108 45696 - I 22:33 0:00.73 | |-- php-fpm: pool nginx (php-fpm) root 96167 0.0 0.5 106488 44260 - I 22:33 0:00.28 | `-- php-fpm: pool nginx (php-fpm) ....and yeah - already tried 'option 11'....didn't help, sadly.

@fbmm said in WebConfigurator hands out expired certificate, but in Cert. Manager it seems up-to-date: Maybe followed wrong tutorial There is only one ...... Let's Encrypt on pfSense and the guy who wrote the package is explaining it. What do you want more ?