I changed the "Session timeout" in the System/UserManager menu to 43200 (about one month), and so far there haven't been any more forced logouts. Perhaps there is a problem with setting this value to "0"? Let's wait and see.

Thank you! You're right, firewall access is not ideal in this case. But it's necessary for us to let people manage their port forwarding rules, so this is a preliminary solution we can live with. I hope they change this behaviour in a future release.

@bfred said in [Solved] Lots webgui, page doesn't load: it didn't break just after saving it (or applying it?) What you saw was the proof of having a stateful firewall. Initial connections going trough the firewall rules are matched with the firewall rules, top to bottom. If one rule matches as a "pass", a firewall state is created, and subsequent traffic bypasses the firewall, because it's known as accepted. This accelerates a lot traffic throughput. As long as you do not edit the initial matching rule, the state keeps up. Even when you add or edit a rule above your initial rule that would block such a connection. To really apply new rules that do not "seem to work right away" you have to manually reset the states, or, same thing : reset the firewall as does a reboot. See Diagnostics > States > States and Reset States. @bfred said in [Solved] Lots webgui, page doesn't load: https port from 1 machine to a different port on that same machine A device on the Internet ?

thanks much for the advice, i figured out how to setup the openvpn. the wizard was pretty good. took me a while to figure out the the wizard does not create a user in the local user database. i have an account with packtpub.com. they have several books on pfsense. i like my sg1100,

Thanks jimp: done as suggested: Feature #10340 (https://redmine.pfsense.org/issues/10340)

You are correct. I looked at the the system.log and it is complaining about another 192.168.1.1 with a different mac. I workaround the problem by using 10.x.x.x instead for LAN

double post, the answer is here https://forum.netgate.com/topic/151051/i-can-t-access-user-maintenance-on-a-user-other-than-the-admin-only-the-option-to-change-the-password-appears-even-when-in-the-admins-group/2

@pfSenseTest said in Cert Manager: Already updated. https://redmine.pfsense.org/issues/9825 Yep, we already saw that last week and enacted the lower lifetime. New installs will have the GUI cert set to that lifetime, or you can make a new one when pfSsh.php playback generateguicert if you're on a release or snapshot with the change. Just the GUI cert lifetime change is in 2.4.5, but for 2.5.0 there are more benefits. For example, the GUI has a visible warning when you exceed the limit for a server cert: [image: 1582562101995-selection_200.jpg] Plus in 2.5.0 where you can renew a cert in the GUI, there is an option to apply the lower limit at that time. [image: 1582562109474-selection_199.jpg]

I disabled the Dashboard auto-update check. The host that I am using to access the webGUI uses the pfSense as the DNS resolver. Upstream from that the pfSense is on a domain with a DNS role.

It's probably HSTS cached by your browser giving you trouble and not anything in pfSense itself. You shouldn't be using HTTP anyhow. Keep the GUI on HTTPS.

Or you can just find the specific state or states in the table and kill it/those. But sure a full flush works too ;)

Well then you would see the traffic via tcpdump then... You sure your using the correct interface em0? Capture all traffic - are you seeing traffic at all on that interface... If your not seeing traffic to whatever port its on.. Then your coming in a different interface, you have the wrong interface selected, or the wrong port. Why would you change ports? Because your block rule wasn't working and you think changing the port would magically start working? If you allow traffic, and state is created and then create a block rule - you have to flush the old state.

It doesn't look like the code that gathers the stats for RRD is aware of pools, only the main range. If there isn't already an entry on https://redmine.pfsense.org for that, open a new feature request there.

@Derelict I know this is old... I just wanted to thank you for the steps. Got me back up and running quick when a certificate was accidentally revoked. Thank you!

Its answered here https://forum.netgate.com/topic/149857/web-gui-auto-redirect-http-connection-to-https I cant close thread, can moderator do it, please. Thanks.

And this just answered my question here: https://forum.netgate.com/topic/150042/after-changing-pfsense-from-http-to-https-i-must-type-https-xxxxxx-xx-to-reach-web-page Im using custom port, so yeah. Thanks for clarification.

Depends on the network architecture. If it's a workstation VM on the same host as pfS VM, it (Private) would work. But not for Inet access for anything downstream on the LAN, not even the host. https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/get-started/create-a-virtual-switch-for-hyper-v-virtual-machines [image: 1580142587950-c70e1185-082b-486a-9d22-68b838f04cc0-image.png]

My hn0 interface is down, how do i bring it up?