A VPN would be best, but you can do something like this as a backup: Setup Dynamic DNS on both so you have a hostname that tracks whatever your current WAN IP address is Setup an alias called RemoteManagement or something along those lines, and put in the dynamic DNS hostname from the other end. The firewall will periodically check and update the alias. Setup a remote access firewall rule using this RemoteManagement alias as the source.

Reinstall the package. Go to System > Packages and if it's on the Installed Packages tab, click the icon to reinstall. If it doesn't show there, go to the Available Packages tab, find it there and install it again.

Thanks! That worked. Rick

I was looking at this again today and now I have another question. If I look at the memory at any given point along the graph, adding up all the numbers doesn't equal 100. How can that be?

Tried to look for an open ports using nmap and it gave me zero results :(

That looks like a great job for a raspberry pi or similar device (BBB, espressobin, etc)

Thanks for the detailed info - JimP you are always a wealth of info... Not in any hurry was just curious.

Where are you getting your cert from? Your going to have to give us more details if you want anyone to be able to figure out what your doing wrong. For what possible reason would you want to use a wildcard cert for the webgui? How many possible fqdn/IPs could you point to the web gui? The web gui should be accessed by limited number of users. Create as cert with your own ca, have the users that will access it trust your ca. Put in whatever SANs you want to access it by. Done - set the cert to be good for 10 years. Never have to deal with this issue again.

Okay I'm just being stupid. Apparently servers do not send the root certificate. The root certificate comes from the Certificate Store in Windows (which I have added the root certificate via group policy). However Firefox does not trust the Windows Certificate Store and maintains it's own. I needed to add the CA certificate manually into Firefox. Now it works.

@derelict said in Webgui Access Only by FQDN: Yeah , but once it is connected i want page to be redirected or reloaded as https://pfsense.example.com. i have configured this behavior in my Linux web-servers running with Apache Doesn't matter if there is a redirect. You will still get the certificate error when you initially connect because the certificate will not match the URL (IP address in this case.) If you don't like the certificate errors going to https://192.168.1.1/ then don't go to 192.168.1.1, go to the FQDN instead. Here, do this little experiment: https://172.217.5.196/ Click through and see where you end up. Thanks Derelict. I have now added IP address in certificate and able to access Thanks for your Help.

Those kinds of changes are best submitted as a pull request on github.

Hi, Use another browser and you'll see what happens  ;) Or flush your current browser cache. @dedeboy: … but now don't enter What was the message ?

Can anyone verify it this has been fixed in 2.4.3_1 RHLinux

I'm wondering if it can be disabled also.

The pfSense community has been using Zanata to translate text strings and Azerbaijani is already set up as one of the translations. This would be by far the best way to translate and you might even win something. https://www.netgate.com/blog/pfsense-software-translations-with-zanata.html If you really want to translate in a private environment, however, you can use the .po file here: /usr/local/share/locale/en_US/LC_MESSAGES/pfSense.po

@jimp: This works fine in the ACME package: [image: eAvvyXt.png] Did you do something different? Also, you can use the sudo package to grant other users rights to do things. It wouldn't be necessary for ACME, but for your own user it could help you out. I think I found the problem. Silly me. I entered the command as /etc**.rc.restart_webgui instead of /etc/**rc.restart_webgui I only realize it after I look into the screenshot.