That's done by default after 15 failed login attempts. That's not configurable.

Still, you shouldn't leave the GUI (or any management interface of any sort on any device) open WAN-side, that's asking for trouble.

Are both proxmox servers on same cluster?

If so, check that you are not using same vmbr and same ip´s for fw's interfaces.

Traffic Totals are coming back soon as a separate package. if you want more details as to why you can search or go through my post history.

Right.  Thanks.

Maybe something like this would work:

Keep that page and make it a link in the DNS Resolver page menu, like the access lists is (do the same for DNS Forwarder), and remove the overrides section at bottom of the pages.  Then the few who need access to the overrides without also having access to the main DNS Forwarder/Resolver page can use a shortcut in their favorites or on desktop, etc.

This would provide the desired access control, retain consistency between resolver and forwarder,  without cluttering the main menu.

@johnpoz:

"to identify which firewall I am working on."

So you don't know what firewall is what based upon name, fqdn, IP?

Couldn't you just use names like pf-sitename.domain.tld or pfsense.sitename.domain.tld, pfsense.sitedomain.tld, pfsense.othersitedomain.tld, etc.. or if just using IP would they be different IP?

I like to apply different themes to the 3 pfsense boxes that I administer. Have you ever tried to compare 3 sets of ipsec settings across 3 different firewalls? It can get very confusing, and having a strong visual reference helps keep my head on straight.

Sure, the address in the URL bar is a logical equivalent, but a different theme and image is more reliable when dealing with humans.

@Dawie_Kabouter:

Does anyone know If there is a setting for the graph to update automatically? I constantly need to manually refresh the graph for it to update.

This has been available since near the beginning of the monitoring graphs.  I've been using it all along.
Status / monitoring auto updating #95
https://github.com/pfsense/FreeBSD-ports/pull/95

WARNING: This has not been "blessed" and is not supported.  Running it is on your own.

It can't be done easily and I think other features have a higher priority. Doesn't mean it won't ever happen, just will take some time to shake the code out to a point where it fits nicely.

Fixed, thanks!

It wasn't crashing anything, you were communicating with two diff devices and switching back and forth between them, which obviously isn't going to work right.

It is just that I started with NAT changes first and I noticed the X when disabled. After, I worked on Rules and was looking for the X change. When it did not changed to X I was under the wrong impression that it did not toggle properly. It is all good now.

Ticket #6464 is fixed and should show up in the next 2.3.2 snapshots if you happen to run those and want to test it out.

So you want to use the same cert on all your devices, ie wildcard cert?  And you want to use it with a single label domain .home as well?  Yeah that is broken setup just thinking about it.  What is using the cert?  Most browsers will not like that, many browsers will want for a wildcard a valid tld so .home would be out, other would want 2 labels home.tld, etc.

I don't think there is anything in the rfc that says you can not have a single label wildcard but seems like a really really bad idea…

To me those are not host names, those are domain names you always have host.domain.tld so you are trying to create a wildcard cert for different domains the way I look at it.

Your certs are FREE, and take like 3 seconds to produce, why would you want a wildcard in this setup in the firstplace?

@yrebrac - your patch to set the NAS-IP to a different value, was that merged into the project?  I am running into a problem where the RADIUS server I am using will not accept 0.0.0.0 as the NAS-IP.  I am running the latest 2.3.1 release.  Can you post the diff?

Patch works  :) :) :)

v2.2.6

Great, glad to hear you like my changes Chris! :) I did start doing some of the php coding myself, I was able to get this done so far,
IPv4 address append configuration type
add CIDR to subnet mask
change ISP DNS Servers to just DNS Server(s), very simple change lmao.
display NIC name
Here's what it looks like, and no I didn't edit the HTML this time ;)

What I'll probably not be able to figure out is how to parse the dhclient.leases file to pull the DHCP lease info, but you never know I could figure it out. I'm new to PHP, but I've had my foot in the water a few times with it so it's nothing terribly new to me.

I didn't make it in the last release, it is (will be) in 2.3.2 though.

That's up to the client, but you can disable the port 80 redirect on pfSense, which would also stop that from being a problem. Though you'll have to remember to go to https://x.x.x.x manually and not rely on the redirect in that case.

The option is under System > Advanced on the Admin Access tab