Please make a feature request here: https://redmine.pfsense.org/projects/pfsense/issues

you can try it with untagged vlans and see if what kind of difference that makes if any.

It was a 64bit before and after I downloaded and installed it on a USB pen drive for installing again it is working now. Thank you.

https://redmine.pfsense.org/issues/6650 https://github.com/pfsense/pfsense/pull/3856

Johnpoz, you just clarify in 30 lines a 3 page article I found via google. Needless to say that I was completely confused after that article. Thank you. Very much appreciated. M.

It looks like the gateway on the interface was my problem. I created a gateway by itself and set 10.0.0.0/8 to point to it; now I can get the the firewall from anywhere on my LAN. I also made sure all my networks are permitted in NAT. Now I just need to "get an outage window approved" (this is at home :-D) for testing. Thanks!

@johnpoz: Because as they Download the file from the internet… The Data flows from the internet -- see my little asci diagram with the -----> Is IN to the wan, and OUT the lan to the user.. The users interface will show IN as high and out as lower.. Look at the users interface on their machine..  Is the packet coming into the interface from the wire out to the wire is how you have to look at it. NOW I GET IT!!!! I wasn't considering the internal router interface going OUT and then IN to the users local interface. Thanks for clearing me up. :)

Greetings from San Francisco ….. ♪ If you're going to San Francisco, ♫ Be sure to wear some flowers in your hair….. Greetings back to the city of the bay!

So, although I'm reasonably comfortable with pfsense, I guess I'm looking for some assurance before using them in a more important role. Are you using pfsense in a commercial role for a large number of users? Do you use Netgate hardware? Do you have official support? What do you think? You are talking here about many points that will be not able to merged into one question, there are many ways to solve out this point, needs and wishes by going any way you want and need it. But to being sure that all is also matching right this is purely not enough information you are providing to us. For sure they are companies from the lower bottom to the highest top, and they are also prefer using OpenSource based applications and firewalls to, in any kind of nature, I know a auto garage that is using that pfSense firewall and I personally know also a mid ranged data center that is using that pfSense firewall internally too, so not only and even at the WAN interface, but more in many directions and fields. This is not the problem as I see it right. In many countries, many companies are bounded to go and act by the following points; Company rules (company and group rules) Insurance rules (ICSA I, II or II certified) Rules from supplier, customers and other partners hidden, silent or secret market rules given form and by NASDAQ or stock exchange analysts Country rules, laws and government rules or policies to all connected companies of a supply chain So if all is open to you and your company you should be waiting at this point or cantact them not only here in the forum, it is moderated but a user to user forum too! write to the Support I personally would wait a while based on the news that perhaps a new hardware line will be up in the next time based on the the Intel C3000 (Denverton) or Intel Xeon D-15xxN could be matching well and for sure you could also walk down the road with your own hardware and get qualified support from them if there is not all matching to your needs, criteria and/or willing. The last think would be also often forgotten or not spoken about, the pfSense Training that will be bringing you up to manage all the things better by your own! For a longer time period of usage it might be a great deal for both sides.

i mean so it accelerates file transfers like sftp over the WAN isi its really fast, bit like UDP as UDP is faster than TCP You may be able to realize that if you create a small DMZ and place the S/FTP or FTP/S server inside of that DMZ and then you would be only open ports and forwarding protocols to that server, together with Snort as a IDS solution you will be able to inspect the entire traffic to that DMZ. It could be speeding the throughputbut with the right pf firewall rules according to that DMZ and on top IDS sniffing it is also a safe thing.

@virgiliomi: You might look at the Status Traffic Totals package. You can get hourly numbers for the past 24 hours, daily numbers for the past 30 days, and monthly numbers for the past 12 months. It's not broken down into particular hosts though… just a total in and out for the interface. Thanks, sounds like that might do the job.

Does your setup looks like the drawing? Yes, that seems to be correct.

On a side note - opening VNC, RDP to the public internet - not a very good idea!  If you need to remote to something on your network while your away. VPN in.. Then remote to it.. Much more secure.

"I will run at least 2 switches, maybe 3 if there arnt enough ports" Are these ports needed in the same area or you going to run an uplink to another room/closet to have ports there, ie another part of the building?  If you need to start thinking about adding a 3rd switch because of ports in the same area - its prob time to get a higher density switch.. Or this does sound like a business with 10G and 24 port switches, etc. Then get stackable switches vs having to daisy chain them..  Also if you do need multiple switches off your core then uplink them to the core…  Avoid this... CoreSwitch -- switch -- switch You would do this switch -- Coreswitch -- switch I agree completely about the L3 switch if you need performance between segments if you do not need to firewall between these segments for sure!  But in small setup its also just easier if you need performance between devices to just put them on the same L2 if your not worried about firewall.. So if you have NAS and you have clients that need max speed to this NAS... its much easier to just put them on the same network vs routing it at all be it at your firewall or some L3 switch.

Also encountering the issue. Decided to just let go and set SSL/MITM Mode to Splice All for now..