The secret to getting it to work was to change the following items.
Base DN: DC=MyDomain,DC=com
Authentication containers: OU=Customers,DC=MyDomain,DC=com
Group member attribute : memberOf=cn=VPN,OU=Customers,DC=MyDomain,DC=com
You can't get twice the bandwidth (meaning one stream/connection will get 2Gbit/sec) but you can LACP to your switch and it will put some traffic on one and some on another so if there are lots of hosts/states it will use both links effectively.
But that will only affect connections to the firewall. LAN-to-LAN connections through the switch will still be at switch speed and, thus, unaffected.
If you don't have gigabit+ WAN you're probably not going to see any benefit for the added complexity other than link redundancy to the firewall.
I believe that the issue may be solved. Time will tell when the cable modem blips again.
If you look at my gateways.png screenshot the WAN_DHCP gateway did not have the "(Default)" the Wan_DHCP6 and testvlangw only had the "(Default)" set. Once I added the default to the WAN_DHCP my tests recovered. I unplugged the modem for 30 minutes and when i plugged back in and had success.
I also swapped the nic for the wlan to a broadcomm that I had, since the chipset was on the official HCL. But, I noticed it didn't resolve the issue. Interesting enough after I swapped the nic in the PFSense GUI the routes still shown the old nic as the gateway interface until I rebooted.
I also thought it strange that a reboot gave the Wan_DHCP a default entry in the routing table.
@irs:
I can not ping to the server 10.1.9.42 from any computer 10.1.9.0/24
Though win server can access the internet and ping pfsense but other computers can not ping that server.
before deploying pfsense it was working fine.
….
All windows systems behave this way : you've entered them in a 'new' network, and the system would gave asked : Public or Private network ? Your server has probably decided to enter the 'Public' mode so it won't reply on any local communication, and uses only the gateway to access the Internet.
Check out your server.
@johnpoz:
these are hosted off different IPs, so sure rules could be up while emergingthreats could be down.
I would think you should check with them on why their sites down - did a quick look at their twitter feed and didn't see any mention of issues.
I thought maybe you just had bad url, but on their twitter account they link to their site with same just domain.tld..
Pleased to see its not just me good idea about getting in touch will see if I can find the Twitter account
@madivad:
@biggsy:
This might help.
Considering i have the space, are there any issues with me having large log files?
Cheers!
Probably not but it might be better, if you have another system sitting around, to set up a syslog server and forward the logs to that. It opens up a whole bunch of options for analysis. I use nxLog to capture the logs and Splunk (free) for analysis - both running in a Windows VM. I used the free version of Kiwi syslog for about 15 years but its performance is very limited and it's passed its prime - a bit like me :)
@kdmiller45:
That was just an example, a better one be users going to porn sites
Keith
That might be solved by using Squid and Squidguard, or perhaps also e2guardian which is what Marcelloc is currently working on.
@Gertjan:
@remzej:
@satifhussainr:
Hi Guys
I am using Pfsense in Home environment for web filtering and caching.
I checked Transparent proxy for minimum configuration at client side
now I setup my pfsense for SSL Filtering I create a certificate and download it at client
If client is computer then everything is ok but if client is smart phone or tablet then apps for facebook viber
and whatapp is not working, although https site is working fine.
I did not change any thing in rules. Rules are as it is by default.
Please let me know What should I do ?
Thank you
We have the same problem. Everything both HTTP and HTTPS are working for PCs and smartphones web browsers. But facebook application for android and iphone cannot access.
You have the same problem ?
Then why wouldn't you accept the answer already given (== stop the MTM stuff - NSA might pull this one of, 'we' : never) ?
Thanks! I already found other options that still meets our requirements.
It was indeed Stephen.
Am in the UK and it was a standard (Huawei) BT modem feeding an FTTC ISP connection via DSL to ethernet to the NIC.
Sorry for the delay I don't appear to have notifications on my posts….
@johnpoz:
Sure looks like it supports being a dhcp server to me!
http://h20566.www2.hpe.com/portal/site/hpsc/template.PAGE/action.process/public/psi/manualsDisplay/?sp4ts.oid=3897494&javax.portlet.action=true&spf_p.tpst=psiContentDisplay&javax.portlet.begCacheTok=com.vignette.cachetoken&spf_p.prp_psiContentDisplay=wsrp-interactionState%3DdocId%253Demr_na-c04490719%257CdocLocale%253Den_US&javax.portlet.endCacheTok=com.vignette.cachetoken
Did you actually go over the management and configuration guide?
Thanks. It turn out hp.com had an older version of the manual. A firmware update allowed DHCP to work. Thanks again to everyone for the help!
You image is waay to big.
The way spanning works is it tracks all the routes between switches and stops dual routes. If you add a second connection between switches and create a dual route which causes a loop this is a storm which can take a switch down trying to resolve the loop. STP, spanning tree blocks this second connection which kills the storm. But you can use this method with the second link for redundancy and it becomes a hot stand by. When the first connection goes down STP, spanning stops blocking the second connection and you have redundancy.
You need to buy switches with spanning tree. I have only ever used Cisco switches but others have it.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
