It looks like a certificate mismatch because pfSense uses a self signed cert to serve that page.

@bahman via the marketplace I linked too.

@stephenw10 I will try next. i'm new to pfsense, so will slowly setup as I go. thank you for all the inputs.

@opensourceprotection said in SMTP notifications not working with gmail: Solved! Every time you test the connection you have a to reinput the password. Even though you'll see the shortened black dots, the password is not saved from the test before. (I'm assuming it's reverting to what it has saved but can't say for certain.)  I was seeing the shortened black dots and thought PFSense was rolling over the password from the previous try this was not the case. Once I copied the setting of johnpoz (with the appropriately changed email addresses) it worked like a charm the first time, and when tested again it failed like before. That's what clued me in. If I entered everything fresh, hit save, THEN hit test I could get it working multiple times in a row. Thank you everyone for your help with this! This was the solution to the issue I was having! Thanks for your help.

The 1100 is preconfigured to boot to a functioning state. You should be able to connect a dhcp client to LAN and it will receive an IP address in the default LAN subnet, 192.168.1.0/24. That allows you to connect to the webgui and complete the setup. The most common cause of that failing is that the WAN is connected to an upstream router and that device is also using the 192.168.1.0/24 subnet creating a conflict. If that's not the case then, yes, connect to the serial console to investigate what state it is in. https://docs.netgate.com/pfsense/en/latest/solutions/sg-1100/connect-to-console.html Steve

Not all of the interfaces were selected so it was re-broadcasting only on a few interfaces. Thanks for the push in the right direction.

I think you should restate your requirements. The number of clients is not the correct end number you are looking for, it is the number of states (RAM usage). I have about 20 devices on my network doing things. I have 800 states, or about 40 states per device. 10k clients times 40 states is 400,000 states. My 8Gb FW defaulted to over 800k states, my memory usage is low so there is room to grow. (40 states per device is not a solid number you should use, just an example.) 10Gb is where you look at interfaces and CPU, a 6100 should handle that speed. Any packages you add on top should be added to the CPU and RAM numbers. When you are done you should have an idea as to the the CPU and RAM needed, then you can make an educated guess on which device is best suited for your needs. If you have performance data from previous events you can improve your estimation on CPU and RAM needed.

@josephchrzempiec do you have multiple dumb switches? If so you could plug 1 switch into the interface on network 192.168.1/24 and another switch into interface 192.168.2/24. Stuff you plug into sw1 will be on that network, stuff you plug into sw2 would be on the other network. Then you could firewall all you want between these network. Your other option would be just plug say this server into the port directly on pfsense, and put it on a different network that way. But you can get a 8 port "smart" switch that does vlans for like $40 or so. Other option if you did have a managed switch that supported private vlans, you could limit who could talk to each other in the same network/vlan Other option is to do your filtering on the hosts firewall directly.

@stephenw10 Nothing like that in any of my logs. Might be though. When I didn’t double boot I still over wrote everything with the restore.

NUT reports everything correctly. Doesn’t seem as easy to configure for when to shut down, etc. Looks like defaults are good to go as is though.

It means the bogons v6 table has not been populated yet. It's common to see that at reboot because of the order things are loaded in so if you only see it there it's probably not an issue. Make sure if you clear it and then do Status > Filter Reload it does not return. The other reason you might see that is there is insufficient table size to contain the v6 data, which can be quite large. If that's the case try increasing 'Firewall Maximum Table Entries' in System < Advanced > Firewall & NAT Steve

It doesn't look like there's a port forward associated with that rule on WAN so it shouldn't be there. Check the Outbound NAT rules in Firewall > NAT > Outbound Something is allowing that inbound state on WAN to be created without NAT and that may be conflicting with the outbound state preventing it. You don't appear to have a rule on WAN that would allow it so check the floating rules too. Steve

@stephenw10 Yes Firewall Rules. I don’t think my AppleTV’s, iPAD or iPHONES use Apple Talk. Might. Now on to other questions. Thanks again. Cleaned up some of the network routing and was able to eliminate both Netgear switches in two person office. Added UPS’s to each work station and to the “Internet” station, the router, modem, wireless AP. Power rarely goes out here but it does once and awhile. Employer gets a tad annoyed when everyone disappears. Thanks again. NOW my Firewall is doing what its supposed to do for WAN side. Lots of blocking going on. I've installed and configured the UPS package. Need to figure it out though.

So when exactly would curl on pfsense be doing this for example "When sending data to an MQTT server" "redis -- Integer overflow issues with BITFIELD command on 32-bit systems" How is that applicable? If you were going to update every single package every time any sort of issue is found, all you would be doing is running updates.. Unless the issue is applicable to how pfsense is used, it really shouldn't be a concern.. I am all for keeping up with what is out there, and what could be issues - but it can get out of hand really quickly if every little alert is some sort of fire drill for how the sky is falling.. Pfsense and the Netgate team should be keeping abreast of issues that could effect pfsense install base. And taking the appropriate actions - if you do not trust them to do their jobs, why are you running their software? Are you following up with the 2400 some plus CVEs currently out for windows 10? And following up with MS to what they are doing about them? ;) What is funny to me is how on one hand you have users worried about some odd cve report for a package and use case that I just do not see how its an issue.. And then you have others running 2.3 still of pfsense ;)

@kosvision pfSense is a router firewall. If you need a firewall / router, pfSense might fit your needs. Most often, your ISP router will do just fine. Hook it up, and it works, you'll be fine. Anyway, you can test it for yourself.

@jsmiddleton4 what exactly did you set? you should be able to view what that is directly with sysctl whatever that is..

It sounds like you whitelist includes your own IP and you are applying it inbound on WAN which you probably don't want. The pfBlocker rules generally get moved to the top of the list whenever they update which is probably why your block rules is being overridden. You can change that behaviour though or add a floating rule depending on how you have set the pfBlocker rules to apply. Can we see a screenshot of your WAN rules and floating rules if you're using them? Steve

No worries. Please ask if we can clarify anything further for you.

@stephenw10 said in Routing Error :radvd 40776 sendmsg: Permission denied: Go to Services > DHCPv6 Server & RA > LAN(or any other interface) > Router Advertisements tab. Set the router mode to disabled. Steve Dear Steve, your explanation help me out - thank you - roland.

What I set up for a client that is on FTTN is a Draytek Vigor 130 (i think) in bridge mode and a pfsense box. Their modem/router with the phone connection is connected to the pfsense box and goes out to the internet all by itself. All the other internal network runs off the pfsense box. FTTN ^ Draytek ^ pfsense box----------------> Old modem/router with ATA built in | |-----------------------------> Rest of network Hope that helps.