You can see the state table is the gui in Diag > States but with that many states you would need to enable the state filter requirement in Sys > General setup. Otherwise it will try to display the entire table and at 4M that will hang the GUI. You can also do it from the CLI using: pfctl -ss | grep ??? where ??? is whatever you're looking for. Steve

@ehj-52n said in Mail-Notifications not working: Secure Connection: [X] In that case, it isn't (shouldn't) be port 587 - but port 465. If you have access to the mail server, you should have port 587 which start 'in clear', and after a STARTTLS is issued from the client, the connections switches over to TLS (SSL). Port 465 is like 587 (called submission), asks for authentication etc but everything from bit 0 will by TLS encrypted. This is a classic 'gmail' setup : [image: 1636382726081-24ce6ecf-a0c2-4bf9-ae37-8fe6f7b2712d-image.png] (but, be careful, it might be possible that gmail won't accept connection from an 'unknown' device - mail client like 'pfsense'. See your gmail / Google security settings) You could even consider abbandning port 587 usage, because you control your won devcies, right ? Make them use port 465 (SSL only) and stop having port 587 being used = open to the internet. It's just 'one risk less' to handle. Delivering mails from a client to a mail server is all 'port 465' these days. Nothings goes (shouldn't) out in the open any more. Very comparable to what happened to 'http' : it's game over. It's https now. : be careful with this one. The certificate the (your !) mail server is using should be recognized as valid, like a Letsenscrypt certificate. A self signed cert will fail. I'm using Letenscrypt certs for my Debian + postfix mail server, works great.

@stephenw10 I did not note it down, and compare thoroughly, but in general yes - Same IP / subnet, gateway, mtu / linkspeed. I havent had the opportunity to reconnect pfsense and check the difference, as i have a narrow window in the evening, defined by how tired I am that night :) I tried booting from an opnsense USB, and I had the exact same issue. I then broadened my search to include FreeBSD, and I found a few posts with similar issues for the first time. https://forum.opnsense.org/index.php?topic=11015.0 for instance.

Mmm, where exactly are these 'extra firewalls' ? Like a software firewall on the server(s)?

There would be nothing preventing it connecting out so I would look for it requiring incoming connections (which also seems unlikely). UPnP would definitely fail in a double NAT situation. Can you test it without the Google Nest NAT? Steve

@mrmogoboya said in PFSense Device Unreachable After Reboot: Please Help. It's a PC .... so you could look at the the screen to see what happens. We can't see that screen, so you have yo detail de problem. Billions reasons exist, I can't list them all here ;) A simple advice would be : re install, assign interfaces - and don't change anything else. pfSense will work out of the box, if the hardware is ok.

@viragomann I was not sure but .fortiddns.com domain was not not resolving, I mean it was in DNS lookup and ping but for some strange reason pfsens did not want to use it to let me in. I tested with mikrotik ddns it let me in straightaway, went back to fortigate and swap ddns from "fortiddns.com" to "float-zone.com" also one of the 3 the fortigate you can chose from and pfsense let me in straightway too. glad i tested with the other ddns, just a bizarre error thank you for your help

@rmoran the SG-1100 can not handle 1 Gbps. Take a look at the IMIX traffic speeds - https://www.netgate.com/appliances If you need gigabit down then you bought the wrong device, see this article Choosing the Right Netgate Appliance

I just want to confirm that this is absolutely same experience i had with two completely different machines. I saved the XML configuration from my Protectli box. Then i got brand new desktop machine for my friend which is going to be used as a pfSense firewall. This machine has onboard Realtek NIC and PCIx Realtek NIC. I did fresh install of pfSense on this machine and i was able to access web UI. From there, i restored XML configuration from my Protectli box. Machine rebooted, and interface configuration wizard popped up. Once configured, pfSense booted up and i was again able to access web interface again. Only this time, i was notified that the packages are downloading in the background and that i should not touch anything until its done. Keep in mind guys that Protectli box and this new desktop PC are completely different machines when it comes to hardware specs. The only thing they have in common is that they are x86 machines. Nothing else. And i was able to fully restore my Protectli configuration on it with zero issues. I just had to remove my oink ID in snort, and change web access UI access password and that was it. All packages were installed and configured exactly the same. Even interface assignment in Snort and Squid were correct. I was blown away. The way that pfSense is handling configuration files is absolutely flawless.

@converge The capability is built into pfSense. There are varying ways to set it up, routing certain traffic over one or the other, or prioritizing one over the other. Budget/estimate yourself a few hours to go through it and decide if that is worth setting it all up. :)

@bingo600 Yes a mis-type. i5-5250U, 8GB RAM and Kingston 120 GB SATA SSD. https://ark.intel.com/content/www/us/en/ark/products/84984/intel-core-i55250u-processor-3m-cache-up-to-2-70-ghz.html

@stephenw10 that is just SAD at so many levels.

@sergei_shablovsky said in URGENT - Restoring 2.6.0-Dev after accidentally(!) parts of pfSense deleted: Thank You for Idea, I'l try to ask USB-drive on a reception of hotel, and may be possible to download pfSense install image and make bootable pfSense USB... Problem SOLVED: successfully restored system by choose Restore from existed config when installing from local USB-drive. Only few additional .pkg added manually. (I forgot to say, that WANs are locked to NICs MACs, so at night ISP support team not able to make corrections, so I cannot able even to connect local notebook in office.) For Your smile at the end of week: In cafe near the hotel, I buy coffee and 2 x really BIG (and very tasty) apple tart. For that, one girl from café stuff give me ability to download pfSense and create bootable USB-drive on her notebook ;) So, all are happy: office working, and I go to complete my morning tasty apple tart, I have phone num of pretty girl from cafe, tied, happy and go to sleep ;)

@whitetiger-it No need to be sorry, no harm is done. It's quiet ok to ask before you 'delete' something.

This bug is known and being worked. Here is a link to the Redmine Issue: https://redmine.pfsense.org/issues/12487#change-57234.

I turned on debugging in sshd and it looked like it wasn't able to find my keys in the authorized_keys file on the pfSense box, even though they were there. Long stupid story short, there were carriage returns in my ssh keys when I copy and pasted them over from Cygwin. I could see them in 'vi' on the pfSense box as ^M's in the authorized_keys file.... Thank you for your help @stephenw10. Hopefully this might help someone in the distant future.

@cprat Have you looked at the 'mailreport' package in the Package Manager?

Yup, backup your working config first. You can do that from the GUI though in Diag > Backup/Restore. Be aware that once you assign ue0 pfSense will require that to boot. So if you disconnect your phone without unassigning it first and then pfSense reboots for any reason you will need to access the serial console. Steve

It's common to set TCP only (the default) and that will not allow DNS which can present as you saw it. With a TCP/UDP to any rule you would expect to be able to browse though. Steve

Yep I got it up and running and did not downgrade the FW. It turned out to be the unifi switches had the Vlans and the IP addressing still entered. So I removed the IP addressing out of the unifi switches and let the pfsense box do the address through its Vlan DHCP servers and all is good.. Thank you for the response.