@SteveITS Hello, I wanted to thank you for the help I figured out where I went wrong. Essentially I created the ports added the needed DHCP server setting had all that correct. What I failed to do was allow traffic from the wan to the second LAN port correctly. I had defined in the rules for the LAN2 ports LAN2 -> WAN was okay when in fact I needed to do WAN -> LAN2 okay. Now my DMZ is wokring. All my servers are on the pfSense only and all my other devices behind the router are connected to the pfSense.

@drkpny19 said in New pfSense install good down/bad upload.: I will do another test when I get home. I’ll make windows desktop the server and pfsense the client, You can also just use the -R switch to reverse the test direction. What is the WAN port connected to? What speed is it linked at?

@bushman666 Thank you. This solution perfectly works for me. From 2.6.0 to 2.7.0 upgrade.

@AdriftAtlas Untangle charge $150 for the Home Pro with limitations. Otherwise I'd look at Sophos XG Home, but I'm running pfsense for now on Sophos XG hardware, XG125 Rev3. It was sadly advertised as a 135, but fortunately the seller refunded me and told me to keep the unit. Just need to sell off my XG210 Rev 2 unit.

@stephenw10 said in Drivers Loading During Booting Up: Mmm, well it shouldn't happen So, I upgraded to v23.09RC and it still takes the same time loading device manager and the cryptographic accelerator driver (E1000)...this seems to confirm it's something about the E1000 driver. Hope to do the QAT removal on Sunday.

@stephenw10 Thanks, I had same issue after upgrading to 2.7.0 I can now ping the CARP VIP from the backup node when adding this System Tunable setting.

Hmm, interesting. I've never seen a problem using a ZFS mirror. In testing I've remove either drive from the system and it still boots happily. The only issue is there's no gui component (yet) to rebuild the mirror if you have to replace a drive. That has to be done manually. Steve

Ok, done some learning and there is a -h flag available to make du a bit more readable to dumb humans: So for example: [23.09-RC][admin@Router-7]/root: du -s -h /usr/ 910M /usr/ [23.09-RC][admin@Router-7]/root: du -s -h /var/ 718M /var/ [23.09-RC][admin@Router-7]/root: du -s -h /./ 1.8G /./ [23.09-RC][admin@Router-7]/root: Every day a school day... again ...or something. ️

Yep the only solution was to reinstall clean and rerun the config. Thank you

Ok many thanks. Will get device ID later and prob place an order over the weekend.

@empty_infinity said in New pfsense Install - No Internet for Connected Devices: IP: 192.168.55.10 Subnet: 255.255.255.0 DNS server: 192.168.55.1 (this is the static IP address i set on the LAN port of pfsense) And the gateway for this device ? I should be, as the DNS : 192.168.55.1 The pfSense LAN firewall rule is a generic pass all rule like the one you found when installing pfSense ?

johnpoz, thanks will give it a try. Thank you

@stephenw10 this was exactly it thank you! one of the VMs was not on /24 immediately fixed after correcting it

It would be backup and redeploy currently. There's no easy to upgrade off-line directly. Yet. Steve

The WAN gateway needs to be set the IP the ISP gave you so pfSense knows where to route traffic. That gateway may not respond to pings which is what pfSense uses to monitor the status. You can set different IP for it to check against, like 8.8.8.8 in System > Routing > Gateways: Edit the WAN gateway. You might also need to reboot any sort of ONT or modem the ISP provided if you connected to it with your laptop and it locked to the MAC address of that. Steve

'Bad Request' there shows the client is sending an invalid cert. Most likely the NDI changed so it was no longer able to pull a new, valid cert. Steve

@johnpoz thx

@astrolabius said in pfsense with mikrotik LTE in passthrough mode, how to access mikrotik admin panel ?: I thought that during VIP creation I'm setting up IP pool which will be assigned to this Interface, and not used by this interface. Not for an IPAlias VIP on WAN. You would add one for each IP you want to use there and at least one them has to be defined with the correct subnet mask so the routes are added. Otherwise pfSense has no idea how to reach any other IP in the subnet. So you you just need to change your VIP on WAN to be 192.168.88.2/24. Then change the source in the outbound NAT rule to 'LAN net' so that traffic from clients in the LAN matches it.

The incoming fibre from Openreach (or pretty much anyone) is GPON. You need a GPON adapter of some sort, like the ONT. You can get GPON SFP adapters but they need to be programmed. It's unlikely you would see any advantage by doing that anyway.

@viragomann King!! THanks.