I hope this thread is still alive :)
I was using m0n0wall for a long time (still have one that's been alive without reboot almost 7 years!) before I came across the first customer needing VLAN, about 12 years ago I think. I got recommended to check out pfsense, and I have since then never looked back. These days I run my own company and importing hardware and building our own routers based on APU2 board and pfsense. We have at least 200+ installations out there, and we're also running pfsense in our small datacenter where we maintain our smallest customers, as well as the two geographical backup sites we keep for customer data. And, at home of course, where I hide my entire network behind an OpenVPN service setup in pfsense.
I'm originally a Windows-guy, but after I met pfsense I realised there's a whole world of open source out there so I started learning, and today roughly half of our services are based on open source.
Comparing pfsense to Cisco or the likes, I'd say there is no competition when it comes to price / functionality / reliability (as long as you use an appropriate hardware). Only kind words from me!
...and were are also retailers for Netgate in Sweden, not that we have a lot of customers of the size demanding that good hardware.
@Jpub said in Planning to use PFsense with Cisco L3 core router and Unifi for L2... does this look ok? suggestions?:
VLAN TRUNK would conflict with the /30 static route between the L3 switch and PFSENSE we're talking about here, no?
Why would they conflict? They'd conflict only if you tried assigning the same addresses to multiple connections. Each VLAN would have it's own address range.
You may try to put the commands for changing the NIC names into the /boot/loader.conf.local. This file survives a reboot. If it isn't already present you may create one.
Maybe that works, I haven't done that ever.
@jlw52761 said in pfSense stopped routing after power failure:
@bmeeks I ended up just reinstalling the OS and doing a restore. Things came right back up without a hitch.
I know having to do that is a little painful and scary, but it's usually the best cure. Now get a UPS configured and install either the nut or apcupsd package to monitor the UPS and gracefully shutdown pfSense when there is another power failure and the battery is near exhaustion. Installing a package is important as that lets the UPS notify the firewall that the AC mains are down and the battery is about to expire. The package code then shuts down pfSense gracefully. You can configured when that happens, but I think the default is when there are 5 minutes of battery life remaining.
I had an incident in my neighborhood recently where the driver of a car ran off the road and knocked down a power pole. My house was without power for nearly 6 hours while repairs were made. I have a Netgate SG-5100 and my cable modem plugged into a APC BackUPS 650 ES. The UPS kept my firewall and cable modem running the entire duration of the power outage. Of course the same power pole also carried my cable Internet connection so I was dead in the water in terms of connectivity. I also have a UPS on all of my other computers including my ESXi servers. They all stayed up until their batteries neared exhaustion, then they each shutdown gracefully. Once power was restored they all came right back up just like nothing ever happened.
I know what you and OP mean. I have the same issue. It works manually but not via cron.
I want to wake up my server at 7 am but it won' t work. So after I realized it was not working I punshed the command in the command line and I got one error. It says that the host was not reachable. But direct after that I used the WOL service of the pfsense and it worked perfectly. (I am using pfSense 2.4.4. p3)
So was is the weird behaviour?
So there is a plugin in OSSIM which I enabled thinking that might help me read pfSense logs directly but I realized that is not going to work. Besides that I found about https://github.com/decay/alienvault-pfsense. This seems promising but it says AlienVault USM not OSSIM. Not sure if I should try this or not so I wonder if I could get some help.
And on those dell cards, be careful many are small form factor. These cards won't fit in a regular size atx motherboard setup. There are people who do sell the proper bracket out of china.
Thanks for the response!
I did try clearing the squid cache through the UI, but just ran these commands as per the linked docs.
mv /var/squid/cache /var/squid/cache.old
rm -rf /var/squid/cache.old
I'll keep you posted!
Incidentally, I did some browser based packet loss tests which at worst had 56% of packets dropped. Could this have been squid too? Fingers crossed!
The easiest way around this is to create an alias called ProxyExempt for example, and then add all clients that you want to that alias. Then add a firewall rule just above your tcp80,443 block that allows ProxyExempt out on those same ports. That's how I do it:
@jimp, who we all know is very active on the forum, is taking a much-deserved vacation. In his absence let me just say that 2.5 is still in development and our engineers are actively working to a release. We try to be as transparent as possible and you can follow the development and see what exactly is being done in redmine.
You have to create the VLANs in Interfaces > Assign > VLANs
Add whatever VLAN you need using ix0 as the parent interface.
Then assign and enable the new ix0.x VLAN interface in Interfaces > Assign as you would with any other interface.
Do you just have a port open on your WAN to allow access the webgui? A port forward?
Are you accessing it by IP directly or by FQDN?
Is the Cyberoam device known to you? How is it connected if so?
Ah, then that's almost certainly the cause!
In environments where it's not possible to guaranty the power you can set /var and /tmp as ram drives. That minimises drive writes and hence the chances of filesystem issues. That's a setting in Sys > Adv > Misc. It does require rebooting to set that.
@stephenw10 said in pfSense behind 4g router:
Right so if you use pfSense instead of the local computer you use currently you could create a VPN to the VPS from it and forward ports across it.
Permit rapid tunnel creation, their activation / deactivation and the possibility to control their states and an automatic reconnection (autossh) in case of disconnection.
It is a quick way for a webmaster to allow access to these self-hosted site under development to be tested by his client for example ...
The MobaSSHTunnel software under Windows does that perfectly!
First off, what your phone can do is irrelevant. It's what the actual equipment you use is capable of that matters. However, you're not going to get anywhere near 1 Gb with LTE, no matter what you use.
Yes, it would be very similar but possibly easier since in the default configuration the SG-3100 does not require vlans, laggs and switch config. Of you just have the default 3 interfaces you should just be able to import the config and re-assign the interfaces.
We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.
Subscribe to our Newsletter
Product information, software announcements, and special offers. See our newsletter archive for past announcements.