I think ManageEngines Netflow Analyzer offers 2 free collectors and includes free billing feature's

I would go with 4 interfaces (3 NICs)…two WANs, one LAN, one VLAN.  Disable the internal DHCP on the APs.  Use the DHCP from pfSense for BOTH VLAN and LAN, install captive portal and enable it on the VLAN.  Make sure that the two interfaces are on disjoint subnets, you can also set the default rule on both interfaces to prevent traffic from going from VLAN-LAN and vice versa.  LAN becomes VLAN1 (the default VLAN) in a setup like this.

We only have one WAN here, but use the same VLAN for wireless setup.  If your APs can support it, setup two SSIDs; one on the LAN for your employees to connect to the Citrix servers, and a second on the VLAN for guests to hit the captive portal for web access.

The full setup would be like this:  WAN1/WAN2 (NIC1/NIC2)-> LAN(VLAN1, NIC3, 10.1.1.1) or guest VLAN (VLAN2, NIC3, 192.168.1.1)

its easy change ISP

hello Cry Havok,

thx for the answer, i'm now looking for old PC with my large hdd to build freeNAS  ;)

@Cry:

I run pfSense on a network with a Windows domain (not Active Directory) and I don't get any lockups.  I doubt that pfSense is the cause, though it may be the catalyst.

Question - what is your DHCP lease - 24 hours?  The interval would point to to a DHCP lease refresh issue (refresh is at 50% of the lease).  Make sure that you've specified the correct DNS servers in the DHCP configuration, or switch to doing DHCP on the domain controller.  Check your other DHCP options too.

This is an active directory domain.  I like using the firewall for DHCP since they support Static DHCP.  Also I want to use the PXE boot server options of PFSense which are not supported by Windows DHCP.  Wouldn't the DHCP lease time be different on almost all PCs?  I thought lease time was specific to individual PCs.  DNS servers are correct, primary server as DNS1 and ISP DNS server as DNS2.  The same as it is on my monowall box.

Hrm…

Hi

Thanks for your idea, but have managed to download Vista Business the other day (2.1Gb) with no problem at all (This was from MS, using webbrowser not download manager, and we dont allow Torrents in the office). Have to say I have moved over to other hardware and since that poin haven't had any lock ups at all, but saying that, didn't have any problems with the oroginal hardware for 30days so can't be sure that this may not happen again.

J

It seems you are looking for a "transparent firewall" or "filtering bridge"
Take a look at the howto's and search the forum for these keywords.

I'm not sure about the trafficshaping part.
I think in 1.2 it's not possible to shape on bridges. Not sure about the 1.3_alpha_alpha with the new shaper.

It's already possible to create a static arp-table so only devices on the list are able to communicate with the device.

I did put it on our switch and tried that way … no dice. I'll check to make sure what I thought was a crossover, really was. I've always swapped the OPT1/WAN assignments (and physically), and it worked exactly in reverse- DSL was fine on the card that can't see the router, T1 no carrier.

I'm sure it would be possible for you to alter your local install - but changing it globally would break things for many other people.  I'm sure if you submit a patch to the folks behind pf they'll get back to you ;)

That is probably the ping for RRD's quality graph metric.
Every minute or so it will issue a few ping packets to check how the latency/packet loss to the WAN gateway is like.

Something is seriously out of wack.  I would reinstall and if the problem persists start looking at potential hardware failures.

Do you have a IPSEC VPN Tunnel terminating to the 2nd LAN??

For some reason, i can not ping anything on my 2nd lan from pfSense when a IPSEC Tunnel is running.. If i turn it off, i can ping all day long..

hi

did it really work with 1.2.1, i try installing 1.2.1 but i couldn't succeed running and provide internet,  any special setup i must do, isn't it like 1.2 in setup?