One of our Cisco switche's ports were both giveing Tx errors out (bad packets), Annoyingly simply reconnecting seemed to fix this…

Do you have any reasons to believe that your iptv is broadcasting to your box via http? Because squid only filters http protocol based material. IPTV usually uses unicast or multicast with RTP and/or RTSP.
I suspect that squid and iptv coexist nicely without you have to do anything whatsoever, but maybe I am missing something here…

I appreciate the help.  I will try to get another pfsense installation in GNS3 without using the appliance and see if that makes a difference.

I would agree good idea to isolate such devices from the rest of your network.

Either via physical different network or sure vlan switch can isolate them.. Your prob going to to want to adjust the firewall rules on your dmz interface so that the dmz can not talk to your other networks (lan) unless the lan has started the conversation..

Or you could pinhole some things into your other networks.  For example if you want to be able to print stuff from these server you might allow that..

Fantastic that worked. Thankyou very much

I rebooted my entire network setup, waited 30 seconds, and now everything is working fine. Must have been something in the Network hanging or something.

pfBlockerNG - Sure is coming up a lot in the "please help" category.

When you go to Status > OpenVPN, does the VPN connection show as "UP"? Also, what version of pfSense are you using?

Kind regards

try splice all. The new Android and apple apps  have hard coded certs

Thank you for your reply, I appreciate it a lot.
To start, i was able to get it to work.
I knew that you could have multiple routers on the same WAN network. thanks for confirming that.
My network connection is in the datacenter. we connect directly to the switch with a subnet mask of /28. 
Both routers had the correct ip addressing and were in the same subnet. 
Both have unique Mac addresses.
The only conflict i came across was they had the same hostname.
But i only discover that after resetting the new router to the factory defaults and going through the configuration wizard.
thank you again.

There are some other methods to get a fast and cheap as can ac WIFi if it is urgent needed by you, and it
is matching to every budget too. So it could be used by many peoples.
1 UBNT UniFi ac lite WiFi AP for around ~$74
One RaspBerry PI 3.0 with internal ac WiFi card or together with an external USB ac WiFi stick for ~$60
An old and used WiFi ac Router that is broken or mismatching from the dump, with installed DD-WRT or OpenWRT (lede) for nothing ($$$) with some luck!

It's a pity that pfsense does not support any Wifi AC card. It would be nice to have everything in one box.

At first pfSense is based on  FreeBSD as the underlying OS and so it is a must be that FreeBSD is supporting it
well and first, then this could also be working on pfSense, but also with some adjustments or code writing to
realize it well and fine working out of the box.
Well working internal miniPCIe cards for pfSense, supporting the following standards a/b/g/n are;

Compex WLE200NX ~20 € UBNT SR71-E ~50 €

FreeBSD 11.1 special files (firmware and driver for Intel wireless-ac cards) over 12 month ago!
Outlook to version 2.4 and Intel Wireless-AC cards 12 month old
Bug report on reddit about wireless ac (solved) 12 month old
FreeBSD 11 and Intel Dual Band Wireless-AC 8260 8 month old

So if you own or have a miniCPIe card such as the following named cards from Intel;

Intel Dual Band Wireless AC 3160 Intel Dual Band Wireless AC 3165 Intel Dual Band Wireless AC 7260 Intel Dual Band Wireless AC 7265 Intel Dual Band Wireless AC 8260

You could have luck that it is working under FreeBSD, but with no guarantee and for sure for working well in pfSense.
pfSense is not or only something sitting on FreeBSD, after growing up more and more there was a bigger code
change under the roof as we all perhaps could imagine as I see it right.

Instead of trying to whitelist squid by domain name (which you obviously didn't do correctly) you might, instead, put the netflix device IP addresses in the Bypass Proxy for These Source IPs settings.

There is no guarantee that everything that needs to be outside the proxy will have a netflix.com domain name.

I intended to go back and set it that way, get screenshots, and come back here to post "I told you so, it didn't work"… but I'll be damnd if it isn't indeed working.

Thank you very much for setting me straight.

@johnpoz:

The register dhcp and static are right there on the resolve main config page..

There have been some issues with dhcp renews and such causing a restart of unbound.. Have not looked into this in a while.  Since I don't really can to resolve any sort of dynamic device.. Guest users to wifi, etc.

My devices pretty much all have a reservation so they always have the same IP… So use of that or host overrides will work just fine.

Alla thanks to you sir! I'll set this thread to solved  :D

@johnpoz:

The quality graph will give you a graph..  Its under status, monitoring - change it to your quality graph for your gateway you want to look at.

Reason you want to monitor from outside for such things.. Hard to get alert from our internal system when the internal systems internet connection is down ;)  There are plenty of FREE such sites to do simple monitoring that you can leverage.. statuscake is another one, etc..

Thanks! While noting what you say about the advantages of inbound monitoring, this is what I was looking for but couldn't find.