Post all the details if you want help.  What are you trying to do, what errors you receive etc.

You would be better off posting this to the Cache/Proxy forum.

No that is not the case that firewall (self) is just a built in alias that is all IPs on ALL interfaces on the firewall..

https://doc.pfsense.org/index.php/Firewall_Rule_Basics
This Firewall (self) - Any IP address assigned to any interface on this firewall (pfSense 2.2+)

If you want the dest to be the IP of an interface, then you should pick the drop down address of that interface, ie Wan Address.. Not this firewall..

"haproxy (front end "SharedFrontend") should be bound to your WAN IP on port 80, where as your pfsense admin ui is bound to *:80.  This should allow both to co-exist and route accordingly."

Again NO - since you are creating a RACE condition on what is going to bind to what on port 80…

I guess that is a know?

If there is no ha or pfsync then it's probably not anything we've seen before, or at least anything I recognize.

The double fault makes me lean toward hardware, if pfsync isn't a factor. Is that hardware capable of running a 64-bit version? Or is it only 32-bit?

We don't have any docs about setting up a serial console but there isn't much to it. Your hardware has to have a physical (not USB) serial port built into it. Then just go to System > Advanced, Admin tab and enable the serial console there and set it to be the primary console. Hook up a client with a null modem serial cable and use PuTTY or something similar to watch/record the console output.

Without seeing what's in the report, I can't say why it wouldn't be saved. It's possible, perhaps, that the OS loses contact with the disk which leads to the panic. That would explain both the crash and the lack of crash dump, but that is pure speculation until we get some hint of detail. You could maybe disable the ddb scripts (run "ddb scripts" and then "ddb unscript <name>" for every script. Then when it crashes it should land you at a "db>" prompt so you can manually run and capture a backtrace.

To manually force a panic/crashdump/reboot, run this: sysctl debug.kdb.panic=1

Do NOT set that as a tunable (or you'll put yourself in a panic loop :-), just run it from an ssh shell prompt</name>

That makes sense now that you say it, hmm, I suppose I can just ignore those as real "in" traffic as it is coming from the LAN network.  Thanks for the clarification.

Is there any Pfsense commandline Guid that can help us to do in Shell whatever we can do in GUI?

pfSense is based on FreeBSD and this comes with his own commands by nature so why setting up new things if
all will be there?

New to pfsense as of yesterday.  Got it all up and running without much trouble.  The issue that I am seeing is with upload speed.  I have a 100/100 connection and on download, it pegs to 100 right now and stays their for the whole test.

Ok this is then a very good result, because in normal you will see something between 95 and 98 MBit/s related to the TCP/IP
overhead and the passing through firewall rules and the NAT process of the pf (packet filter).

On upload, it ends up ok but takes the whole speed test to get there.  It starts at about 30 then drops to about 7 and slowly works its way back to close to 100 by the end of the test.

It depends mostly also on the other end of the speed test! And for sure on the day time when you made this
test again, I am pretty sure you will be getting more different results out from that speed test as now!

Just to confirm I pulled my pfsense and switch back to my old router, same cables, same everything and it pegs to 100 on both up and down right now and stays their the entire time of the test.  Put pfsense box back in and same as before.

What is your old router? A plastic box router that is not working through firewall rules and only makes SPI/NAT?
Is it one of this routers that will be "doped" with an small ASIC or FPGA chip that is in real doing the entire job
and work!? Then please don´t compare this kind of routers to pfSense, because pfSense will be a small x86_amd64
firewall software that is based on FreeBSD and not Linux that will working more agile and/or faster.

I have tried everything I could google.  Speed/Duplex, Disabling offloading, etc.  This is a fresh install of 2.4.1.

Ah ok, this could be that you will be getting some hassle by that version if your ISP is using VLANs at the WAN port,
as many will do this at these days and it will be more common as in former days.

Any suggestions?  Does pfsense by default monitor/log outgoing traffic that would cause this behavior?  I am not even sure if this is expected or not.

Please try out the version 2.4.0 and test it again, without any packets and special firewall rules passing through
this be then showing up results they will be more near to the real WAN speed matching and according to your hardware!

By the way what kind of system do you using? CPU, RAM, Mainboard, HDD/SSD, case, and so on…...

Just out of curousity I swapped my WAN to a different nic card and got the exact same results.  So it has to be something in pfsense right or am I just overthinking this?

If it will be scaling up slowly, but even scaling up to the 100 MBit/s, starting from somewhere will be really nice
and must not be an issue, but if it stops at let us say 50 MBit/s or at 70 MBit/s there will be perhaps something
wrong or must (should) tweaked or tuned right to get better results out.

Can anyone confirm this is the way it is or if something is not working as it should?  Pulling files from remotely via vpn I would imagine will suffer with my upload being this wonky.

Try out the following;

install the version 2.4.0 fresh and full activate in the BIOS if there will be an option to do so, the HT (hyper threading) enable PowerD (high adative) in pfSense set up the num.queues size to 1, 2 or 4 set up the mbuf size to 125000, 250000, 500000 or 1000000

And let the test run again, please play around with different settings that will be matching to best result
you can get from the test and stay then with that settings. Would be my best guess here.

Bad news, this setup works for around 1 hour before Bell Hub 3000 start to reboot. The same symptom returned when I switched to Bell FTTH service. Before the old DSL modem works without any problem.

Any suggestion here, I will go with pfSense +  L2 Switch option where pfSense acts as router to see if the same issue will emerge.

For the pfSense + L2 Switch setup, I will start another post to seek help.

So adding a lease but not putting an IP & adding 127.0.0.1 allows connectivity but doesnt assign any IP - this is perfect!

Under Interface WAN

DHCP Client Configuration I have  Saved Cfg . Should it be pfSense Default.

Have not configured any of this. Just clean installed 2.4.1.

2 Days and 10 hours since last reboot, using 21-27% memory, hopefully it was just a fluke.

It is uprising be careful and wathing out what is coming next.

I expect to rise a little with squid caching turned on and Memory set to 1024,  on 2.3.4 i never saw over 40%

pfBlockerNG: DNSBL=on TLD=On

TLD can be eating much more pending on the used or subscribed IP addresses.

Hasn't been a problem when I was on 2.3.4

The reason I put in the feature request.. No you wouldn't see it if just setting up via wizard, etc..  It comes into play when adding opt interfaces, etc.  The mask is a drop down list - has to default to somewhere ;)  Defaulting to the end of the list seems to be just the way it normally happens.

I do concur that the most common mask used as default might eliminate such new user mistakes..  But when it comes down too it, user has really nobody to blame but themselves - when setting up a static IP on an interface they for sure should be checking and understanding what mask they want to set on the IP…

Part of the problem is just users that don't really understand.. Just take a gander at how many posts you see where users have set the default mask on say 10/8 or 192.168/16 etc.. ;)  And trying to make it kind of idiot/mistake proof while also allowing for more complex sort of setups, etc.

Refresh hardware watchdog timer Watchdog2 in pfSense via IPMI:
https://lexxai.blogspot.com/2017/09/watchdog2-pfsense-ipmi.html

@neteffectcafe:

Wow. 1000 bucks to figure out why one ISP doesnt work while the other does.

Think you are wording here is a bit off..

Its not 1000$ for this one thing.. Its $948 for a year of support.. Not just the 1 thing your currently have issue with.. My guess if you can not figure out this one thing - there are prob going to be other things as well you have problems with ;)

"I dont know how to do that. "

For how to open up the web gui via your wan.. Yeah I am guessing you would be on with support quite a bit ;)  So that $1k for a year will prob cost them money.. heheeh… If you pay for 3 years upfront price comes down to 700$ year..

Is this pfsense hardware, ie netgate purchased before May 31, 2017, and not yet a year then you could use your 2 support instances that came with the hardware before they moved over to the support bundles..

So I have the domain as localdomain

when I open a browser & type n40l.localdomain it doesnt work.

The N40L has a DNS as the PFsense box, the DHCP lease shows the host as N40L.

Thanks Grimson for the pointer.

I deleted all sarg* files in /usr/local/pkg and in  /usr/local/www

In addition, I cleansed all /cf/config/config.xml from all related <sarg>entries

seems that the issue is solved.

Thanks again.</sarg>