Approximately one year after 2.4.0-RELEASE, so October 2018.

I see - I've never entered the wan IP unless it was a VM and I had no lan access so I did no know that.  I've learned something new.

Yeah the simple way to run multiple dhcp is just have them hand out different blocks..  But there are much better ways to do it where the dhcp servers exchange the leases so, etc.  Sure you could run pfsense via carp to do it.  But you can also set it up on other systems like MS latest server versions dhcp has added a lot of dhcp failover and redundancy features.

@motific:

your ISP probably updated the firmware on their kit and reset it back their defaults.  Some do that.

You know what is causing the situation, it’s up to you.  I’d ignore them, but others might disagree.

Thank you motific - Much appreciate the response.

Hi BlueKobold. Yes, I know that pfSense if FreeBSD based. In fact what I ask is the equivalent of nf_conntrack in pfSense (FreeBSD), where I can see  network flows in real time. I have never programmed packages for pfSense, this is something to look at later (for now it is essential to analyze network flows).

Ok , I'll try

FYI, the Foundry X448 I bought is actually full PREM version with L2, L3-Base & L3-Full.

So let the switch route between all the VLANs or the entire network to free up the load from the pfsense
box able to realize more for you, might be then also a way able to march on or am I wrong with that!?

New to this forum, but have been using pfsense for a while, but no expert..

It doesn´t matter at all, but that said, like mentioned before, snort and suricata are not set it up and forget it packets!
It´ll be more on the need to fine tune more and more and also get new rules for that will be a work for itself.

I'm just looking for best practice regarding hardening pfsense and snort, without using all my time on false positives.

We all do! But again it is not a plug and play packet, it can help much and bringing you to running wild too,
if there is a DMZ with opened ports and forwarded protocols it might be the best bet to positioning it there,
if you are not really sure how to use it, I suggest you to get a small amount of books about your favorite
IDS/IPS system such snort and suricata are. That will narrow down the entire time you spend on it.

We have a 2.3.5 release coming in the next couple days that has security and other fixes.

Would not suggest bridge unless you have no possible other recourse.

Devices do not need to be on the same layer 2 to use plex..  I access my plex server from any vlan/network I want to allow it from by opening up 32400 from that network to the plex servers IP.. Then just access your plex server direct via its local name or IP.

If you just want your wireless to be on your lan network - just plug your AP into your switch that your lan is connected to.

i used pfsense version 2.2.1.

:o

https://doc.pfsense.org/index.php/WPAD_Autoconfigure_for_Squid

Once again I seem to have found an answer:

https://www.linuxquestions.org/questions/linux-networking-3/server-on-multiple-vlans-server-not-responding-to-pings-from-non-local-subnets-819880/

Now I just need to understand it.

It has to do with traffic being dropped when leaving on a different interface than they arrive at.  I tried to work around a router on a LAN segment issue - but this will also not work.  I will need a dedicated router to make this work :S

So I have noticed mine crashing too, and then vmware thinks its down, but its kind of up? This is with a new install too, and if I power off via esxi gui, and then unregister it and re register it, and remove the SATA host in the edit options, it seems fine…for a bit. I gave it 4 cpu, and 4gb memory.... still happened a few times before I gave up. This was all in one night :s.

Heeeey, this is related: https://forum.pfsense.org/index.php?topic=137628.15
TLDR: 2.4.1 fixes it.

Hi.
Anyone any ideas on this ?

Thanks

Sloved.
Nothing to do with pfSense setup.
It is the SG300 managed switch setup, change to an access port with default vlan1. Speed back to normal.

Yes, in the WAN Interface.
The changes you made there interfere with the Gateway.

That makes sense.

Thanks all!