There is also no reason to connect that to the firewall in any way. It is a network printer. Devices on your network will contact it directly over the network, it is its own print server.

Alright, thanks!  Guess my wanting to read the directions first messed me up.  :D

Thanks for the info.

@pglover19:

@johnpoz:

Especially since it seems your DMZ is all just VMs?  So how do you have that connected to your vm host?  Assume it has its own nics for the physical connection to the dmz switch.. So your using how many ports on this switch?  Seems overkill for a few ports, etc.

I have decided not to use the extra Juniper EX3300 as my DMZ switch. Will save it for my home lab setup in the future. I found a Juniper EX2300-C switch on EBay last night at an incredible price. The price was so good I purchased 3 of the switches. The unit is fabless, 12 ports and all ports are POE. Will use 1 as my DMZ switch.

Attached is a drawing using the EX2300-C switch as my DMZ switch as well as using one of the EX2300 as a POE+ switch connected to my internal LAN network. The EX2300-C has 12 POE+ ports. Please let me know if you agree with how I have the EX2300-C connected to the EX3300 switches. I am trying to avoid any hairpins.

Drawing7.jpg_thumb
Drawing7.jpg

@digity:

To split up the network I set up a VLAN (ID 20) and assigned interface OPT1 to it. Devices successfully get an IP address from pfSense, but oddly don't get Internet access. Even more odd is I can't even ping the firewall (192.168.20.1), but CAN ping devices from the firewall (via console and webUI). The VLAN and OPT1 interafce were generadted via the "Assign Interfaces" option on the console.

Any idea how to get devices on OPT1 to successfully get Internet access?

P.S. - On the other interface (LAN), devices get Internet access with no problem.

SOLVED! I didn't have the correct rule set up for OPT1 interface (Firewall -> Rules -> OPT1). I erroneously selected "LAN net" as my source in the allow rule (for IPv4). It should be "OPT1 net" (or maybe "any" would work too). Once I changed it to "OPT1 net" devices were able to ping the firewall/pfSense box and get on the Internet.

Hope this helps someone else.

Yeah, lack of sleep and caffeine don't make for a cognizant mind.
So it may be bad memory? I'm still trying to figure out why its in readonly mode, and whoever set this up put permission on file transfers so i can't get access to the backup. The bios diag came back all clear on the memory/ram.  Look like a complete reinstall is in order.
Now if I'm doing a full reinstall on a new HD (got a sandisk SSD) I should be able to pull the config file from the old HD through the pfSense installer right?

Hi dude,
i`m on same problem. I cant figure out till now.

Have you ever been able to solve this problem?

If they are routing the main block via the transit block, you should be able to just add virtual IPs from the second block. You might want to consider obfuscating the first octet or two of your IPs.

Thank you.

If the servers do not support DNSSEC, then yes, you'll have to disable DNSSEC in addition to enabling forwarding mode in the resolver. Given how OpenDNS manipulates record results to perform its filtering, it's no surprise they don't support DNSSEC.

facing problem with streaming site like showbox, netflix or other movies site
i  used https://www.downloadwab.com/download-revo-uninstaller-pro/
and also http://filehippo.com/download_bitdefender/
but still facing the issue

What were the routes you measured or which interfaces were laptop and server hanging of during measure? Can it be you measured one with routing and the other without?

@Derelict:

No matter what, pfSense captive portal will not pass IPv6. It will be IPv4-only.

Then it's solved. I'll have to use iptables to filter MAC addresses and abandon pfSense.

I disabled the VPN NAT Rules, the VPN interface and the VPN itself.  After this the speed test results varied from 250 to 300Mbps.  Looks like the VPN has something to do with the slow speeds, even the sites that weren't using the VPN.

It occurred to me that I recently updated from 2.3.4 to 2.3.4-1.  I might not have noticed the slow speeds until this latest mess with comcast.  If the slow speed was only on the VPN I might think it is a problem with the VPN server, but that seems unlikely given the effect on non-VPN sites.

Could something have happened with the VPN client during the upgrade?

If so, can I download or update the VPN client?

Is it not possible?

You need to look for anything that indicates it restarted.

No. Uptime is time since it was booted.