Yeah, and key + pass auth for everything internet facing.

There was a thread not too long ago where a users pfSense box was accessed via VPN with a weak password.

Use keys anywhere you can.

Or : use a Wifi capable device, use it to connect to the WLAN device, login and change it's IP.

No one, then?

Which is exactly the behavior if you are actually at the CLI (shell - option 8) and not the menu.

https://redmine.pfsense.org/

File a feature request.

Basically, pfSense is a router which means it routes traffic from one subnet (e.g. WAN) to another (e.g. LAN) and vice versa. With only one interface it can do stuff like serving DHCP addresses but obviously it cannot route.

Filtering HTTPS means you have to implement a man-in-the-middle scenario to see and filter traffic which usually is encrypted (hence HTTPS). Good luck with such a task in general and your given networking skill-set on top.

Advise of the day: start small!
Use pfSense as a router and firewall, add packages as needed and learn about networking. That's enough to keep you busy at least until this winter.

2.4 will be on 11.0, 2.4.1 will be on 11.1. Given the timing, depending on what we find in testing, 2.4.1 will be very close behind 2.4, but we do want to get 2.4 out sooner than we could if we delayed to wait on 11.1 testing to pan out.

so your natting between local networks?

Verizon internet > router1 (10.10.50.1) > (10.10.50.10-WAN)pfsense(10.10.55.1-LAN w/DHCP) > router2 in Bridge/AP mode (10.10.55.10 on DHCP lease)

On router 1 please deactivate the DHCP Server
On router 1 please set the DNS from your ISP or from Google

On the pfSense firewall the DHCP Server can be turned on
On pfSense please set the WAN IP address static to (10.10.50.10/24)
On pfSense please set the IP address from the router 1 as the DNS server and leave all other DNS entries blank

On router 2 you should put it in the WLAN AP mode without SPI/NAT because you are then behind a so called triple NAT situation
and this will often cousing some different errors that will be not so easily to find out!
On router 2 as the WLAN AP now, you should set in pfSense firewall the LAN port where the AP is connected to
as working as an AP  and give them please another IP address range and use routing there. It would be mostly
fast as before but without any issues. Set an extra DHCP server on pfSense for that WiFi network.

i'm on 2.3.4 - p1.. the newest. also the problem occured on that nic, while these are good places to start i was wondering if anyone ran into anything like this before, or if this was indicative of possible hardware failure… thank you

If you have a decent L3 switch you can accomplish this without going the Long Distance.

And the other benefits from doing that is freeing the pfSense box for more or other activities on top you
will be able to get a second feet to stand on, if the pfSense box is failing normal work inside of the LAN
can be done within, so no interrupt for all employees will be there. And all with wire speed.

Just setup routing between vlans and limit the traffic with ACLs on your switch.

QoS, ACLs and MacSec are often here your friends to get a better balanced network load and flow,
gaining the security up and be able to regulate the packet flow.

Then the traffic moving between hosts in VLAN100 and VLAN200 never need to hit your edge router.

Only if there are not servers inside of the DMZ, that must be touched from the LAN side.

At that point you could get rid of the VLANS in your pfsense setup and use a "transit network" to connect your L3 switch to pfSense.

Good point, I use it also in that direction.

If you need a good L3 switch for SOHO use the cisco SG350 is great.  Lots of features.

Cisco SG350 series or the D-Link DGS1510 will be fine and really cheap to get.

with Pfsense 2.2.4

Please try out the latest version of pfSense 2.3.4_p1 or give Version 2.4 BETA a try.
You cold easily go back by re install and backup and config playback.

Assuming there devices are apple products I might suggest putting restrictions on their devices specifically. Settings->General->Restrictions. Similar functionality with Mac OS…

In terms of pfSense, I would go back again and look at the "Scheduling functionality" in your rules. Setup a specific VLAN for your kids(You need an AP that is VLAN capable) I just got pfBlocker working and love the customizable functionality Turn off IPv6...I have it turned off on my firewall(I think?) As already suggested use OpenDNS...I believe there are "Parental Control OpenDNS IPs)

Good luck...

Sean
(I have less then a year into pfSense...big learning curve but what you seek is very possible)

Thanks for your reply.

From your message the following bumped into my head…

@helge000:

Did you set up these vlans in KVM / qemu using linux bridging? AFAIK you need to 'untag' and bridge each VLAN as a single network and expose them to your VM as single network. Otherwise the tags might just get discarded. Linux bridging will then do 'the right thing'. Ignore this if you are using openvswitch or similar, more fancy setup on your hypervisor

I do not have openvswitch or nothing similar, I havedone nothing like that, I just have the thee bridges defined on my host as the following:

The loopback network interface

auto lo
iface lo inet loopback

The primary network interface

#auto eth0
#iface eth0 inet manual

auto br0
iface br0 inet static
        address 192.168.2.10
        netmask 255.255.255.0
        network 192.168.2.0
        broadcast 192.168.2.255
        gateway 192.168.2.13
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0
        bridge_maxwait 0
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameservers 192.168.2.13 8.8.8.8
        dns-search localdomain

auto br1
iface br1 inet manual
        bridge_ports eth1
        bridge_stp off
        bridge_fd 0
        bridge_maxwait 0

auto br2
iface br2 inet manual
        bridge_ports eth2
        bridge_stp off
        bridge_fd 0
        bridge_maxwait 0

How do I have to configure them so they support vlans?

even with the 4 ssid limit, you could prob still get 8 rooms on 1 AP via using different ssid per band - putting the farther rooms on 2.4 and closer rooms to the AP on the 5ghz band and use different ssid/vlans.. The only drawback to this would be your actual layout of rooms and types of walls, etc.

Lets us know how it turns out!

If you end up doing this and it works out good - be a perfect thing to post on unifi as case study ;)

Keep in mind I do not believe they have back ported the 8ssid thing to the older previous to 5.6.x line yet.. And there might be restrictions on which AP support it as well.

Do you have a drawing, or could you sketch up real quick a basic layout to look to see placement of the AP?  Worse case is you need to use more AP and have less rooms per AP.  But with the ability to create different wifi groups and different ssids and vlans you should be able to do it all under 1 site on the controller.

Could it simply be a DTMF issue?

http://community.polycom.com/t5/VoIP/FAQ-Phone-unable-to-send-DTMF-to-an-IVR-system-or-how-to/td-p/4237

"If you are unable to send DTMF Signals to a IVR or Voice Mail System you may need to change the method or the payload type.

Please liaise with your SIP Platform Support in order to gather this Information.

Changing from SIP Inbound (RFC2833) to SIP INFO (RFC2976) must be done with a Configuration File loaded from a Provisioning Server."

The problem is that I'm trying to connect to the Web GUI (or SSH) through the WAN.

I´ll consider that VPN should here the right way to realize such an Action! It is safe for you and not
able to trace or use for others from outside! From the LAN side it is a totally different thing, there are
normally not intruders and so you might taking the VLAN1 as you management VLAN for the admin
because its the default VLAN and all devices are inside of that one. Another thing, if your pfSense box
own a IPMI port I would consider to use that port to manage the pfSense firewall over that IPMI port.